Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
4BLDo0d9gL.exe

Overview

General Information

Sample name:4BLDo0d9gL.exe
renamed because original name is a hash value
Original sample name:75e523f3d07a2eb55eb8d211f207dd56de67245638a71958a77235e800a40504.exe
Analysis ID:1617790
MD5:f3e238a17d7b8a6cc0d4c277493765ad
SHA1:b87a2545078f9c945ee9355be7f7d2890e85464d
SHA256:75e523f3d07a2eb55eb8d211f207dd56de67245638a71958a77235e800a40504
Tags:92-255-85-36exeuser-JAMESWT_MHT
Infos:

Detection

RedLine, SectopRAT
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected RedLine Stealer
Yara detected SectopRAT
Connects to many ports of the same IP (likely port scanning)
Joe Sandbox ML detected suspicious sample
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Uses known network protocols on non-standard ports
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Detected TCP or UDP traffic on non-standard ports
Detected non-DNS traffic on DNS port
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
Internet Provider seen in connection with other malware
Is looking for software installed on the system
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 4BLDo0d9gL.exe (PID: 7320 cmdline: "C:\Users\user\Desktop\4BLDo0d9gL.exe" MD5: F3E238A17D7B8A6CC0D4C277493765AD)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
4BLDo0d9gL.exeJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    4BLDo0d9gL.exeJoeSecurity_RedLineYara detected RedLine StealerJoe Security
      4BLDo0d9gL.exeMALWARE_Win_Arechclient2Detects Arechclient2 RATditekSHen
      • 0xb5026:$s14: keybd_event
      • 0xbbf88:$v1_1: grabber@
      • 0xb5be2:$v1_2: <BrowserProfile>k__
      • 0xb666f:$v1_3: <SystemHardwares>k__
      • 0xb672e:$v1_5: <ScannedWallets>k__
      • 0xb67be:$v1_6: <DicrFiles>k__
      • 0xb679a:$v1_7: <MessageClientFiles>k__
      • 0xb6b64:$v1_8: <ScanBrowsers>k__BackingField
      • 0xb6bb6:$v1_8: <ScanWallets>k__BackingField
      • 0xb6bd3:$v1_8: <ScanScreen>k__BackingField
      • 0xb6c0d:$v1_8: <ScanVPN>k__BackingField
      • 0xa8542:$v1_9: displayName[AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}Local Extension Settingshost
      • 0xa7e4e:$v1_10: \sitemanager.xml MB or SELECT * FROM Cookiesconfig

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000000.1342697363.0000000000A42000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000000.00000000.1342697363.0000000000A42000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          Process Memory Space: 4BLDo0d9gL.exe PID: 7320JoeSecurity_SectopRATYara detected SectopRATJoe Security
            Process Memory Space: 4BLDo0d9gL.exe PID: 7320JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              Process Memory Space: 4BLDo0d9gL.exe PID: 7320JoeSecurity_RedLineYara detected RedLine StealerJoe Security

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                0.0.4BLDo0d9gL.exe.a40000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  0.0.4BLDo0d9gL.exe.a40000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                    0.0.4BLDo0d9gL.exe.a40000.0.unpackMALWARE_Win_Arechclient2Detects Arechclient2 RATditekSHen
                    • 0xb5026:$s14: keybd_event
                    • 0xbbf88:$v1_1: grabber@
                    • 0xb5be2:$v1_2: <BrowserProfile>k__
                    • 0xb666f:$v1_3: <SystemHardwares>k__
                    • 0xb672e:$v1_5: <ScannedWallets>k__
                    • 0xb67be:$v1_6: <DicrFiles>k__
                    • 0xb679a:$v1_7: <MessageClientFiles>k__
                    • 0xb6b64:$v1_8: <ScanBrowsers>k__BackingField
                    • 0xb6bb6:$v1_8: <ScanWallets>k__BackingField
                    • 0xb6bd3:$v1_8: <ScanScreen>k__BackingField
                    • 0xb6c0d:$v1_8: <ScanVPN>k__BackingField
                    • 0xa8542:$v1_9: displayName[AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}Local Extension Settingshost
                    • 0xa7e4e:$v1_10: \sitemanager.xml MB or SELECT * FROM Cookiesconfig

                    Sigma Signatures

                    No Sigma rule has matched

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-02-18T08:46:53.869537+010020522481A Network Trojan was detected192.168.2.94974392.255.85.369000TCP
                    2025-02-18T08:46:54.728558+010020522481A Network Trojan was detected192.168.2.94974992.255.85.369000TCP
                    2025-02-18T08:46:55.528892+010020522481A Network Trojan was detected192.168.2.94975692.255.85.369000TCP
                    2025-02-18T08:46:56.340568+010020522481A Network Trojan was detected192.168.2.94976292.255.85.369000TCP
                    2025-02-18T08:46:57.160674+010020522481A Network Trojan was detected192.168.2.94976992.255.85.369000TCP
                    2025-02-18T08:46:58.012632+010020522481A Network Trojan was detected192.168.2.94977492.255.85.369000TCP
                    2025-02-18T08:46:58.838701+010020522481A Network Trojan was detected192.168.2.94978392.255.85.369000TCP
                    2025-02-18T08:46:59.648419+010020522481A Network Trojan was detected192.168.2.94979092.255.85.369000TCP
                    2025-02-18T08:47:00.484264+010020522481A Network Trojan was detected192.168.2.94979592.255.85.369000TCP
                    2025-02-18T08:47:01.297440+010020522481A Network Trojan was detected192.168.2.94980192.255.85.369000TCP
                    2025-02-18T08:47:02.126113+010020522481A Network Trojan was detected192.168.2.94980692.255.85.369000TCP
                    2025-02-18T08:47:02.939161+010020522481A Network Trojan was detected192.168.2.94981192.255.85.369000TCP
                    2025-02-18T08:47:03.759819+010020522481A Network Trojan was detected192.168.2.94981892.255.85.369000TCP
                    2025-02-18T08:47:04.552079+010020522481A Network Trojan was detected192.168.2.94982492.255.85.369000TCP
                    2025-02-18T08:47:05.370908+010020522481A Network Trojan was detected192.168.2.94983092.255.85.369000TCP
                    2025-02-18T08:47:06.170226+010020522481A Network Trojan was detected192.168.2.94983692.255.85.369000TCP
                    2025-02-18T08:47:06.974430+010020522481A Network Trojan was detected192.168.2.95282792.255.85.369000TCP
                    2025-02-18T08:47:07.803697+010020522481A Network Trojan was detected192.168.2.95283492.255.85.369000TCP
                    2025-02-18T08:47:08.625265+010020522481A Network Trojan was detected192.168.2.95284092.255.85.369000TCP
                    2025-02-18T08:47:09.427850+010020522481A Network Trojan was detected192.168.2.95284692.255.85.369000TCP
                    2025-02-18T08:47:10.234485+010020522481A Network Trojan was detected192.168.2.95285292.255.85.369000TCP
                    2025-02-18T08:47:11.057333+010020522481A Network Trojan was detected192.168.2.95285892.255.85.369000TCP
                    2025-02-18T08:47:11.874630+010020522481A Network Trojan was detected192.168.2.95286892.255.85.369000TCP
                    2025-02-18T08:47:12.700471+010020522481A Network Trojan was detected192.168.2.95287592.255.85.369000TCP
                    2025-02-18T08:47:13.516272+010020522481A Network Trojan was detected192.168.2.95288192.255.85.369000TCP
                    2025-02-18T08:47:14.331524+010020522481A Network Trojan was detected192.168.2.95288792.255.85.369000TCP
                    2025-02-18T08:47:15.132589+010020522481A Network Trojan was detected192.168.2.95289392.255.85.369000TCP
                    2025-02-18T08:47:15.928539+010020522481A Network Trojan was detected192.168.2.95289992.255.85.369000TCP
                    2025-02-18T08:47:16.758261+010020522481A Network Trojan was detected192.168.2.95290592.255.85.369000TCP
                    2025-02-18T08:47:17.559236+010020522481A Network Trojan was detected192.168.2.95291192.255.85.369000TCP
                    2025-02-18T08:47:18.348318+010020522481A Network Trojan was detected192.168.2.95291692.255.85.369000TCP
                    2025-02-18T08:47:19.164909+010020522481A Network Trojan was detected192.168.2.95292192.255.85.369000TCP
                    2025-02-18T08:47:19.962551+010020522481A Network Trojan was detected192.168.2.95292692.255.85.369000TCP
                    2025-02-18T08:47:20.775893+010020522481A Network Trojan was detected192.168.2.95293192.255.85.369000TCP
                    2025-02-18T08:47:21.589121+010020522481A Network Trojan was detected192.168.2.95293692.255.85.369000TCP
                    2025-02-18T08:47:22.459728+010020522481A Network Trojan was detected192.168.2.95294192.255.85.369000TCP
                    2025-02-18T08:47:23.254853+010020522481A Network Trojan was detected192.168.2.95294892.255.85.369000TCP
                    2025-02-18T08:47:24.060955+010020522481A Network Trojan was detected192.168.2.95295592.255.85.369000TCP
                    2025-02-18T08:47:25.041637+010020522481A Network Trojan was detected192.168.2.95295992.255.85.369000TCP
                    2025-02-18T08:47:25.840016+010020522481A Network Trojan was detected192.168.2.95296492.255.85.369000TCP
                    2025-02-18T08:47:26.663120+010020522481A Network Trojan was detected192.168.2.95296992.255.85.369000TCP
                    2025-02-18T08:47:27.460253+010020522481A Network Trojan was detected192.168.2.95297492.255.85.369000TCP
                    2025-02-18T08:47:28.263800+010020522481A Network Trojan was detected192.168.2.95297992.255.85.369000TCP
                    2025-02-18T08:47:29.089437+010020522481A Network Trojan was detected192.168.2.95298492.255.85.369000TCP
                    2025-02-18T08:47:29.914082+010020522481A Network Trojan was detected192.168.2.95298992.255.85.369000TCP
                    2025-02-18T08:47:30.728386+010020522481A Network Trojan was detected192.168.2.95299492.255.85.369000TCP
                    2025-02-18T08:47:31.531098+010020522481A Network Trojan was detected192.168.2.95300092.255.85.369000TCP
                    2025-02-18T08:47:32.360896+010020522481A Network Trojan was detected192.168.2.95300492.255.85.369000TCP
                    2025-02-18T08:47:33.163165+010020522481A Network Trojan was detected192.168.2.95300692.255.85.369000TCP
                    2025-02-18T08:47:33.990905+010020522481A Network Trojan was detected192.168.2.95300792.255.85.369000TCP
                    2025-02-18T08:47:34.786365+010020522481A Network Trojan was detected192.168.2.95300892.255.85.369000TCP
                    2025-02-18T08:47:35.592600+010020522481A Network Trojan was detected192.168.2.95300992.255.85.369000TCP
                    2025-02-18T08:47:36.413407+010020522481A Network Trojan was detected192.168.2.95301092.255.85.369000TCP
                    2025-02-18T08:47:37.217424+010020522481A Network Trojan was detected192.168.2.95301192.255.85.369000TCP
                    2025-02-18T08:47:38.030032+010020522481A Network Trojan was detected192.168.2.95301292.255.85.369000TCP
                    2025-02-18T08:47:38.844434+010020522481A Network Trojan was detected192.168.2.95301392.255.85.369000TCP
                    2025-02-18T08:47:39.665602+010020522481A Network Trojan was detected192.168.2.95301492.255.85.369000TCP
                    2025-02-18T08:47:40.459705+010020522481A Network Trojan was detected192.168.2.95301592.255.85.369000TCP
                    2025-02-18T08:47:41.255743+010020522481A Network Trojan was detected192.168.2.95301692.255.85.369000TCP
                    2025-02-18T08:47:42.053982+010020522481A Network Trojan was detected192.168.2.95301792.255.85.369000TCP
                    2025-02-18T08:47:42.851264+010020522481A Network Trojan was detected192.168.2.95301892.255.85.369000TCP
                    2025-02-18T08:47:43.656637+010020522481A Network Trojan was detected192.168.2.95301992.255.85.369000TCP
                    2025-02-18T08:47:44.468307+010020522481A Network Trojan was detected192.168.2.95302192.255.85.369000TCP
                    2025-02-18T08:47:45.301957+010020522481A Network Trojan was detected192.168.2.95302292.255.85.369000TCP
                    2025-02-18T08:47:46.102908+010020522481A Network Trojan was detected192.168.2.95302392.255.85.369000TCP
                    2025-02-18T08:47:46.923751+010020522481A Network Trojan was detected192.168.2.95302492.255.85.369000TCP
                    2025-02-18T08:47:47.732226+010020522481A Network Trojan was detected192.168.2.95302592.255.85.369000TCP
                    2025-02-18T08:47:48.539835+010020522481A Network Trojan was detected192.168.2.95302692.255.85.369000TCP
                    2025-02-18T08:47:49.363639+010020522481A Network Trojan was detected192.168.2.95302792.255.85.369000TCP
                    2025-02-18T08:47:50.180748+010020522481A Network Trojan was detected192.168.2.95302892.255.85.369000TCP
                    2025-02-18T08:47:51.003552+010020522481A Network Trojan was detected192.168.2.95302992.255.85.369000TCP
                    2025-02-18T08:47:51.830814+010020522481A Network Trojan was detected192.168.2.95303092.255.85.369000TCP
                    2025-02-18T08:47:52.632714+010020522481A Network Trojan was detected192.168.2.95303192.255.85.369000TCP
                    2025-02-18T08:47:53.435529+010020522481A Network Trojan was detected192.168.2.95303292.255.85.369000TCP
                    2025-02-18T08:47:54.239894+010020522481A Network Trojan was detected192.168.2.95303392.255.85.369000TCP
                    2025-02-18T08:47:55.095062+010020522481A Network Trojan was detected192.168.2.95303492.255.85.369000TCP
                    2025-02-18T08:47:55.914404+010020522481A Network Trojan was detected192.168.2.95303592.255.85.369000TCP
                    2025-02-18T08:47:56.711184+010020522481A Network Trojan was detected192.168.2.95303692.255.85.369000TCP
                    2025-02-18T08:47:57.510886+010020522481A Network Trojan was detected192.168.2.95303792.255.85.369000TCP
                    2025-02-18T08:47:58.310707+010020522481A Network Trojan was detected192.168.2.95303892.255.85.369000TCP
                    2025-02-18T08:47:59.118200+010020522481A Network Trojan was detected192.168.2.95303992.255.85.369000TCP
                    2025-02-18T08:47:59.916474+010020522481A Network Trojan was detected192.168.2.95304092.255.85.369000TCP
                    2025-02-18T08:48:00.716015+010020522481A Network Trojan was detected192.168.2.95304192.255.85.369000TCP
                    2025-02-18T08:48:01.534085+010020522481A Network Trojan was detected192.168.2.95304292.255.85.369000TCP
                    2025-02-18T08:48:02.334759+010020522481A Network Trojan was detected192.168.2.95304392.255.85.369000TCP
                    2025-02-18T08:48:03.135184+010020522481A Network Trojan was detected192.168.2.95304492.255.85.369000TCP
                    2025-02-18T08:48:03.950987+010020522481A Network Trojan was detected192.168.2.95304592.255.85.369000TCP
                    2025-02-18T08:48:04.897094+010020522481A Network Trojan was detected192.168.2.95304692.255.85.369000TCP
                    2025-02-18T08:48:05.702051+010020522481A Network Trojan was detected192.168.2.95304892.255.85.369000TCP
                    2025-02-18T08:48:06.533455+010020522481A Network Trojan was detected192.168.2.95304992.255.85.369000TCP
                    2025-02-18T08:48:07.133636+010020522481A Network Trojan was detected192.168.2.95305092.255.85.369000TCP
                    2025-02-18T08:48:07.479372+010020522481A Network Trojan was detected192.168.2.95305192.255.85.369000TCP
                    2025-02-18T08:48:08.272081+010020522481A Network Trojan was detected192.168.2.95305292.255.85.369000TCP
                    2025-02-18T08:48:09.077990+010020522481A Network Trojan was detected192.168.2.95305792.255.85.369000TCP
                    2025-02-18T08:48:09.882332+010020522481A Network Trojan was detected192.168.2.95305892.255.85.369000TCP
                    2025-02-18T08:48:10.681438+010020522481A Network Trojan was detected192.168.2.95305992.255.85.369000TCP
                    2025-02-18T08:48:11.473281+010020522481A Network Trojan was detected192.168.2.95306492.255.85.369000TCP
                    2025-02-18T08:48:12.272439+010020522481A Network Trojan was detected192.168.2.95306792.255.85.369000TCP
                    2025-02-18T08:48:13.077268+010020522481A Network Trojan was detected192.168.2.95306892.255.85.369000TCP
                    2025-02-18T08:48:13.881165+010020522481A Network Trojan was detected192.168.2.95307092.255.85.369000TCP
                    2025-02-18T08:48:14.689278+010020522481A Network Trojan was detected192.168.2.95307192.255.85.369000TCP
                    2025-02-18T08:48:15.495141+010020522481A Network Trojan was detected192.168.2.95307292.255.85.369000TCP
                    2025-02-18T08:48:16.319834+010020522481A Network Trojan was detected192.168.2.95307392.255.85.369000TCP
                    2025-02-18T08:48:17.134631+010020522481A Network Trojan was detected192.168.2.95307592.255.85.369000TCP
                    2025-02-18T08:48:17.955781+010020522481A Network Trojan was detected192.168.2.95307692.255.85.369000TCP
                    2025-02-18T08:48:18.770247+010020522481A Network Trojan was detected192.168.2.95307792.255.85.369000TCP
                    2025-02-18T08:48:19.586344+010020522481A Network Trojan was detected192.168.2.95307892.255.85.369000TCP
                    2025-02-18T08:48:20.391232+010020522481A Network Trojan was detected192.168.2.95307992.255.85.369000TCP
                    2025-02-18T08:48:21.218047+010020522481A Network Trojan was detected192.168.2.95308092.255.85.369000TCP
                    2025-02-18T08:48:22.132172+010020522481A Network Trojan was detected192.168.2.95308192.255.85.369000TCP
                    2025-02-18T08:48:22.935556+010020522481A Network Trojan was detected192.168.2.95308292.255.85.369000TCP
                    2025-02-18T08:48:23.742724+010020522481A Network Trojan was detected192.168.2.95308392.255.85.369000TCP
                    2025-02-18T08:48:24.569623+010020522481A Network Trojan was detected192.168.2.95308492.255.85.369000TCP
                    2025-02-18T08:48:25.411602+010020522481A Network Trojan was detected192.168.2.95308592.255.85.369000TCP
                    2025-02-18T08:48:26.213381+010020522481A Network Trojan was detected192.168.2.95308692.255.85.369000TCP
                    2025-02-18T08:48:27.030856+010020522481A Network Trojan was detected192.168.2.95308792.255.85.369000TCP
                    2025-02-18T08:48:27.836419+010020522481A Network Trojan was detected192.168.2.95308892.255.85.369000TCP
                    2025-02-18T08:48:28.631722+010020522481A Network Trojan was detected192.168.2.95308992.255.85.369000TCP
                    2025-02-18T08:48:29.458069+010020522481A Network Trojan was detected192.168.2.95309092.255.85.369000TCP
                    2025-02-18T08:48:30.285078+010020522481A Network Trojan was detected192.168.2.95309192.255.85.369000TCP
                    2025-02-18T08:48:31.092979+010020522481A Network Trojan was detected192.168.2.95309292.255.85.369000TCP
                    2025-02-18T08:48:31.910781+010020522481A Network Trojan was detected192.168.2.95309392.255.85.369000TCP
                    2025-02-18T08:48:32.798886+010020522481A Network Trojan was detected192.168.2.95309492.255.85.369000TCP
                    2025-02-18T08:48:33.598064+010020522481A Network Trojan was detected192.168.2.95309592.255.85.369000TCP
                    2025-02-18T08:48:34.395991+010020522481A Network Trojan was detected192.168.2.95309692.255.85.369000TCP
                    2025-02-18T08:48:35.223395+010020522481A Network Trojan was detected192.168.2.95309792.255.85.369000TCP
                    2025-02-18T08:48:36.021152+010020522481A Network Trojan was detected192.168.2.95309892.255.85.369000TCP
                    2025-02-18T08:48:36.839332+010020522481A Network Trojan was detected192.168.2.95309992.255.85.369000TCP
                    2025-02-18T08:48:37.673813+010020522481A Network Trojan was detected192.168.2.95310092.255.85.369000TCP
                    2025-02-18T08:48:38.503206+010020522481A Network Trojan was detected192.168.2.95310192.255.85.369000TCP
                    2025-02-18T08:48:39.305534+010020522481A Network Trojan was detected192.168.2.95310292.255.85.369000TCP
                    2025-02-18T08:48:40.128342+010020522481A Network Trojan was detected192.168.2.95310392.255.85.369000TCP
                    2025-02-18T08:48:40.960503+010020522481A Network Trojan was detected192.168.2.95310492.255.85.369000TCP
                    2025-02-18T08:48:41.775525+010020522481A Network Trojan was detected192.168.2.95310592.255.85.369000TCP
                    2025-02-18T08:48:42.588142+010020522481A Network Trojan was detected192.168.2.95310692.255.85.369000TCP
                    2025-02-18T08:48:43.382593+010020522481A Network Trojan was detected192.168.2.95310792.255.85.369000TCP
                    2025-02-18T08:48:44.198065+010020522481A Network Trojan was detected192.168.2.95310892.255.85.369000TCP
                    2025-02-18T08:48:44.998525+010020522481A Network Trojan was detected192.168.2.95310992.255.85.369000TCP
                    2025-02-18T08:48:45.829962+010020522481A Network Trojan was detected192.168.2.95311092.255.85.369000TCP
                    2025-02-18T08:48:46.652304+010020522481A Network Trojan was detected192.168.2.95311192.255.85.369000TCP
                    2025-02-18T08:48:47.451883+010020522481A Network Trojan was detected192.168.2.95311292.255.85.369000TCP
                    2025-02-18T08:48:48.255495+010020522481A Network Trojan was detected192.168.2.95311392.255.85.369000TCP
                    2025-02-18T08:48:49.053374+010020522481A Network Trojan was detected192.168.2.95311492.255.85.369000TCP
                    2025-02-18T08:48:49.856809+010020522481A Network Trojan was detected192.168.2.95311592.255.85.369000TCP
                    2025-02-18T08:48:50.674389+010020522481A Network Trojan was detected192.168.2.95311692.255.85.369000TCP
                    2025-02-18T08:48:51.485813+010020522481A Network Trojan was detected192.168.2.95311792.255.85.369000TCP
                    2025-02-18T08:48:52.294785+010020522481A Network Trojan was detected192.168.2.95311892.255.85.369000TCP
                    2025-02-18T08:48:53.132343+010020522481A Network Trojan was detected192.168.2.95311992.255.85.369000TCP
                    2025-02-18T08:48:53.931564+010020522481A Network Trojan was detected192.168.2.95312092.255.85.369000TCP
                    2025-02-18T08:48:54.723420+010020522481A Network Trojan was detected192.168.2.95312192.255.85.369000TCP
                    2025-02-18T08:48:55.585263+010020522481A Network Trojan was detected192.168.2.95312392.255.85.369000TCP
                    2025-02-18T08:48:56.393061+010020522481A Network Trojan was detected192.168.2.95312492.255.85.369000TCP
                    2025-02-18T08:48:57.210297+010020522481A Network Trojan was detected192.168.2.95312592.255.85.369000TCP
                    2025-02-18T08:48:58.428588+010020522481A Network Trojan was detected192.168.2.95312692.255.85.369000TCP
                    2025-02-18T08:48:59.239007+010020522481A Network Trojan was detected192.168.2.95312792.255.85.369000TCP
                    2025-02-18T08:49:00.054181+010020522481A Network Trojan was detected192.168.2.95312892.255.85.369000TCP
                    2025-02-18T08:49:00.858985+010020522481A Network Trojan was detected192.168.2.95312992.255.85.369000TCP
                    2025-02-18T08:49:01.691049+010020522481A Network Trojan was detected192.168.2.95313092.255.85.369000TCP
                    2025-02-18T08:49:02.501829+010020522481A Network Trojan was detected192.168.2.95313192.255.85.369000TCP
                    2025-02-18T08:49:03.319484+010020522481A Network Trojan was detected192.168.2.95313292.255.85.369000TCP
                    2025-02-18T08:49:04.120904+010020522481A Network Trojan was detected192.168.2.95313392.255.85.369000TCP
                    2025-02-18T08:49:04.920516+010020522481A Network Trojan was detected192.168.2.95313492.255.85.369000TCP
                    2025-02-18T08:49:05.749506+010020522481A Network Trojan was detected192.168.2.95313592.255.85.369000TCP
                    2025-02-18T08:49:06.577305+010020522481A Network Trojan was detected192.168.2.95313692.255.85.369000TCP
                    2025-02-18T08:49:07.382777+010020522481A Network Trojan was detected192.168.2.95313792.255.85.369000TCP
                    2025-02-18T08:49:08.178117+010020522481A Network Trojan was detected192.168.2.95313892.255.85.369000TCP
                    2025-02-18T08:49:08.994927+010020522481A Network Trojan was detected192.168.2.95313992.255.85.369000TCP
                    2025-02-18T08:49:09.788496+010020522481A Network Trojan was detected192.168.2.95314092.255.85.369000TCP
                    2025-02-18T08:49:10.591831+010020522481A Network Trojan was detected192.168.2.95314192.255.85.369000TCP
                    2025-02-18T08:49:11.397245+010020522481A Network Trojan was detected192.168.2.95314292.255.85.369000TCP
                    2025-02-18T08:49:12.220101+010020522481A Network Trojan was detected192.168.2.95314392.255.85.369000TCP
                    2025-02-18T08:49:13.021826+010020522481A Network Trojan was detected192.168.2.95314492.255.85.369000TCP
                    2025-02-18T08:49:13.840148+010020522481A Network Trojan was detected192.168.2.95314592.255.85.369000TCP
                    2025-02-18T08:49:14.634922+010020522481A Network Trojan was detected192.168.2.95314692.255.85.369000TCP
                    2025-02-18T08:49:15.447024+010020522481A Network Trojan was detected192.168.2.95314792.255.85.369000TCP
                    2025-02-18T08:49:16.266346+010020522481A Network Trojan was detected192.168.2.95314892.255.85.369000TCP
                    2025-02-18T08:49:17.077479+010020522481A Network Trojan was detected192.168.2.95314992.255.85.369000TCP
                    2025-02-18T08:49:17.919421+010020522481A Network Trojan was detected192.168.2.95315092.255.85.369000TCP
                    2025-02-18T08:49:18.743706+010020522481A Network Trojan was detected192.168.2.95315192.255.85.369000TCP
                    2025-02-18T08:49:19.564687+010020522481A Network Trojan was detected192.168.2.95315292.255.85.369000TCP
                    2025-02-18T08:49:20.385002+010020522481A Network Trojan was detected192.168.2.95315392.255.85.369000TCP
                    2025-02-18T08:49:21.184440+010020522481A Network Trojan was detected192.168.2.95315492.255.85.369000TCP
                    2025-02-18T08:49:21.974519+010020522481A Network Trojan was detected192.168.2.95315592.255.85.369000TCP
                    2025-02-18T08:49:22.771683+010020522481A Network Trojan was detected192.168.2.95315692.255.85.369000TCP
                    2025-02-18T08:49:23.569395+010020522481A Network Trojan was detected192.168.2.95315792.255.85.369000TCP
                    2025-02-18T08:49:24.386721+010020522481A Network Trojan was detected192.168.2.95315892.255.85.369000TCP
                    2025-02-18T08:49:25.175266+010020522481A Network Trojan was detected192.168.2.95315992.255.85.369000TCP
                    2025-02-18T08:49:26.004882+010020522481A Network Trojan was detected192.168.2.95316092.255.85.369000TCP
                    2025-02-18T08:49:26.811132+010020522481A Network Trojan was detected192.168.2.95316192.255.85.369000TCP
                    2025-02-18T08:49:27.612798+010020522481A Network Trojan was detected192.168.2.95316292.255.85.369000TCP
                    2025-02-18T08:49:28.429416+010020522481A Network Trojan was detected192.168.2.95316392.255.85.369000TCP
                    2025-02-18T08:49:29.226709+010020522481A Network Trojan was detected192.168.2.95316492.255.85.369000TCP
                    2025-02-18T08:49:30.043632+010020522481A Network Trojan was detected192.168.2.95316592.255.85.369000TCP
                    2025-02-18T08:49:30.904267+010020522481A Network Trojan was detected192.168.2.95316692.255.85.369000TCP
                    2025-02-18T08:49:31.743956+010020522481A Network Trojan was detected192.168.2.95316792.255.85.369000TCP
                    2025-02-18T08:49:32.566849+010020522481A Network Trojan was detected192.168.2.95316892.255.85.369000TCP
                    2025-02-18T08:49:33.386365+010020522481A Network Trojan was detected192.168.2.95316992.255.85.369000TCP
                    2025-02-18T08:49:34.296895+010020522481A Network Trojan was detected192.168.2.95317092.255.85.369000TCP
                    2025-02-18T08:49:35.109902+010020522481A Network Trojan was detected192.168.2.95317192.255.85.369000TCP
                    2025-02-18T08:49:35.921889+010020522481A Network Trojan was detected192.168.2.95317292.255.85.369000TCP
                    2025-02-18T08:49:36.725067+010020522481A Network Trojan was detected192.168.2.95317392.255.85.369000TCP
                    2025-02-18T08:49:37.519557+010020522481A Network Trojan was detected192.168.2.95317492.255.85.369000TCP
                    2025-02-18T08:49:38.392311+010020522481A Network Trojan was detected192.168.2.95317592.255.85.369000TCP
                    2025-02-18T08:49:39.239427+010020522481A Network Trojan was detected192.168.2.95317692.255.85.369000TCP
                    2025-02-18T08:49:40.056856+010020522481A Network Trojan was detected192.168.2.95317792.255.85.369000TCP
                    2025-02-18T08:49:40.858278+010020522481A Network Trojan was detected192.168.2.95317892.255.85.369000TCP
                    2025-02-18T08:49:41.693762+010020522481A Network Trojan was detected192.168.2.95317992.255.85.369000TCP
                    2025-02-18T08:49:42.498519+010020522481A Network Trojan was detected192.168.2.95318092.255.85.369000TCP
                    2025-02-18T08:49:43.321374+010020522481A Network Trojan was detected192.168.2.95318192.255.85.369000TCP
                    2025-02-18T08:49:44.135145+010020522481A Network Trojan was detected192.168.2.95318292.255.85.369000TCP
                    2025-02-18T08:49:45.005909+010020522481A Network Trojan was detected192.168.2.95318392.255.85.369000TCP
                    2025-02-18T08:49:45.801932+010020522481A Network Trojan was detected192.168.2.95318492.255.85.369000TCP
                    2025-02-18T08:49:46.607410+010020522481A Network Trojan was detected192.168.2.95318592.255.85.369000TCP
                    2025-02-18T08:49:47.412997+010020522481A Network Trojan was detected192.168.2.95318692.255.85.369000TCP
                    2025-02-18T08:49:48.216013+010020522481A Network Trojan was detected192.168.2.95318892.255.85.369000TCP
                    2025-02-18T08:49:49.036170+010020522481A Network Trojan was detected192.168.2.95318992.255.85.369000TCP
                    2025-02-18T08:49:49.855320+010020522481A Network Trojan was detected192.168.2.95319092.255.85.369000TCP
                    2025-02-18T08:49:50.711016+010020522481A Network Trojan was detected192.168.2.95319192.255.85.369000TCP
                    2025-02-18T08:49:51.526666+010020522481A Network Trojan was detected192.168.2.95319292.255.85.369000TCP
                    2025-02-18T08:49:52.336880+010020522481A Network Trojan was detected192.168.2.95319392.255.85.369000TCP
                    2025-02-18T08:50:22.455127+010020522481A Network Trojan was detected192.168.2.95319492.255.85.369000TCP
                    2025-02-18T08:50:23.172373+010020522481A Network Trojan was detected192.168.2.95319592.255.85.369000TCP
                    2025-02-18T08:50:24.003626+010020522481A Network Trojan was detected192.168.2.95319792.255.85.369000TCP
                    2025-02-18T08:50:24.801865+010020522481A Network Trojan was detected192.168.2.95319892.255.85.369000TCP
                    2025-02-18T08:50:25.604948+010020522481A Network Trojan was detected192.168.2.95319992.255.85.369000TCP
                    2025-02-18T08:50:26.414121+010020522481A Network Trojan was detected192.168.2.95320092.255.85.369000TCP
                    2025-02-18T08:50:27.212616+010020522481A Network Trojan was detected192.168.2.95320192.255.85.369000TCP
                    2025-02-18T08:50:28.009528+010020522481A Network Trojan was detected192.168.2.95320292.255.85.369000TCP
                    2025-02-18T08:50:28.896956+010020522481A Network Trojan was detected192.168.2.95320392.255.85.369000TCP
                    2025-02-18T08:50:29.695258+010020522481A Network Trojan was detected192.168.2.95320492.255.85.369000TCP
                    2025-02-18T08:50:30.499187+010020522481A Network Trojan was detected192.168.2.95320592.255.85.369000TCP
                    2025-02-18T08:50:31.304868+010020522481A Network Trojan was detected192.168.2.95320692.255.85.369000TCP
                    2025-02-18T08:50:32.111887+010020522481A Network Trojan was detected192.168.2.95320792.255.85.369000TCP
                    2025-02-18T08:50:32.917926+010020522481A Network Trojan was detected192.168.2.95320892.255.85.369000TCP
                    2025-02-18T08:50:33.729199+010020522481A Network Trojan was detected192.168.2.95320992.255.85.369000TCP
                    2025-02-18T08:50:34.529856+010020522481A Network Trojan was detected192.168.2.95321092.255.85.369000TCP
                    2025-02-18T08:50:35.352701+010020522481A Network Trojan was detected192.168.2.95321192.255.85.369000TCP
                    2025-02-18T08:50:36.175784+010020522481A Network Trojan was detected192.168.2.95321292.255.85.369000TCP
                    2025-02-18T08:50:36.976412+010020522481A Network Trojan was detected192.168.2.95321392.255.85.369000TCP
                    2025-02-18T08:50:37.772919+010020522481A Network Trojan was detected192.168.2.95321492.255.85.369000TCP
                    2025-02-18T08:50:38.579829+010020522481A Network Trojan was detected192.168.2.95321592.255.85.369000TCP
                    2025-02-18T08:50:39.405955+010020522481A Network Trojan was detected192.168.2.95321692.255.85.369000TCP
                    2025-02-18T08:50:40.218678+010020522481A Network Trojan was detected192.168.2.95321792.255.85.369000TCP
                    2025-02-18T08:50:41.020249+010020522481A Network Trojan was detected192.168.2.95321892.255.85.369000TCP
                    2025-02-18T08:50:41.821473+010020522481A Network Trojan was detected192.168.2.95321992.255.85.369000TCP
                    2025-02-18T08:50:42.620273+010020522481A Network Trojan was detected192.168.2.95322092.255.85.369000TCP
                    2025-02-18T08:50:43.416969+010020522481A Network Trojan was detected192.168.2.95322192.255.85.369000TCP
                    2025-02-18T08:50:44.217812+010020522481A Network Trojan was detected192.168.2.95322292.255.85.369000TCP
                    2025-02-18T08:50:45.088990+010020522481A Network Trojan was detected192.168.2.95322392.255.85.369000TCP
                    2025-02-18T08:50:45.905645+010020522481A Network Trojan was detected192.168.2.95322492.255.85.369000TCP
                    2025-02-18T08:50:46.708981+010020522481A Network Trojan was detected192.168.2.95322592.255.85.369000TCP
                    2025-02-18T08:50:47.541081+010020522481A Network Trojan was detected192.168.2.95322692.255.85.369000TCP
                    2025-02-18T08:50:48.337240+010020522481A Network Trojan was detected192.168.2.95322792.255.85.369000TCP
                    2025-02-18T08:50:49.152340+010020522481A Network Trojan was detected192.168.2.95322892.255.85.369000TCP
                    2025-02-18T08:50:49.957104+010020522481A Network Trojan was detected192.168.2.95322992.255.85.369000TCP
                    2025-02-18T08:50:50.774107+010020522481A Network Trojan was detected192.168.2.95323092.255.85.369000TCP
                    2025-02-18T08:50:51.576378+010020522481A Network Trojan was detected192.168.2.95323192.255.85.369000TCP
                    2025-02-18T08:50:52.390924+010020522481A Network Trojan was detected192.168.2.95323292.255.85.369000TCP
                    2025-02-18T08:50:53.225104+010020522481A Network Trojan was detected192.168.2.95323392.255.85.369000TCP
                    2025-02-18T08:50:54.052405+010020522481A Network Trojan was detected192.168.2.95323492.255.85.369000TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-02-18T08:46:55.528892+010028033053Unknown Traffic192.168.2.94975692.255.85.369000TCP
                    2025-02-18T08:46:58.012632+010028033053Unknown Traffic192.168.2.94977492.255.85.369000TCP
                    2025-02-18T08:46:58.838701+010028033053Unknown Traffic192.168.2.94978392.255.85.369000TCP
                    2025-02-18T08:47:00.484264+010028033053Unknown Traffic192.168.2.94979592.255.85.369000TCP
                    2025-02-18T08:47:02.939161+010028033053Unknown Traffic192.168.2.94981192.255.85.369000TCP
                    2025-02-18T08:47:05.370908+010028033053Unknown Traffic192.168.2.94983092.255.85.369000TCP
                    2025-02-18T08:47:06.170226+010028033053Unknown Traffic192.168.2.94983692.255.85.369000TCP
                    2025-02-18T08:47:06.974430+010028033053Unknown Traffic192.168.2.95282792.255.85.369000TCP
                    2025-02-18T08:47:07.803697+010028033053Unknown Traffic192.168.2.95283492.255.85.369000TCP
                    2025-02-18T08:47:08.625265+010028033053Unknown Traffic192.168.2.95284092.255.85.369000TCP
                    2025-02-18T08:47:11.057333+010028033053Unknown Traffic192.168.2.95285892.255.85.369000TCP
                    2025-02-18T08:47:11.874630+010028033053Unknown Traffic192.168.2.95286892.255.85.369000TCP
                    2025-02-18T08:47:14.331524+010028033053Unknown Traffic192.168.2.95288792.255.85.369000TCP
                    2025-02-18T08:47:15.928539+010028033053Unknown Traffic192.168.2.95289992.255.85.369000TCP
                    2025-02-18T08:47:17.559236+010028033053Unknown Traffic192.168.2.95291192.255.85.369000TCP
                    2025-02-18T08:47:20.775893+010028033053Unknown Traffic192.168.2.95293192.255.85.369000TCP
                    2025-02-18T08:47:22.459728+010028033053Unknown Traffic192.168.2.95294192.255.85.369000TCP
                    2025-02-18T08:47:25.041637+010028033053Unknown Traffic192.168.2.95295992.255.85.369000TCP
                    2025-02-18T08:47:25.840016+010028033053Unknown Traffic192.168.2.95296492.255.85.369000TCP
                    2025-02-18T08:47:26.663120+010028033053Unknown Traffic192.168.2.95296992.255.85.369000TCP
                    2025-02-18T08:47:28.263800+010028033053Unknown Traffic192.168.2.95297992.255.85.369000TCP
                    2025-02-18T08:47:29.914082+010028033053Unknown Traffic192.168.2.95298992.255.85.369000TCP
                    2025-02-18T08:47:30.728386+010028033053Unknown Traffic192.168.2.95299492.255.85.369000TCP
                    2025-02-18T08:47:31.531098+010028033053Unknown Traffic192.168.2.95300092.255.85.369000TCP
                    2025-02-18T08:47:32.360896+010028033053Unknown Traffic192.168.2.95300492.255.85.369000TCP
                    2025-02-18T08:47:33.163165+010028033053Unknown Traffic192.168.2.95300692.255.85.369000TCP
                    2025-02-18T08:47:33.990905+010028033053Unknown Traffic192.168.2.95300792.255.85.369000TCP
                    2025-02-18T08:47:34.786365+010028033053Unknown Traffic192.168.2.95300892.255.85.369000TCP
                    2025-02-18T08:47:35.592600+010028033053Unknown Traffic192.168.2.95300992.255.85.369000TCP
                    2025-02-18T08:47:36.413407+010028033053Unknown Traffic192.168.2.95301092.255.85.369000TCP
                    2025-02-18T08:47:38.844434+010028033053Unknown Traffic192.168.2.95301392.255.85.369000TCP
                    2025-02-18T08:47:40.459705+010028033053Unknown Traffic192.168.2.95301592.255.85.369000TCP
                    2025-02-18T08:47:45.301957+010028033053Unknown Traffic192.168.2.95302292.255.85.369000TCP
                    2025-02-18T08:47:47.732226+010028033053Unknown Traffic192.168.2.95302592.255.85.369000TCP
                    2025-02-18T08:47:49.363639+010028033053Unknown Traffic192.168.2.95302792.255.85.369000TCP
                    2025-02-18T08:47:51.003552+010028033053Unknown Traffic192.168.2.95302992.255.85.369000TCP
                    2025-02-18T08:47:51.830814+010028033053Unknown Traffic192.168.2.95303092.255.85.369000TCP
                    2025-02-18T08:47:54.239894+010028033053Unknown Traffic192.168.2.95303392.255.85.369000TCP
                    2025-02-18T08:47:55.914404+010028033053Unknown Traffic192.168.2.95303592.255.85.369000TCP
                    2025-02-18T08:47:56.711184+010028033053Unknown Traffic192.168.2.95303692.255.85.369000TCP
                    2025-02-18T08:47:57.510886+010028033053Unknown Traffic192.168.2.95303792.255.85.369000TCP
                    2025-02-18T08:47:59.118200+010028033053Unknown Traffic192.168.2.95303992.255.85.369000TCP
                    2025-02-18T08:47:59.916474+010028033053Unknown Traffic192.168.2.95304092.255.85.369000TCP
                    2025-02-18T08:48:00.716015+010028033053Unknown Traffic192.168.2.95304192.255.85.369000TCP
                    2025-02-18T08:48:01.534085+010028033053Unknown Traffic192.168.2.95304292.255.85.369000TCP
                    2025-02-18T08:48:03.950987+010028033053Unknown Traffic192.168.2.95304592.255.85.369000TCP
                    2025-02-18T08:48:06.533455+010028033053Unknown Traffic192.168.2.95304992.255.85.369000TCP
                    2025-02-18T08:48:07.133636+010028033053Unknown Traffic192.168.2.95305092.255.85.369000TCP
                    2025-02-18T08:48:07.479372+010028033053Unknown Traffic192.168.2.95305192.255.85.369000TCP
                    2025-02-18T08:48:08.272081+010028033053Unknown Traffic192.168.2.95305292.255.85.369000TCP
                    2025-02-18T08:48:09.077990+010028033053Unknown Traffic192.168.2.95305792.255.85.369000TCP
                    2025-02-18T08:48:09.882332+010028033053Unknown Traffic192.168.2.95305892.255.85.369000TCP
                    2025-02-18T08:48:10.681438+010028033053Unknown Traffic192.168.2.95305992.255.85.369000TCP
                    2025-02-18T08:48:11.473281+010028033053Unknown Traffic192.168.2.95306492.255.85.369000TCP
                    2025-02-18T08:48:12.272439+010028033053Unknown Traffic192.168.2.95306792.255.85.369000TCP
                    2025-02-18T08:48:13.077268+010028033053Unknown Traffic192.168.2.95306892.255.85.369000TCP
                    2025-02-18T08:48:13.881165+010028033053Unknown Traffic192.168.2.95307092.255.85.369000TCP
                    2025-02-18T08:48:14.689278+010028033053Unknown Traffic192.168.2.95307192.255.85.369000TCP
                    2025-02-18T08:48:15.495141+010028033053Unknown Traffic192.168.2.95307292.255.85.369000TCP
                    2025-02-18T08:48:16.319834+010028033053Unknown Traffic192.168.2.95307392.255.85.369000TCP
                    2025-02-18T08:48:17.134631+010028033053Unknown Traffic192.168.2.95307592.255.85.369000TCP
                    2025-02-18T08:48:17.955781+010028033053Unknown Traffic192.168.2.95307692.255.85.369000TCP
                    2025-02-18T08:48:18.770247+010028033053Unknown Traffic192.168.2.95307792.255.85.369000TCP
                    2025-02-18T08:48:19.586344+010028033053Unknown Traffic192.168.2.95307892.255.85.369000TCP
                    2025-02-18T08:48:20.391232+010028033053Unknown Traffic192.168.2.95307992.255.85.369000TCP
                    2025-02-18T08:48:21.218047+010028033053Unknown Traffic192.168.2.95308092.255.85.369000TCP
                    2025-02-18T08:48:22.132172+010028033053Unknown Traffic192.168.2.95308192.255.85.369000TCP
                    2025-02-18T08:48:22.935556+010028033053Unknown Traffic192.168.2.95308292.255.85.369000TCP
                    2025-02-18T08:48:23.742724+010028033053Unknown Traffic192.168.2.95308392.255.85.369000TCP
                    2025-02-18T08:48:24.569623+010028033053Unknown Traffic192.168.2.95308492.255.85.369000TCP
                    2025-02-18T08:48:25.411602+010028033053Unknown Traffic192.168.2.95308592.255.85.369000TCP
                    2025-02-18T08:48:26.213381+010028033053Unknown Traffic192.168.2.95308692.255.85.369000TCP
                    2025-02-18T08:48:27.030856+010028033053Unknown Traffic192.168.2.95308792.255.85.369000TCP
                    2025-02-18T08:48:27.836419+010028033053Unknown Traffic192.168.2.95308892.255.85.369000TCP
                    2025-02-18T08:48:28.631722+010028033053Unknown Traffic192.168.2.95308992.255.85.369000TCP
                    2025-02-18T08:48:29.458069+010028033053Unknown Traffic192.168.2.95309092.255.85.369000TCP
                    2025-02-18T08:48:30.285078+010028033053Unknown Traffic192.168.2.95309192.255.85.369000TCP
                    2025-02-18T08:48:31.092979+010028033053Unknown Traffic192.168.2.95309292.255.85.369000TCP
                    2025-02-18T08:48:31.910781+010028033053Unknown Traffic192.168.2.95309392.255.85.369000TCP
                    2025-02-18T08:48:32.798886+010028033053Unknown Traffic192.168.2.95309492.255.85.369000TCP
                    2025-02-18T08:48:33.598064+010028033053Unknown Traffic192.168.2.95309592.255.85.369000TCP
                    2025-02-18T08:48:34.395991+010028033053Unknown Traffic192.168.2.95309692.255.85.369000TCP
                    2025-02-18T08:48:35.223395+010028033053Unknown Traffic192.168.2.95309792.255.85.369000TCP
                    2025-02-18T08:48:36.021152+010028033053Unknown Traffic192.168.2.95309892.255.85.369000TCP
                    2025-02-18T08:48:40.128342+010028033053Unknown Traffic192.168.2.95310392.255.85.369000TCP
                    2025-02-18T08:48:42.588142+010028033053Unknown Traffic192.168.2.95310692.255.85.369000TCP
                    2025-02-18T08:48:45.829962+010028033053Unknown Traffic192.168.2.95311092.255.85.369000TCP
                    2025-02-18T08:48:48.255495+010028033053Unknown Traffic192.168.2.95311392.255.85.369000TCP
                    2025-02-18T08:48:49.856809+010028033053Unknown Traffic192.168.2.95311592.255.85.369000TCP
                    2025-02-18T08:48:52.294785+010028033053Unknown Traffic192.168.2.95311892.255.85.369000TCP
                    2025-02-18T08:48:53.132343+010028033053Unknown Traffic192.168.2.95311992.255.85.369000TCP
                    2025-02-18T08:48:53.931564+010028033053Unknown Traffic192.168.2.95312092.255.85.369000TCP
                    2025-02-18T08:48:55.585263+010028033053Unknown Traffic192.168.2.95312392.255.85.369000TCP
                    2025-02-18T08:49:00.858985+010028033053Unknown Traffic192.168.2.95312992.255.85.369000TCP
                    2025-02-18T08:49:02.501829+010028033053Unknown Traffic192.168.2.95313192.255.85.369000TCP
                    2025-02-18T08:49:04.120904+010028033053Unknown Traffic192.168.2.95313392.255.85.369000TCP
                    2025-02-18T08:49:05.749506+010028033053Unknown Traffic192.168.2.95313592.255.85.369000TCP
                    2025-02-18T08:49:07.382777+010028033053Unknown Traffic192.168.2.95313792.255.85.369000TCP
                    2025-02-18T08:49:08.178117+010028033053Unknown Traffic192.168.2.95313892.255.85.369000TCP
                    2025-02-18T08:49:09.788496+010028033053Unknown Traffic192.168.2.95314092.255.85.369000TCP
                    2025-02-18T08:49:10.591831+010028033053Unknown Traffic192.168.2.95314192.255.85.369000TCP
                    2025-02-18T08:49:14.634922+010028033053Unknown Traffic192.168.2.95314692.255.85.369000TCP
                    2025-02-18T08:49:15.447024+010028033053Unknown Traffic192.168.2.95314792.255.85.369000TCP
                    2025-02-18T08:49:16.266346+010028033053Unknown Traffic192.168.2.95314892.255.85.369000TCP
                    2025-02-18T08:49:21.974519+010028033053Unknown Traffic192.168.2.95315592.255.85.369000TCP
                    2025-02-18T08:49:23.569395+010028033053Unknown Traffic192.168.2.95315792.255.85.369000TCP
                    2025-02-18T08:49:24.386721+010028033053Unknown Traffic192.168.2.95315892.255.85.369000TCP
                    2025-02-18T08:49:28.429416+010028033053Unknown Traffic192.168.2.95316392.255.85.369000TCP
                    2025-02-18T08:49:30.904267+010028033053Unknown Traffic192.168.2.95316692.255.85.369000TCP
                    2025-02-18T08:49:35.921889+010028033053Unknown Traffic192.168.2.95317292.255.85.369000TCP
                    2025-02-18T08:49:38.392311+010028033053Unknown Traffic192.168.2.95317592.255.85.369000TCP
                    2025-02-18T08:49:39.239427+010028033053Unknown Traffic192.168.2.95317692.255.85.369000TCP
                    2025-02-18T08:49:40.056856+010028033053Unknown Traffic192.168.2.95317792.255.85.369000TCP
                    2025-02-18T08:49:41.693762+010028033053Unknown Traffic192.168.2.95317992.255.85.369000TCP
                    2025-02-18T08:49:43.321374+010028033053Unknown Traffic192.168.2.95318192.255.85.369000TCP
                    2025-02-18T08:49:45.005909+010028033053Unknown Traffic192.168.2.95318392.255.85.369000TCP
                    2025-02-18T08:49:47.412997+010028033053Unknown Traffic192.168.2.95318692.255.85.369000TCP
                    2025-02-18T08:49:49.855320+010028033053Unknown Traffic192.168.2.95319092.255.85.369000TCP
                    2025-02-18T08:50:22.455127+010028033053Unknown Traffic192.168.2.95319492.255.85.369000TCP
                    2025-02-18T08:50:23.172373+010028033053Unknown Traffic192.168.2.95319592.255.85.369000TCP
                    2025-02-18T08:50:24.003626+010028033053Unknown Traffic192.168.2.95319792.255.85.369000TCP
                    2025-02-18T08:50:24.801865+010028033053Unknown Traffic192.168.2.95319892.255.85.369000TCP
                    2025-02-18T08:50:25.604948+010028033053Unknown Traffic192.168.2.95319992.255.85.369000TCP
                    2025-02-18T08:50:26.414121+010028033053Unknown Traffic192.168.2.95320092.255.85.369000TCP
                    2025-02-18T08:50:27.212616+010028033053Unknown Traffic192.168.2.95320192.255.85.369000TCP
                    2025-02-18T08:50:28.009528+010028033053Unknown Traffic192.168.2.95320292.255.85.369000TCP
                    2025-02-18T08:50:28.896956+010028033053Unknown Traffic192.168.2.95320392.255.85.369000TCP
                    2025-02-18T08:50:30.499187+010028033053Unknown Traffic192.168.2.95320592.255.85.369000TCP
                    2025-02-18T08:50:31.304868+010028033053Unknown Traffic192.168.2.95320692.255.85.369000TCP
                    2025-02-18T08:50:32.111887+010028033053Unknown Traffic192.168.2.95320792.255.85.369000TCP
                    2025-02-18T08:50:35.352701+010028033053Unknown Traffic192.168.2.95321192.255.85.369000TCP
                    2025-02-18T08:50:42.620273+010028033053Unknown Traffic192.168.2.95322092.255.85.369000TCP
                    2025-02-18T08:50:45.088990+010028033053Unknown Traffic192.168.2.95322392.255.85.369000TCP
                    2025-02-18T08:50:46.708981+010028033053Unknown Traffic192.168.2.95322592.255.85.369000TCP
                    2025-02-18T08:50:49.152340+010028033053Unknown Traffic192.168.2.95322892.255.85.369000TCP
                    2025-02-18T08:50:54.052405+010028033053Unknown Traffic192.168.2.95323492.255.85.369000TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: 4BLDo0d9gL.exeAvira: detected
                    Multi AV Scanner detection for submitted file
                    Source: 4BLDo0d9gL.exeVirustotal: Detection: 80%Perma Link
                    Source: 4BLDo0d9gL.exeReversingLabs: Detection: 75%
                    Joe Sandbox ML detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_0716A8E0 CryptUnprotectData,0_2_0716A8E0
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_0716AED9 CryptUnprotectData,0_2_0716AED9
                    Source: 4BLDo0d9gL.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 4x nop then jmp 0715C8E4h0_2_0715C2B6
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 4x nop then jmp 07157E7Eh0_2_07157D58
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 4x nop then jmp 07157E7Eh0_2_07157D68
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 4x nop then jmp 0715C8E4h0_2_0715C8C0
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 4x nop then jmp 08250EC1h0_2_08250A28
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 4x nop then jmp 0825C3CAh0_2_0825B6E0
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 4x nop then mov eax, dword ptr [ebp-60h]0_2_0825B6E0
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 4x nop then jmp 0825CA3Dh0_2_0825B6E0
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 4x nop then jmp 0825A571h0_2_0825A559

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:49790 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:49783 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:49774 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:49743 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:49762 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:49756 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:49811 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:49795 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:49801 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:49818 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:49806 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:49749 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:49824 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:49836 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:52827 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:49830 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:52834 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:52840 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:52846 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:49769 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:52852 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:52858 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:52875 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:52881 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:52887 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:52868 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:52893 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:52899 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:52905 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:52921 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:52916 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:52936 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:52931 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:52926 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:52948 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:52955 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:52959 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:52969 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:52941 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:52964 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:52979 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:52984 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:52974 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:52989 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:52911 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:52994 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53006 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53004 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53008 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53010 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53007 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53012 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53009 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53013 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53015 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53016 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53017 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53011 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53018 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53019 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53000 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53024 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53021 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53022 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53025 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53026 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53027 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53023 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53014 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53029 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53028 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53030 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53032 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53031 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53033 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53034 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53035 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53036 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53037 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53038 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53039 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53040 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53041 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53042 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53043 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53044 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53045 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53048 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53050 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53049 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53052 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53051 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53057 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53058 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53059 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53064 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53068 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53067 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53070 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53072 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53071 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53073 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53075 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53076 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53077 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53078 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53079 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53080 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53081 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53082 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53083 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53084 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53085 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53086 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53087 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53089 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53092 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53088 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53093 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53094 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53095 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53096 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53097 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53098 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53099 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53100 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53101 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53046 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53102 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53103 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53104 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53105 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53106 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53107 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53108 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53109 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53110 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53111 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53112 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53113 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53114 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53115 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53116 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53117 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53118 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53119 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53120 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53121 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53123 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53124 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53125 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53126 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53127 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53128 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53130 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53090 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53131 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53132 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53133 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53091 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53134 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53135 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53136 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53137 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53138 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53139 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53140 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53141 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53142 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53129 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53143 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53144 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53145 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53146 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53147 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53148 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53149 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53150 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53151 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53152 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53153 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53154 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53155 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53156 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53157 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53158 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53159 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53160 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53161 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53162 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53163 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53164 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53165 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53166 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53168 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53169 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53170 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53171 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53172 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53173 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53174 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53175 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53176 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53178 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53179 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53180 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53182 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53183 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53184 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53185 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53186 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53188 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53189 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53190 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53191 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53192 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53193 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53194 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53195 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53197 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53198 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53199 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53200 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53181 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53201 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53202 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53203 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53204 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53205 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53206 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53207 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53208 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53209 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53210 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53211 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53212 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53214 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53215 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53216 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53217 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53218 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53219 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53220 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53221 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53222 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53223 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53224 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53226 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53227 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53228 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53229 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53230 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53231 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53232 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53233 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53234 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53167 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53213 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53177 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.9:53225 -> 92.255.85.36:9000
                    Connects to many ports of the same IP (likely port scanning)
                    Source: global trafficTCP traffic: 92.255.85.36 ports 9000,1,4,5,7,8,15847
                    Uses known network protocols on non-standard ports
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49743
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49749
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49756
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49762
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49769
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49774
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49783
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49790
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49795
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49801
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49806
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49811
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49818
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49824
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49830
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49836
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52827 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52827
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52834 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52834
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52840 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52840
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52846 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52846
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52852 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52852
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52858 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52858
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52868 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52868
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52875 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52875
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52881 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52881
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52887 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52887
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52893 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52893
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52899 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52899
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52905 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52905
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52911 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52911
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52916 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52916
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52921 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52921
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52926 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52926
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52931 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52931
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52936 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52936
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52941 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52941
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52948 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52948
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52955 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52955
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52959 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52959
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52964 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52964
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52969 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52969
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52974 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52974
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52979 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52979
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52984 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52984
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52989 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52989
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52994 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52994
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53000 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53004 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53004
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53006 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53006
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53007 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53007
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53008 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53008
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53009 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53009
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53010 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53010
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53011 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53011
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53012 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53012
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53013 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53013
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53014 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53014
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53015 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53015
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53016 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53016
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53017 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53017
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53018 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53018
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53019 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53019
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53021 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53021
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53022 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53022
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53023 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53023
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53024 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53024
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53025 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53025
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53026 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53026
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53027 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53027
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53028 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53028
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53029 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53029
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53030 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53030
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53031 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53031
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53032 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53032
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53033 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53033
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53034 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53034
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53035 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53035
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53036 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53036
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53037 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53037
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53038 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53038
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53039 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53039
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53040 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53040
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53041 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53041
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53042 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53042
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53043 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53043
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53044 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53044
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53045 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53045
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53046 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53046
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53048 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53048
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53049 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53049
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53050 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53051 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53051
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53052 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53052
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53057 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53057
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53058 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53058
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53059 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53059
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53064 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53064
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53067 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53067
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53068 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53068
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53070 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53070
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53071 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53071
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53072 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53072
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53073 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53073
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53075 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53075
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53076 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53076
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53077 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53077
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53078 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53078
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53079 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53079
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53080 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53080
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53081 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53081
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53082 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53082
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53083 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53083
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53084 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53084
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53085 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53085
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53086 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53086
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53087 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53087
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53088 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53088
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53089 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53089
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53090 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53090
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53091 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53091
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53092 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53092
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53093 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53093
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53094 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53094
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53095 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53095
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53096 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53096
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53097 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53097
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53098 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53098
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53099 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53099
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53100 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53100
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53101 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53101
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53102 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53102
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53103 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53103
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53104 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53104
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53105 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53105
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53106 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53106
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53107 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53107
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53108 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53108
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53109 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53109
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53110 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53110
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53111 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53111
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53112 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53112
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53113 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53113
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53114 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53114
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53115 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53115
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53116 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53116
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53117 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53117
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53118 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53118
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53119 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53119
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53120 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53120
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53121 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53121
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53123 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53123
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53124 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53124
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53125 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53125
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53126 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53126
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53127 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53127
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53128 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53128
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53129 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53129
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53130 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53130
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53131 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53131
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53132 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53132
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53133 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53133
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53134 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53134
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53135 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53135
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53136 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53136
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53137 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53137
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53138 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53138
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53139 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53139
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53140 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53140
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53141 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53141
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53142 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53142
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53143 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53143
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53144 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53144
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53145 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53145
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53146 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53146
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53147 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53147
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53148 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53148
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53149 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53149
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53150 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53150
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53151 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53151
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53152 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53152
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53153 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53153
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53154 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53154
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53155 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53155
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53156 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53156
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53157 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53157
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53158 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53158
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53159 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53159
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53160 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53160
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53161 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53161
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53162 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53162
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53163 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53163
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53164 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53164
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53165 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53165
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53166 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53166
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53167 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53167
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53168 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53168
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53169 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53169
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53170 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53170
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53171 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53171
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53172 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53172
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53173 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53173
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53174 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53174
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53175 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53175
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53176 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53176
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53177 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53177
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53178 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53178
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53179 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53179
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53180 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53180
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53181 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53181
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53182 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53182
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53183 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53183
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53184 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53184
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53185 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53185
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53186 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53186
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53188 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53188
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53189 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53189
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53190 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53190
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53191 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53191
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53192 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53192
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53193 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53193
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53194 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53195 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53195
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53197 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53197
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53198 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53198
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53199 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53199
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53200 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53200
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53201 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53201
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53202 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53202
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53203 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53203
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53204 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53204
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53205 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53205
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53206 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53206
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53207 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53207
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53208 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53208
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53209 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53209
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53210 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53210
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53211 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53211
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53212 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53212
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53213 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53213
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53214 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53214
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53215 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53215
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53216 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53216
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53217 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53217
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53218 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53218
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53219 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53219
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53220 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53220
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53221 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53221
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53222 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53222
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53223 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53223
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53224 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53224
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53225 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53225
                    Source: global trafficTCP traffic: 192.168.2.9:49727 -> 92.255.85.36:15847
                    Source: global trafficTCP traffic: 192.168.2.9:52820 -> 1.1.1.1:53
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: Joe Sandbox ViewASN Name: SOVTEL-ASRU SOVTEL-ASRU
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:49783 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:49774 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:49756 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:49811 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:49795 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:49830 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:49836 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:52827 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:52834 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:52840 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:52858 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:52887 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:52868 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:52899 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:52931 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:52959 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:52969 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:52941 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:52964 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:52979 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:52989 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:52911 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:52994 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53006 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53004 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53008 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53010 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53007 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53009 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53013 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53015 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53000 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53022 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53025 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53027 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53029 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53030 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53033 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53035 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53036 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53037 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53039 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53040 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53041 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53042 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53045 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53050 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53049 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53052 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53051 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53057 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53058 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53059 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53064 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53068 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53067 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53070 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53072 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53071 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53073 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53075 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53076 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53077 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53078 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53079 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53080 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53081 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53082 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53083 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53084 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53085 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53086 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53087 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53089 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53092 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53088 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53093 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53094 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53095 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53096 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53097 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53098 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53103 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53106 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53110 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53113 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53115 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53118 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53119 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53120 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53123 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53090 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53131 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53133 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53091 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53135 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53137 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53138 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53140 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53141 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53129 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53146 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53147 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53148 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53155 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53157 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53158 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53163 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53166 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53172 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53175 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53176 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53179 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53183 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53186 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53190 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53194 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53195 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53197 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53198 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53199 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53200 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53181 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53201 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53202 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53203 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53205 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53206 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53207 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53211 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53220 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53223 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53228 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53234 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53177 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:53225 -> 92.255.85.36:9000
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D HTTP/1.1Host: 92.255.85.36:9000
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.0000000002FD3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.255.85.36:9000
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.0000000002FD3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.255.85.36:9000/wbinjget?q=405E1946CFDABCFF1D56C0C7D7E3D09D
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.0000000002ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.0000000002ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.00000000033FE000.00000004.00000800.00020000.00000000.sdmp, 4BLDo0d9gL.exe, 00000000.00000002.3785061271.000000000358B000.00000004.00000800.00020000.00000000.sdmp, 4BLDo0d9gL.exe, 00000000.00000002.3785061271.00000000034CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.00000000033FE000.00000004.00000800.00020000.00000000.sdmp, 4BLDo0d9gL.exe, 00000000.00000002.3785061271.000000000358B000.00000004.00000800.00020000.00000000.sdmp, 4BLDo0d9gL.exe, 00000000.00000002.3785061271.00000000034CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.00000000033FE000.00000004.00000800.00020000.00000000.sdmp, 4BLDo0d9gL.exe, 00000000.00000002.3785061271.000000000358B000.00000004.00000800.00020000.00000000.sdmp, 4BLDo0d9gL.exe, 00000000.00000002.3785061271.00000000034CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.00000000033FE000.00000004.00000800.00020000.00000000.sdmp, 4BLDo0d9gL.exe, 00000000.00000002.3785061271.000000000358B000.00000004.00000800.00020000.00000000.sdmp, 4BLDo0d9gL.exe, 00000000.00000002.3785061271.00000000034CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.00000000033FE000.00000004.00000800.00020000.00000000.sdmp, 4BLDo0d9gL.exe, 00000000.00000002.3785061271.000000000358B000.00000004.00000800.00020000.00000000.sdmp, 4BLDo0d9gL.exe, 00000000.00000002.3785061271.0000000003649000.00000004.00000800.00020000.00000000.sdmp, 4BLDo0d9gL.exe, 00000000.00000002.3785061271.00000000034CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.00000000033FE000.00000004.00000800.00020000.00000000.sdmp, 4BLDo0d9gL.exe, 00000000.00000002.3785061271.000000000358B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.0000000003649000.00000004.00000800.00020000.00000000.sdmp, 4BLDo0d9gL.exe, 00000000.00000002.3785061271.00000000034CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabS
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.00000000033FE000.00000004.00000800.00020000.00000000.sdmp, 4BLDo0d9gL.exe, 00000000.00000002.3785061271.000000000358B000.00000004.00000800.00020000.00000000.sdmp, 4BLDo0d9gL.exe, 00000000.00000002.3785061271.0000000003649000.00000004.00000800.00020000.00000000.sdmp, 4BLDo0d9gL.exe, 00000000.00000002.3785061271.00000000034CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.0000000002ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com/raw/DWCCqGB0
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.00000000033FE000.00000004.00000800.00020000.00000000.sdmp, 4BLDo0d9gL.exe, 00000000.00000002.3785061271.000000000358B000.00000004.00000800.00020000.00000000.sdmp, 4BLDo0d9gL.exe, 00000000.00000002.3785061271.00000000034CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.00000000033FE000.00000004.00000800.00020000.00000000.sdmp, 4BLDo0d9gL.exe, 00000000.00000002.3785061271.000000000358B000.00000004.00000800.00020000.00000000.sdmp, 4BLDo0d9gL.exe, 00000000.00000002.3785061271.0000000003649000.00000004.00000800.00020000.00000000.sdmp, 4BLDo0d9gL.exe, 00000000.00000002.3785061271.00000000034CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 4BLDo0d9gL.exe, type: SAMPLEMatched rule: Detects Arechclient2 RAT Author: ditekSHen
                    Source: 0.0.4BLDo0d9gL.exe.a40000.0.unpack, type: UNPACKEDPEMatched rule: Detects Arechclient2 RAT Author: ditekSHen
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess Stats: CPU usage > 49%
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_010600060_2_01060006
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_010600400_2_01060040
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_012554B80_2_012554B8
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_0125B7C80_2_0125B7C8
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_01259E780_2_01259E78
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_0125188E0_2_0125188E
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_012554880_2_01255488
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_0125D7380_2_0125D738
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_012577400_2_01257740
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_012577500_2_01257750
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_0125B7BA0_2_0125B7BA
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_01259E670_2_01259E67
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_0125D6EB0_2_0125D6EB
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_070CDB500_2_070CDB50
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_070CAF900_2_070CAF90
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_070C4BA80_2_070C4BA8
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_070CC3F80_2_070CC3F8
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_070C66580_2_070C6658
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_070C3A900_2_070C3A90
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_070CD13F0_2_070CD13F
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_070C71A80_2_070C71A8
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_070C59A80_2_070C59A8
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_070C00400_2_070C0040
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_070CB49E0_2_070CB49E
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_070C50D00_2_070C50D0
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_070C88E80_2_070C88E8
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_070CAF800_2_070CAF80
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_070C4B970_2_070C4B97
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_070C3A7F0_2_070C3A7F
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_070CF1080_2_070CF108
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_070C59990_2_070C5999
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_070C11D10_2_070C11D1
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_070C11E00_2_070C11E0
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_070C00060_2_070C0006
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_070C1C550_2_070C1C55
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_070C50B60_2_070C50B6
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_0715CB200_2_0715CB20
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_07153B410_2_07153B41
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_07159B8E0_2_07159B8E
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_07150AF00_2_07150AF0
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_071580180_2_07158018
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_071528300_2_07152830
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_071500400_2_07150040
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_071523280_2_07152328
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_071500060_2_07150006
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_071520780_2_07152078
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_071520680_2_07152068
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_0716DFD80_2_0716DFD8
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_0716BE100_2_0716BE10
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_07163EA00_2_07163EA0
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_0716DFC90_2_0716DFC9
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_071687F70_2_071687F7
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_0716CE700_2_0716CE70
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_0716CE800_2_0716CE80
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_07163E8B0_2_07163E8B
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_071699F80_2_071699F8
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_071699EE0_2_071699EE
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_0716B5E80_2_0716B5E8
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_071688080_2_07168808
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_071648810_2_07164881
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_077C6F500_2_077C6F50
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_077CED680_2_077CED68
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_077C2C600_2_077C2C60
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_077CD9380_2_077CD938
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_077C3F2C0_2_077C3F2C
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_077CED5F0_2_077CED5F
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_077C5A7C0_2_077C5A7C
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_082500400_2_08250040
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_0825A8400_2_0825A840
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_0825B6E00_2_0825B6E0
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_08250EF00_2_08250EF0
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_0825CAD80_2_0825CAD8
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_082519A80_2_082519A8
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_08257F900_2_08257F90
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_082595C00_2_082595C0
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_0825A8300_2_0825A830
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_0825003B0_2_0825003B
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_0825A8020_2_0825A802
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_0825B6A10_2_0825B6A1
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_0825E8BF0_2_0825E8BF
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_082544E90_2_082544E9
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_082544F80_2_082544F8
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_0825CAC80_2_0825CAC8
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_0825B6D10_2_0825B6D1
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_0825E8D00_2_0825E8D0
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_082523200_2_08252320
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_0825F3600_2_0825F360
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_08257F7F0_2_08257F7F
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_08252F400_2_08252F40
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_0825D3500_2_0825D350
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_070C1C580_2_070C1C58
                    Source: 4BLDo0d9gL.exe, 00000000.00000000.1342771111.0000000000B00000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenametttrgggrrrt.exe" vs 4BLDo0d9gL.exe
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3791498390.00000000074F9000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs 4BLDo0d9gL.exe
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3783392852.000000000127E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs 4BLDo0d9gL.exe
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.0000000002ED1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs 4BLDo0d9gL.exe
                    Source: 4BLDo0d9gL.exeBinary or memory string: OriginalFilenametttrgggrrrt.exe" vs 4BLDo0d9gL.exe
                    Source: 4BLDo0d9gL.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 4BLDo0d9gL.exe, type: SAMPLEMatched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
                    Source: 0.0.4BLDo0d9gL.exe.a40000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/40@0/1
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeFile created: C:\Users\user\AppData\Local\YandexJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeMutant created: NULL
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeMutant created: \Sessions\1\BaseNamedObjects\5c8947d1385c4e608aa7a0853c65418d
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeFile created: C:\Users\user\AppData\Local\Temp\tmp7D46.tmpJump to behavior
                    Source: 4BLDo0d9gL.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: 4BLDo0d9gL.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.00000000033C0000.00000004.00000800.00020000.00000000.sdmp, 4BLDo0d9gL.exe, 00000000.00000002.3785061271.00000000033B2000.00000004.00000800.00020000.00000000.sdmp, 4BLDo0d9gL.exe, 00000000.00000002.3785061271.000000000339A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                    Source: 4BLDo0d9gL.exeVirustotal: Detection: 80%
                    Source: 4BLDo0d9gL.exeReversingLabs: Detection: 75%
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                    Source: 4BLDo0d9gL.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_07156922 pushfd ; ret 0_2_07156928
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeCode function: 0_2_071653CF push esp; ret 0_2_071653D9
                    Source: 4BLDo0d9gL.exeStatic PE information: section name: .text entropy: 6.939591378361454

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Uses known network protocols on non-standard ports
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49743
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49749
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49756
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49762
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49769
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49774
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49783
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49790
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49795
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49801
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49806
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49811
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49818
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49824
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49830
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49836
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52827 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52827
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52834 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52834
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52840 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52840
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52846 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52846
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52852 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52852
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52858 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52858
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52868 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52868
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52875 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52875
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52881 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52881
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52887 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52887
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52893 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52893
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52899 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52899
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52905 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52905
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52911 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52911
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52916 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52916
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52921 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52921
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52926 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52926
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52931 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52931
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52936 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52936
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52941 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52941
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52948 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52948
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52955 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52955
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52959 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52959
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52964 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52964
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52969 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52969
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52974 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52974
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52979 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52979
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52984 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52984
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52989 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52989
                    Source: unknownNetwork traffic detected: HTTP traffic on port 52994 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 52994
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53000 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53004 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53004
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53006 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53006
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53007 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53007
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53008 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53008
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53009 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53009
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53010 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53010
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53011 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53011
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53012 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53012
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53013 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53013
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53014 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53014
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53015 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53015
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53016 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53016
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53017 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53017
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53018 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53018
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53019 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53019
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53021 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53021
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53022 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53022
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53023 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53023
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53024 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53024
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53025 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53025
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53026 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53026
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53027 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53027
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53028 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53028
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53029 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53029
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53030 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53030
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53031 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53031
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53032 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53032
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53033 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53033
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53034 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53034
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53035 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53035
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53036 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53036
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53037 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53037
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53038 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53038
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53039 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53039
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53040 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53040
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53041 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53041
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53042 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53042
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53043 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53043
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53044 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53044
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53045 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53045
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53046 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53046
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53048 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53048
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53049 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53049
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53050 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53051 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53051
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53052 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53052
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53057 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53057
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53058 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53058
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53059 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53059
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53064 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53064
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53067 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53067
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53068 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53068
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53070 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53070
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53071 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53071
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53072 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53072
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53073 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53073
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53075 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53075
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53076 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53076
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53077 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53077
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53078 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53078
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53079 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53079
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53080 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53080
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53081 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53081
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53082 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53082
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53083 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53083
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53084 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53084
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53085 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53085
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53086 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53086
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53087 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53087
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53088 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53088
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53089 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53089
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53090 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53090
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53091 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53091
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53092 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53092
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53093 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53093
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53094 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53094
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53095 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53095
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53096 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53096
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53097 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53097
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53098 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53098
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53099 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53099
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53100 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53100
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53101 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53101
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53102 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53102
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53103 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53103
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53104 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53104
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53105 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53105
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53106 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53106
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53107 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53107
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53108 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53108
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53109 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53109
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53110 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53110
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53111 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53111
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53112 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53112
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53113 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53113
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53114 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53114
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53115 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53115
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53116 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53116
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53117 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53117
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53118 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53118
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53119 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53119
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53120 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53120
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53121 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53121
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53123 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53123
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53124 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53124
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53125 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53125
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53126 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53126
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53127 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53127
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53128 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53128
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53129 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53129
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53130 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53130
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53131 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53131
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53132 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53132
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53133 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53133
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53134 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53134
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53135 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53135
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53136 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53136
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53137 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53137
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53138 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53138
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53139 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53139
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53140 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53140
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53141 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53141
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53142 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53142
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53143 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53143
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53144 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53144
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53145 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53145
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53146 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53146
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53147 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53147
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53148 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53148
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53149 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53149
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53150 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53150
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53151 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53151
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53152 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53152
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53153 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53153
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53154 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53154
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53155 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53155
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53156 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53156
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53157 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53157
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53158 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53158
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53159 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53159
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53160 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53160
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53161 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53161
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53162 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53162
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53163 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53163
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53164 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53164
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53165 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53165
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53166 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53166
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53167 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53167
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53168 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53168
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53169 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53169
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53170 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53170
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53171 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53171
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53172 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53172
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53173 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53173
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53174 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53174
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53175 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53175
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53176 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53176
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53177 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53177
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53178 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53178
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53179 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53179
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53180 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53180
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53181 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53181
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53182 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53182
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53183 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53183
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53184 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53184
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53185 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53185
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53186 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53186
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53188 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53188
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53189 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53189
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53190 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53190
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53191 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53191
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53192 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53192
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53193 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53193
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53194 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53195 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53195
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53197 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53197
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53198 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53198
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53199 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53199
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53200 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53200
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53201 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53201
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53202 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53202
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53203 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53203
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53204 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53204
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53205 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53205
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53206 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53206
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53207 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53207
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53208 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53208
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53209 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53209
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53210 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53210
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53211 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53211
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53212 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53212
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53213 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53213
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53214 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53214
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53215 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53215
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53216 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53216
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53217 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53217
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53218 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53218
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53219 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53219
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53220 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53220
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53221 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53221
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53222 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53222
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53223 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53223
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53224 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53224
                    Source: unknownNetwork traffic detected: HTTP traffic on port 53225 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 53225
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeMemory allocated: 1230000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeMemory allocated: 2ED0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeMemory allocated: 2CE0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWindow / User API: threadDelayed 6817Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWindow / User API: threadDelayed 2785Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeRegistry key enumerated: More than 120 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exe TID: 7380Thread sleep time: -32281802128991695s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exe TID: 7380Thread sleep time: -360000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exe TID: 7380Thread sleep time: -59891s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exe TID: 7324Thread sleep time: -46628s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exe TID: 7380Thread sleep time: -59781s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exe TID: 7324Thread sleep time: -41907s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exe TID: 7380Thread sleep time: -59672s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exe TID: 7324Thread sleep time: -37835s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exe TID: 7380Thread sleep time: -59563s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exe TID: 7324Thread sleep time: -55843s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exe TID: 7380Thread sleep time: -59453s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exe TID: 7324Thread sleep time: -59416s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exe TID: 7380Thread sleep time: -59344s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exe TID: 7324Thread sleep time: -44712s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exe TID: 7324Thread sleep time: -33361s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exe TID: 7324Thread sleep time: -34407s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exe TID: 7324Thread sleep time: -50134s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exe TID: 7324Thread sleep time: -54871s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exe TID: 7324Thread sleep time: -51775s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exe TID: 7324Thread sleep time: -49987s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exe TID: 7324Thread sleep time: -41004s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exe TID: 7456Thread sleep time: -30000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exe TID: 7324Thread sleep time: -39643s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exe TID: 7472Thread sleep time: -720000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exe TID: 7324Thread sleep time: -31756s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exe TID: 7324Thread sleep time: -59586s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exe TID: 7324Thread sleep time: -58479s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exe TID: 7324Thread sleep time: -47373s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exe TID: 7464Thread sleep time: -1200000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exe TID: 7324Thread sleep time: -51122s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exe TID: 7324Thread sleep time: -46247s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exe TID: 7324Thread sleep time: -42143s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exe TID: 7324Thread sleep time: -44100s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exe TID: 7324Thread sleep time: -55712s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exe TID: 7324Thread sleep time: -55869s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeThread delayed: delay time: 60000Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeThread delayed: delay time: 59891Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeThread delayed: delay time: 46628Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeThread delayed: delay time: 59781Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeThread delayed: delay time: 41907Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeThread delayed: delay time: 59672Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeThread delayed: delay time: 37835Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeThread delayed: delay time: 59563Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeThread delayed: delay time: 55843Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeThread delayed: delay time: 59453Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeThread delayed: delay time: 59416Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeThread delayed: delay time: 59344Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeThread delayed: delay time: 44712Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeThread delayed: delay time: 33361Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeThread delayed: delay time: 34407Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeThread delayed: delay time: 50134Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeThread delayed: delay time: 54871Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeThread delayed: delay time: 51775Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeThread delayed: delay time: 49987Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeThread delayed: delay time: 41004Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeThread delayed: delay time: 30000Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeThread delayed: delay time: 39643Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeThread delayed: delay time: 60000Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeThread delayed: delay time: 31756Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeThread delayed: delay time: 59586Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeThread delayed: delay time: 58479Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeThread delayed: delay time: 47373Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeThread delayed: delay time: 51122Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeThread delayed: delay time: 46247Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeThread delayed: delay time: 42143Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeThread delayed: delay time: 44100Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeThread delayed: delay time: 55712Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeThread delayed: delay time: 55869Jump to behavior
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.000000000328B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696497155j
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.000000000328B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696497155x
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.000000000328B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696497155o
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.000000000328B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696497155
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.000000000328B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696497155p
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.000000000328B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696497155^
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.000000000328B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696497155h
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.000000000328B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696497155d
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.000000000328B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696497155|UE
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.000000000328B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696497155
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.000000000328B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696497155s
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.000000000328B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696497155f
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.000000000328B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696497155x
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.000000000328B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696497155
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3783392852.00000000012B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.000000000328B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696497155]
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.000000000328B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696497155z
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.000000000328B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696497155~
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.000000000328B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696497155t
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.000000000328B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696497155t
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.000000000328B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696497155}
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.000000000328B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696497155}
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.000000000328B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696497155
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.000000000328B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696497155u
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.000000000328B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696497155
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.000000000328B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696497155
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.000000000328B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696497155x
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.000000000328B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696497155
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.000000000328B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696497155
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.000000000328B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696497155n
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.000000000328B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696497155
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3785061271.000000000328B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696497155
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeMemory allocated: page read and write | page guardJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeQueries volume information: C:\Users\user\Desktop\4BLDo0d9gL.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: 4BLDo0d9gL.exe, 00000000.00000002.3790218804.0000000006362000.00000004.00000020.00020000.00000000.sdmp, 4BLDo0d9gL.exe, 00000000.00000002.3783392852.000000000133F000.00000004.00000020.00020000.00000000.sdmp, 4BLDo0d9gL.exe, 00000000.00000002.3790218804.000000000641C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                    Stealing of Sensitive Information

                    barindex
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: 4BLDo0d9gL.exe, type: SAMPLE
                    Source: Yara matchFile source: 0.0.4BLDo0d9gL.exe.a40000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000000.1342697363.0000000000A42000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: 4BLDo0d9gL.exe PID: 7320, type: MEMORYSTR
                    Yara detected SectopRAT
                    Source: Yara matchFile source: Process Memory Space: 4BLDo0d9gL.exe PID: 7320, type: MEMORYSTR
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\cookies.sqliteJump to behavior
                    Tries to steal Crypto Currency Wallets
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
                    Source: C:\Users\user\Desktop\4BLDo0d9gL.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
                    Source: Yara matchFile source: 4BLDo0d9gL.exe, type: SAMPLE
                    Source: Yara matchFile source: 0.0.4BLDo0d9gL.exe.a40000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000000.1342697363.0000000000A42000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: 4BLDo0d9gL.exe PID: 7320, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: 4BLDo0d9gL.exe, type: SAMPLE
                    Source: Yara matchFile source: 0.0.4BLDo0d9gL.exe.a40000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000000.1342697363.0000000000A42000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: 4BLDo0d9gL.exe PID: 7320, type: MEMORYSTR
                    Yara detected SectopRAT
                    Source: Yara matchFile source: Process Memory Space: 4BLDo0d9gL.exe PID: 7320, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts221
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		1
                    Masquerading                    		1
                    OS Credential Dumping                    		231
                    Security Software Discovery                    		Remote Services1
                    Archive Collected Data                    		2
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
                    Disable or Modify Tools                    		LSASS Memory11
                    Process Discovery                    		Remote Desktop Protocol2
                    Data from Local System                    		11
                    Non-Standard Port                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)241
                    Virtualization/Sandbox Evasion                    		Security Account Manager241
                    Virtualization/Sandbox Evasion                    		SMB/Windows Admin SharesData from Network Shared Drive1
                    Ingress Tool Transfer                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
                    Obfuscated Files or Information                    		NTDS1
                    Application Window Discovery                    		Distributed Component Object ModelInput Capture1
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    Software Packing                    		LSA Secrets123
                    System Information Discovery                    		SSHKeylogging1
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    DLL Side-Loading                    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.