Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
0Hw4Pw6xRd.exe

Overview

General Information

Sample name:0Hw4Pw6xRd.exe
renamed because original name is a hash value
Original sample name:2574a99020c51b1f9b1b5298d810cf901c6e8740fcf550bd1292bdf381c40b8d.exe
Analysis ID:1617792
MD5:e02dcad7ceecf3e8a1982d32492951a8
SHA1:f97210925891bbfc0bd79cdc984238217f1e41ba
SHA256:2574a99020c51b1f9b1b5298d810cf901c6e8740fcf550bd1292bdf381c40b8d
Tags:92-255-85-36exeuser-JAMESWT_MHT
Infos:

Detection

RedLine, SectopRAT
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected RedLine Stealer
Yara detected SectopRAT
Connects to many ports of the same IP (likely port scanning)
Joe Sandbox ML detected suspicious sample
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Uses known network protocols on non-standard ports
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 0Hw4Pw6xRd.exe (PID: 6532 cmdline: "C:\Users\user\Desktop\0Hw4Pw6xRd.exe" MD5: E02DCAD7CEECF3E8A1982D32492951A8)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
0Hw4Pw6xRd.exeJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    0Hw4Pw6xRd.exeJoeSecurity_RedLineYara detected RedLine StealerJoe Security
      0Hw4Pw6xRd.exeMALWARE_Win_Arechclient2Detects Arechclient2 RATditekSHen
      • 0xb5026:$s14: keybd_event
      • 0xbbf88:$v1_1: grabber@
      • 0xb5be2:$v1_2: <BrowserProfile>k__
      • 0xb666f:$v1_3: <SystemHardwares>k__
      • 0xb672e:$v1_5: <ScannedWallets>k__
      • 0xb67be:$v1_6: <DicrFiles>k__
      • 0xb679a:$v1_7: <MessageClientFiles>k__
      • 0xb6b64:$v1_8: <ScanBrowsers>k__BackingField
      • 0xb6bb6:$v1_8: <ScanWallets>k__BackingField
      • 0xb6bd3:$v1_8: <ScanScreen>k__BackingField
      • 0xb6c0d:$v1_8: <ScanVPN>k__BackingField
      • 0xa8542:$v1_9: displayName[AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}Local Extension Settingshost
      • 0xa7e4e:$v1_10: \sitemanager.xml MB or SELECT * FROM Cookiesconfig

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000000.2076261192.0000000000752000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000000.00000000.2076261192.0000000000752000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          Process Memory Space: 0Hw4Pw6xRd.exe PID: 6532JoeSecurity_SectopRATYara detected SectopRATJoe Security
            Process Memory Space: 0Hw4Pw6xRd.exe PID: 6532JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              Process Memory Space: 0Hw4Pw6xRd.exe PID: 6532JoeSecurity_RedLineYara detected RedLine StealerJoe Security

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                0.0.0Hw4Pw6xRd.exe.750000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  0.0.0Hw4Pw6xRd.exe.750000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                    0.0.0Hw4Pw6xRd.exe.750000.0.unpackMALWARE_Win_Arechclient2Detects Arechclient2 RATditekSHen
                    • 0xb5026:$s14: keybd_event
                    • 0xbbf88:$v1_1: grabber@
                    • 0xb5be2:$v1_2: <BrowserProfile>k__
                    • 0xb666f:$v1_3: <SystemHardwares>k__
                    • 0xb672e:$v1_5: <ScannedWallets>k__
                    • 0xb67be:$v1_6: <DicrFiles>k__
                    • 0xb679a:$v1_7: <MessageClientFiles>k__
                    • 0xb6b64:$v1_8: <ScanBrowsers>k__BackingField
                    • 0xb6bb6:$v1_8: <ScanWallets>k__BackingField
                    • 0xb6bd3:$v1_8: <ScanScreen>k__BackingField
                    • 0xb6c0d:$v1_8: <ScanVPN>k__BackingField
                    • 0xa8542:$v1_9: displayName[AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}Local Extension Settingshost
                    • 0xa7e4e:$v1_10: \sitemanager.xml MB or SELECT * FROM Cookiesconfig

                    Sigma Signatures

                    No Sigma rule has matched

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-02-18T08:50:13.290607+010020522481A Network Trojan was detected192.168.2.54970592.255.85.369000TCP
                    2025-02-18T08:50:14.107522+010020522481A Network Trojan was detected192.168.2.54970692.255.85.369000TCP
                    2025-02-18T08:50:14.971613+010020522481A Network Trojan was detected192.168.2.54970792.255.85.369000TCP
                    2025-02-18T08:50:15.814854+010020522481A Network Trojan was detected192.168.2.54970892.255.85.369000TCP
                    2025-02-18T08:50:16.639132+010020522481A Network Trojan was detected192.168.2.54970992.255.85.369000TCP
                    2025-02-18T08:50:17.475943+010020522481A Network Trojan was detected192.168.2.54971092.255.85.369000TCP
                    2025-02-18T08:50:18.271667+010020522481A Network Trojan was detected192.168.2.54971192.255.85.369000TCP
                    2025-02-18T08:50:19.087308+010020522481A Network Trojan was detected192.168.2.54971292.255.85.369000TCP
                    2025-02-18T08:50:19.881325+010020522481A Network Trojan was detected192.168.2.54971392.255.85.369000TCP
                    2025-02-18T08:50:20.694334+010020522481A Network Trojan was detected192.168.2.54971492.255.85.369000TCP
                    2025-02-18T08:50:21.509844+010020522481A Network Trojan was detected192.168.2.54971592.255.85.369000TCP
                    2025-02-18T08:50:22.303067+010020522481A Network Trojan was detected192.168.2.54971692.255.85.369000TCP
                    2025-02-18T08:50:23.100426+010020522481A Network Trojan was detected192.168.2.54971792.255.85.369000TCP
                    2025-02-18T08:50:23.895344+010020522481A Network Trojan was detected192.168.2.54971992.255.85.369000TCP
                    2025-02-18T08:50:24.690857+010020522481A Network Trojan was detected192.168.2.54972592.255.85.369000TCP
                    2025-02-18T08:50:25.509692+010020522481A Network Trojan was detected192.168.2.54973192.255.85.369000TCP
                    2025-02-18T08:50:26.303794+010020522481A Network Trojan was detected192.168.2.54973792.255.85.369000TCP
                    2025-02-18T08:50:27.136469+010020522481A Network Trojan was detected192.168.2.54974492.255.85.369000TCP
                    2025-02-18T08:50:27.929821+010020522481A Network Trojan was detected192.168.2.54975292.255.85.369000TCP
                    2025-02-18T08:50:28.920913+010020522481A Network Trojan was detected192.168.2.54976092.255.85.369000TCP
                    2025-02-18T08:50:29.733093+010020522481A Network Trojan was detected192.168.2.54976792.255.85.369000TCP
                    2025-02-18T08:50:30.535466+010020522481A Network Trojan was detected192.168.2.54977392.255.85.369000TCP
                    2025-02-18T08:50:31.334895+010020522481A Network Trojan was detected192.168.2.54977992.255.85.369000TCP
                    2025-02-18T08:50:32.139456+010020522481A Network Trojan was detected192.168.2.54978592.255.85.369000TCP
                    2025-02-18T08:50:32.991340+010020522481A Network Trojan was detected192.168.2.54979192.255.85.369000TCP
                    2025-02-18T08:50:33.806211+010020522481A Network Trojan was detected192.168.2.54979792.255.85.369000TCP
                    2025-02-18T08:50:34.627961+010020522481A Network Trojan was detected192.168.2.54980392.255.85.369000TCP
                    2025-02-18T08:50:35.437975+010020522481A Network Trojan was detected192.168.2.54980992.255.85.369000TCP
                    2025-02-18T08:50:36.260295+010020522481A Network Trojan was detected192.168.2.54981592.255.85.369000TCP
                    2025-02-18T08:50:37.072684+010020522481A Network Trojan was detected192.168.2.54982192.255.85.369000TCP
                    2025-02-18T08:50:37.886639+010020522481A Network Trojan was detected192.168.2.54982792.255.85.369000TCP
                    2025-02-18T08:50:38.688903+010020522481A Network Trojan was detected192.168.2.54983392.255.85.369000TCP
                    2025-02-18T08:50:39.491360+010020522481A Network Trojan was detected192.168.2.54983992.255.85.369000TCP
                    2025-02-18T08:50:40.306580+010020522481A Network Trojan was detected192.168.2.54984592.255.85.369000TCP
                    2025-02-18T08:50:41.101277+010020522481A Network Trojan was detected192.168.2.54985192.255.85.369000TCP
                    2025-02-18T08:50:41.920407+010020522481A Network Trojan was detected192.168.2.54985792.255.85.369000TCP
                    2025-02-18T08:50:42.741763+010020522481A Network Trojan was detected192.168.2.54986492.255.85.369000TCP
                    2025-02-18T08:50:43.543337+010020522481A Network Trojan was detected192.168.2.54987092.255.85.369000TCP
                    2025-02-18T08:50:44.334495+010020522481A Network Trojan was detected192.168.2.54987692.255.85.369000TCP
                    2025-02-18T08:50:45.131103+010020522481A Network Trojan was detected192.168.2.54988292.255.85.369000TCP
                    2025-02-18T08:50:48.966801+010020522481A Network Trojan was detected192.168.2.54988892.255.85.369000TCP
                    2025-02-18T08:50:49.770004+010020522481A Network Trojan was detected192.168.2.54991492.255.85.369000TCP
                    2025-02-18T08:50:50.599632+010020522481A Network Trojan was detected192.168.2.54992092.255.85.369000TCP
                    2025-02-18T08:50:51.394554+010020522481A Network Trojan was detected192.168.2.54992692.255.85.369000TCP
                    2025-02-18T08:50:52.193336+010020522481A Network Trojan was detected192.168.2.54993292.255.85.369000TCP
                    2025-02-18T08:50:53.001368+010020522481A Network Trojan was detected192.168.2.54993892.255.85.369000TCP
                    2025-02-18T08:50:53.812373+010020522481A Network Trojan was detected192.168.2.54994492.255.85.369000TCP
                    2025-02-18T08:50:54.615999+010020522481A Network Trojan was detected192.168.2.54995092.255.85.369000TCP
                    2025-02-18T08:50:55.409770+010020522481A Network Trojan was detected192.168.2.54995692.255.85.369000TCP
                    2025-02-18T08:50:56.217466+010020522481A Network Trojan was detected192.168.2.54996292.255.85.369000TCP
                    2025-02-18T08:50:57.027653+010020522481A Network Trojan was detected192.168.2.54996892.255.85.369000TCP
                    2025-02-18T08:50:57.844724+010020522481A Network Trojan was detected192.168.2.54997492.255.85.369000TCP
                    2025-02-18T08:50:58.656896+010020522481A Network Trojan was detected192.168.2.54998192.255.85.369000TCP
                    2025-02-18T08:50:59.466447+010020522481A Network Trojan was detected192.168.2.54998792.255.85.369000TCP
                    2025-02-18T08:51:00.259635+010020522481A Network Trojan was detected192.168.2.54999492.255.85.369000TCP
                    2025-02-18T08:51:01.050720+010020522481A Network Trojan was detected192.168.2.54999992.255.85.369000TCP
                    2025-02-18T08:51:01.848983+010020522481A Network Trojan was detected192.168.2.55000692.255.85.369000TCP
                    2025-02-18T08:51:02.651848+010020522481A Network Trojan was detected192.168.2.55001392.255.85.369000TCP
                    2025-02-18T08:51:03.444808+010020522481A Network Trojan was detected192.168.2.55001692.255.85.369000TCP
                    2025-02-18T08:51:04.265184+010020522481A Network Trojan was detected192.168.2.55002392.255.85.369000TCP
                    2025-02-18T08:51:05.080897+010020522481A Network Trojan was detected192.168.2.55003192.255.85.369000TCP
                    2025-02-18T08:51:05.880136+010020522481A Network Trojan was detected192.168.2.55003792.255.85.369000TCP
                    2025-02-18T08:51:06.711153+010020522481A Network Trojan was detected192.168.2.55003992.255.85.369000TCP
                    2025-02-18T08:51:07.525291+010020522481A Network Trojan was detected192.168.2.55004092.255.85.369000TCP
                    2025-02-18T08:51:08.330038+010020522481A Network Trojan was detected192.168.2.55004192.255.85.369000TCP
                    2025-02-18T08:51:09.135003+010020522481A Network Trojan was detected192.168.2.55004292.255.85.369000TCP
                    2025-02-18T08:51:09.927631+010020522481A Network Trojan was detected192.168.2.55004392.255.85.369000TCP
                    2025-02-18T08:51:10.743497+010020522481A Network Trojan was detected192.168.2.55004492.255.85.369000TCP
                    2025-02-18T08:51:11.561877+010020522481A Network Trojan was detected192.168.2.55004592.255.85.369000TCP
                    2025-02-18T08:51:12.383742+010020522481A Network Trojan was detected192.168.2.55004692.255.85.369000TCP
                    2025-02-18T08:51:13.205425+010020522481A Network Trojan was detected192.168.2.55004792.255.85.369000TCP
                    2025-02-18T08:51:14.009240+010020522481A Network Trojan was detected192.168.2.55004892.255.85.369000TCP
                    2025-02-18T08:51:14.823556+010020522481A Network Trojan was detected192.168.2.55004992.255.85.369000TCP
                    2025-02-18T08:51:15.617913+010020522481A Network Trojan was detected192.168.2.55005092.255.85.369000TCP
                    2025-02-18T08:51:16.419871+010020522481A Network Trojan was detected192.168.2.55005192.255.85.369000TCP
                    2025-02-18T08:51:17.228989+010020522481A Network Trojan was detected192.168.2.55005292.255.85.369000TCP
                    2025-02-18T08:51:18.027189+010020522481A Network Trojan was detected192.168.2.55005392.255.85.369000TCP
                    2025-02-18T08:51:18.818736+010020522481A Network Trojan was detected192.168.2.55005492.255.85.369000TCP
                    2025-02-18T08:51:19.616839+010020522481A Network Trojan was detected192.168.2.55005592.255.85.369000TCP
                    2025-02-18T08:51:20.524402+010020522481A Network Trojan was detected192.168.2.55005792.255.85.369000TCP
                    2025-02-18T08:51:21.327079+010020522481A Network Trojan was detected192.168.2.55005892.255.85.369000TCP
                    2025-02-18T08:51:22.148846+010020522481A Network Trojan was detected192.168.2.55005992.255.85.369000TCP
                    2025-02-18T08:51:22.973141+010020522481A Network Trojan was detected192.168.2.55006092.255.85.369000TCP
                    2025-02-18T08:51:23.775989+010020522481A Network Trojan was detected192.168.2.55006192.255.85.369000TCP
                    2025-02-18T08:51:24.770028+010020522481A Network Trojan was detected192.168.2.55006292.255.85.369000TCP
                    2025-02-18T08:51:25.567210+010020522481A Network Trojan was detected192.168.2.55006492.255.85.369000TCP
                    2025-02-18T08:51:26.364208+010020522481A Network Trojan was detected192.168.2.55006592.255.85.369000TCP
                    2025-02-18T08:51:27.312883+010020522481A Network Trojan was detected192.168.2.55006692.255.85.369000TCP
                    2025-02-18T08:51:28.115761+010020522481A Network Trojan was detected192.168.2.55006792.255.85.369000TCP
                    2025-02-18T08:51:28.920904+010020522481A Network Trojan was detected192.168.2.55006892.255.85.369000TCP
                    2025-02-18T08:51:29.728916+010020522481A Network Trojan was detected192.168.2.55006992.255.85.369000TCP
                    2025-02-18T08:51:30.539276+010020522481A Network Trojan was detected192.168.2.55007192.255.85.369000TCP
                    2025-02-18T08:51:31.346982+010020522481A Network Trojan was detected192.168.2.55007292.255.85.369000TCP
                    2025-02-18T08:51:32.148867+010020522481A Network Trojan was detected192.168.2.55007392.255.85.369000TCP
                    2025-02-18T08:51:32.976512+010020522481A Network Trojan was detected192.168.2.55007592.255.85.369000TCP
                    2025-02-18T08:51:33.781460+010020522481A Network Trojan was detected192.168.2.55007692.255.85.369000TCP
                    2025-02-18T08:51:34.602045+010020522481A Network Trojan was detected192.168.2.55007792.255.85.369000TCP
                    2025-02-18T08:51:35.395792+010020522481A Network Trojan was detected192.168.2.55007892.255.85.369000TCP
                    2025-02-18T08:51:36.203429+010020522481A Network Trojan was detected192.168.2.55007992.255.85.369000TCP
                    2025-02-18T08:51:37.006054+010020522481A Network Trojan was detected192.168.2.55008092.255.85.369000TCP
                    2025-02-18T08:51:37.821161+010020522481A Network Trojan was detected192.168.2.55008192.255.85.369000TCP
                    2025-02-18T08:51:38.625598+010020522481A Network Trojan was detected192.168.2.55008292.255.85.369000TCP
                    2025-02-18T08:51:39.433439+010020522481A Network Trojan was detected192.168.2.55008392.255.85.369000TCP
                    2025-02-18T08:51:40.224067+010020522481A Network Trojan was detected192.168.2.55008492.255.85.369000TCP
                    2025-02-18T08:51:41.027003+010020522481A Network Trojan was detected192.168.2.55008592.255.85.369000TCP
                    2025-02-18T08:51:41.832270+010020522481A Network Trojan was detected192.168.2.55008692.255.85.369000TCP
                    2025-02-18T08:51:42.633281+010020522481A Network Trojan was detected192.168.2.55008792.255.85.369000TCP
                    2025-02-18T08:51:43.555003+010020522481A Network Trojan was detected192.168.2.55008892.255.85.369000TCP
                    2025-02-18T08:51:44.350358+010020522481A Network Trojan was detected192.168.2.55008992.255.85.369000TCP
                    2025-02-18T08:51:45.147894+010020522481A Network Trojan was detected192.168.2.55009092.255.85.369000TCP
                    2025-02-18T08:51:46.053946+010020522481A Network Trojan was detected192.168.2.55009192.255.85.369000TCP
                    2025-02-18T08:51:46.858862+010020522481A Network Trojan was detected192.168.2.55009292.255.85.369000TCP
                    2025-02-18T08:51:47.683218+010020522481A Network Trojan was detected192.168.2.55009392.255.85.369000TCP
                    2025-02-18T08:51:48.755151+010020522481A Network Trojan was detected192.168.2.55009492.255.85.369000TCP
                    2025-02-18T08:51:49.554330+010020522481A Network Trojan was detected192.168.2.55009592.255.85.369000TCP
                    2025-02-18T08:51:50.361165+010020522481A Network Trojan was detected192.168.2.55009692.255.85.369000TCP
                    2025-02-18T08:51:51.192276+010020522481A Network Trojan was detected192.168.2.55009792.255.85.369000TCP
                    2025-02-18T08:51:51.994537+010020522481A Network Trojan was detected192.168.2.55009892.255.85.369000TCP
                    2025-02-18T08:51:52.804207+010020522481A Network Trojan was detected192.168.2.55009992.255.85.369000TCP
                    2025-02-18T08:51:53.619504+010020522481A Network Trojan was detected192.168.2.55010092.255.85.369000TCP
                    2025-02-18T08:51:54.431392+010020522481A Network Trojan was detected192.168.2.55010192.255.85.369000TCP
                    2025-02-18T08:51:55.233547+010020522481A Network Trojan was detected192.168.2.55010292.255.85.369000TCP
                    2025-02-18T08:51:56.049989+010020522481A Network Trojan was detected192.168.2.55010392.255.85.369000TCP
                    2025-02-18T08:51:56.866190+010020522481A Network Trojan was detected192.168.2.55010492.255.85.369000TCP
                    2025-02-18T08:51:57.671122+010020522481A Network Trojan was detected192.168.2.55010592.255.85.369000TCP
                    2025-02-18T08:51:58.477466+010020522481A Network Trojan was detected192.168.2.55010692.255.85.369000TCP
                    2025-02-18T08:51:59.271042+010020522481A Network Trojan was detected192.168.2.55010792.255.85.369000TCP
                    2025-02-18T08:52:00.080134+010020522481A Network Trojan was detected192.168.2.55010892.255.85.369000TCP
                    2025-02-18T08:52:00.900901+010020522481A Network Trojan was detected192.168.2.55010992.255.85.369000TCP
                    2025-02-18T08:52:01.693972+010020522481A Network Trojan was detected192.168.2.55011092.255.85.369000TCP
                    2025-02-18T08:52:02.506415+010020522481A Network Trojan was detected192.168.2.55011192.255.85.369000TCP
                    2025-02-18T08:52:03.336098+010020522481A Network Trojan was detected192.168.2.55011292.255.85.369000TCP
                    2025-02-18T08:52:04.139944+010020522481A Network Trojan was detected192.168.2.55011392.255.85.369000TCP
                    2025-02-18T08:52:04.942614+010020522481A Network Trojan was detected192.168.2.55011492.255.85.369000TCP
                    2025-02-18T08:52:05.770421+010020522481A Network Trojan was detected192.168.2.55011592.255.85.369000TCP
                    2025-02-18T08:52:06.584824+010020522481A Network Trojan was detected192.168.2.55011692.255.85.369000TCP
                    2025-02-18T08:52:07.391871+010020522481A Network Trojan was detected192.168.2.55011792.255.85.369000TCP
                    2025-02-18T08:52:08.231016+010020522481A Network Trojan was detected192.168.2.55011892.255.85.369000TCP
                    2025-02-18T08:52:09.042281+010020522481A Network Trojan was detected192.168.2.55011992.255.85.369000TCP
                    2025-02-18T08:52:09.839476+010020522481A Network Trojan was detected192.168.2.55012092.255.85.369000TCP
                    2025-02-18T08:52:10.671319+010020522481A Network Trojan was detected192.168.2.55012192.255.85.369000TCP
                    2025-02-18T08:52:11.475906+010020522481A Network Trojan was detected192.168.2.55012392.255.85.369000TCP
                    2025-02-18T08:52:12.300982+010020522481A Network Trojan was detected192.168.2.55012492.255.85.369000TCP
                    2025-02-18T08:52:13.119414+010020522481A Network Trojan was detected192.168.2.55012592.255.85.369000TCP
                    2025-02-18T08:52:13.969224+010020522481A Network Trojan was detected192.168.2.55012692.255.85.369000TCP
                    2025-02-18T08:52:14.780113+010020522481A Network Trojan was detected192.168.2.55012792.255.85.369000TCP
                    2025-02-18T08:52:15.587611+010020522481A Network Trojan was detected192.168.2.55012892.255.85.369000TCP
                    2025-02-18T08:52:16.403838+010020522481A Network Trojan was detected192.168.2.55012992.255.85.369000TCP
                    2025-02-18T08:52:17.192862+010020522481A Network Trojan was detected192.168.2.55013092.255.85.369000TCP
                    2025-02-18T08:52:18.008347+010020522481A Network Trojan was detected192.168.2.55013192.255.85.369000TCP
                    2025-02-18T08:52:18.820506+010020522481A Network Trojan was detected192.168.2.55013292.255.85.369000TCP
                    2025-02-18T08:52:19.614488+010020522481A Network Trojan was detected192.168.2.55013392.255.85.369000TCP
                    2025-02-18T08:52:20.429338+010020522481A Network Trojan was detected192.168.2.55013492.255.85.369000TCP
                    2025-02-18T08:52:21.244571+010020522481A Network Trojan was detected192.168.2.55013592.255.85.369000TCP
                    2025-02-18T08:52:22.081389+010020522481A Network Trojan was detected192.168.2.55013692.255.85.369000TCP
                    2025-02-18T08:52:22.908848+010020522481A Network Trojan was detected192.168.2.55013792.255.85.369000TCP
                    2025-02-18T08:52:23.730577+010020522481A Network Trojan was detected192.168.2.55013892.255.85.369000TCP
                    2025-02-18T08:52:24.536801+010020522481A Network Trojan was detected192.168.2.55013992.255.85.369000TCP
                    2025-02-18T08:52:25.365172+010020522481A Network Trojan was detected192.168.2.55014092.255.85.369000TCP
                    2025-02-18T08:52:26.198146+010020522481A Network Trojan was detected192.168.2.55014192.255.85.369000TCP
                    2025-02-18T08:52:26.994431+010020522481A Network Trojan was detected192.168.2.55014292.255.85.369000TCP
                    2025-02-18T08:52:27.816968+010020522481A Network Trojan was detected192.168.2.55014392.255.85.369000TCP
                    2025-02-18T08:52:28.615879+010020522481A Network Trojan was detected192.168.2.55014492.255.85.369000TCP
                    2025-02-18T08:52:29.459988+010020522481A Network Trojan was detected192.168.2.55014592.255.85.369000TCP
                    2025-02-18T08:52:30.257474+010020522481A Network Trojan was detected192.168.2.55014692.255.85.369000TCP
                    2025-02-18T08:52:31.061241+010020522481A Network Trojan was detected192.168.2.55014792.255.85.369000TCP
                    2025-02-18T08:52:31.869018+010020522481A Network Trojan was detected192.168.2.55014892.255.85.369000TCP
                    2025-02-18T08:52:32.720274+010020522481A Network Trojan was detected192.168.2.55014992.255.85.369000TCP
                    2025-02-18T08:52:33.543445+010020522481A Network Trojan was detected192.168.2.55015092.255.85.369000TCP
                    2025-02-18T08:52:34.340559+010020522481A Network Trojan was detected192.168.2.55015192.255.85.369000TCP
                    2025-02-18T08:52:35.136111+010020522481A Network Trojan was detected192.168.2.55015292.255.85.369000TCP
                    2025-02-18T08:52:35.936377+010020522481A Network Trojan was detected192.168.2.55015392.255.85.369000TCP
                    2025-02-18T08:52:36.790309+010020522481A Network Trojan was detected192.168.2.55015492.255.85.369000TCP
                    2025-02-18T08:52:37.585168+010020522481A Network Trojan was detected192.168.2.55015592.255.85.369000TCP
                    2025-02-18T08:52:38.395295+010020522481A Network Trojan was detected192.168.2.55015692.255.85.369000TCP
                    2025-02-18T08:52:39.197669+010020522481A Network Trojan was detected192.168.2.55015792.255.85.369000TCP
                    2025-02-18T08:52:39.991564+010020522481A Network Trojan was detected192.168.2.55015892.255.85.369000TCP
                    2025-02-18T08:52:40.788318+010020522481A Network Trojan was detected192.168.2.55015992.255.85.369000TCP
                    2025-02-18T08:52:41.590645+010020522481A Network Trojan was detected192.168.2.55016092.255.85.369000TCP
                    2025-02-18T08:52:42.378779+010020522481A Network Trojan was detected192.168.2.55016192.255.85.369000TCP
                    2025-02-18T08:52:43.179211+010020522481A Network Trojan was detected192.168.2.55016292.255.85.369000TCP
                    2025-02-18T08:52:44.007810+010020522481A Network Trojan was detected192.168.2.55016392.255.85.369000TCP
                    2025-02-18T08:52:45.004970+010020522481A Network Trojan was detected192.168.2.55016492.255.85.369000TCP
                    2025-02-18T08:52:45.829112+010020522481A Network Trojan was detected192.168.2.55016592.255.85.369000TCP
                    2025-02-18T08:52:46.653310+010020522481A Network Trojan was detected192.168.2.55016692.255.85.369000TCP
                    2025-02-18T08:52:47.556210+010020522481A Network Trojan was detected192.168.2.55016792.255.85.369000TCP
                    2025-02-18T08:52:48.459007+010020522481A Network Trojan was detected192.168.2.55016992.255.85.369000TCP
                    2025-02-18T08:52:49.266572+010020522481A Network Trojan was detected192.168.2.55017092.255.85.369000TCP
                    2025-02-18T08:52:50.314798+010020522481A Network Trojan was detected192.168.2.55017192.255.85.369000TCP
                    2025-02-18T08:52:51.123033+010020522481A Network Trojan was detected192.168.2.55017292.255.85.369000TCP
                    2025-02-18T08:52:51.935769+010020522481A Network Trojan was detected192.168.2.55017392.255.85.369000TCP
                    2025-02-18T08:52:52.748261+010020522481A Network Trojan was detected192.168.2.55017492.255.85.369000TCP
                    2025-02-18T08:52:53.553333+010020522481A Network Trojan was detected192.168.2.55017592.255.85.369000TCP
                    2025-02-18T08:52:54.369239+010020522481A Network Trojan was detected192.168.2.55017692.255.85.369000TCP
                    2025-02-18T08:52:55.276549+010020522481A Network Trojan was detected192.168.2.55017792.255.85.369000TCP
                    2025-02-18T08:52:56.067498+010020522481A Network Trojan was detected192.168.2.55017892.255.85.369000TCP
                    2025-02-18T08:52:56.876530+010020522481A Network Trojan was detected192.168.2.55017992.255.85.369000TCP
                    2025-02-18T08:52:57.882486+010020522481A Network Trojan was detected192.168.2.55018092.255.85.369000TCP
                    2025-02-18T08:52:58.780551+010020522481A Network Trojan was detected192.168.2.55018192.255.85.369000TCP
                    2025-02-18T08:52:59.585330+010020522481A Network Trojan was detected192.168.2.55018292.255.85.369000TCP
                    2025-02-18T08:53:00.390907+010020522481A Network Trojan was detected192.168.2.55018392.255.85.369000TCP
                    2025-02-18T08:53:01.207699+010020522481A Network Trojan was detected192.168.2.55018492.255.85.369000TCP
                    2025-02-18T08:53:02.041664+010020522481A Network Trojan was detected192.168.2.55018592.255.85.369000TCP
                    2025-02-18T08:53:02.861836+010020522481A Network Trojan was detected192.168.2.55018692.255.85.369000TCP
                    2025-02-18T08:53:03.671950+010020522481A Network Trojan was detected192.168.2.55018792.255.85.369000TCP
                    2025-02-18T08:53:04.486933+010020522481A Network Trojan was detected192.168.2.55018892.255.85.369000TCP
                    2025-02-18T08:53:05.287664+010020522481A Network Trojan was detected192.168.2.55018992.255.85.369000TCP
                    2025-02-18T08:53:06.093663+010020522481A Network Trojan was detected192.168.2.55019092.255.85.369000TCP
                    2025-02-18T08:53:06.897975+010020522481A Network Trojan was detected192.168.2.55019192.255.85.369000TCP
                    2025-02-18T08:53:07.702895+010020522481A Network Trojan was detected192.168.2.55019292.255.85.369000TCP
                    2025-02-18T08:53:08.508485+010020522481A Network Trojan was detected192.168.2.55019392.255.85.369000TCP
                    2025-02-18T08:53:09.310890+010020522481A Network Trojan was detected192.168.2.55019492.255.85.369000TCP
                    2025-02-18T08:53:10.139917+010020522481A Network Trojan was detected192.168.2.55019592.255.85.369000TCP
                    2025-02-18T08:53:10.953953+010020522481A Network Trojan was detected192.168.2.55019692.255.85.369000TCP
                    2025-02-18T08:53:11.772152+010020522481A Network Trojan was detected192.168.2.55019792.255.85.369000TCP
                    2025-02-18T08:53:12.613097+010020522481A Network Trojan was detected192.168.2.55019892.255.85.369000TCP
                    2025-02-18T08:53:13.414077+010020522481A Network Trojan was detected192.168.2.55019992.255.85.369000TCP
                    2025-02-18T08:53:14.208688+010020522481A Network Trojan was detected192.168.2.55020092.255.85.369000TCP
                    2025-02-18T08:53:15.027602+010020522481A Network Trojan was detected192.168.2.55020192.255.85.369000TCP
                    2025-02-18T08:53:15.833680+010020522481A Network Trojan was detected192.168.2.55020292.255.85.369000TCP
                    2025-02-18T08:53:16.629639+010020522481A Network Trojan was detected192.168.2.55020392.255.85.369000TCP
                    2025-02-18T08:53:17.448311+010020522481A Network Trojan was detected192.168.2.55020492.255.85.369000TCP
                    2025-02-18T08:53:18.245816+010020522481A Network Trojan was detected192.168.2.55020592.255.85.369000TCP
                    2025-02-18T08:53:19.051197+010020522481A Network Trojan was detected192.168.2.55020792.255.85.369000TCP
                    2025-02-18T08:53:19.872658+010020522481A Network Trojan was detected192.168.2.55020892.255.85.369000TCP
                    2025-02-18T08:53:20.722041+010020522481A Network Trojan was detected192.168.2.55020992.255.85.369000TCP
                    2025-02-18T08:53:21.543773+010020522481A Network Trojan was detected192.168.2.55021092.255.85.369000TCP
                    2025-02-18T08:53:22.353998+010020522481A Network Trojan was detected192.168.2.55021192.255.85.369000TCP
                    2025-02-18T08:53:23.149676+010020522481A Network Trojan was detected192.168.2.55021292.255.85.369000TCP
                    2025-02-18T08:53:23.951121+010020522481A Network Trojan was detected192.168.2.55021392.255.85.369000TCP
                    2025-02-18T08:53:24.779088+010020522481A Network Trojan was detected192.168.2.55021492.255.85.369000TCP
                    2025-02-18T08:53:25.601705+010020522481A Network Trojan was detected192.168.2.55021592.255.85.369000TCP
                    2025-02-18T08:53:26.425446+010020522481A Network Trojan was detected192.168.2.55021692.255.85.369000TCP
                    2025-02-18T08:53:27.231347+010020522481A Network Trojan was detected192.168.2.55021792.255.85.369000TCP
                    2025-02-18T08:53:28.038754+010020522481A Network Trojan was detected192.168.2.55021892.255.85.369000TCP
                    2025-02-18T08:53:28.844092+010020522481A Network Trojan was detected192.168.2.55021992.255.85.369000TCP
                    2025-02-18T08:53:29.649165+010020522481A Network Trojan was detected192.168.2.55022092.255.85.369000TCP
                    2025-02-18T08:53:30.454726+010020522481A Network Trojan was detected192.168.2.55022192.255.85.369000TCP
                    2025-02-18T08:53:31.276596+010020522481A Network Trojan was detected192.168.2.55022292.255.85.369000TCP
                    2025-02-18T08:53:32.089213+010020522481A Network Trojan was detected192.168.2.55022392.255.85.369000TCP
                    2025-02-18T08:53:32.903272+010020522481A Network Trojan was detected192.168.2.55022492.255.85.369000TCP
                    2025-02-18T08:53:33.721939+010020522481A Network Trojan was detected192.168.2.55022592.255.85.369000TCP
                    2025-02-18T08:53:34.525517+010020522481A Network Trojan was detected192.168.2.55022692.255.85.369000TCP
                    2025-02-18T08:53:35.347228+010020522481A Network Trojan was detected192.168.2.55022792.255.85.369000TCP
                    2025-02-18T08:53:36.168269+010020522481A Network Trojan was detected192.168.2.55022892.255.85.369000TCP
                    2025-02-18T08:53:36.986957+010020522481A Network Trojan was detected192.168.2.55022992.255.85.369000TCP
                    2025-02-18T08:53:37.790046+010020522481A Network Trojan was detected192.168.2.55023092.255.85.369000TCP
                    2025-02-18T08:53:38.605615+010020522481A Network Trojan was detected192.168.2.55023192.255.85.369000TCP
                    2025-02-18T08:53:39.406191+010020522481A Network Trojan was detected192.168.2.55023292.255.85.369000TCP
                    2025-02-18T08:53:40.236453+010020522481A Network Trojan was detected192.168.2.55023392.255.85.369000TCP
                    2025-02-18T08:53:41.046411+010020522481A Network Trojan was detected192.168.2.55023492.255.85.369000TCP
                    2025-02-18T08:53:41.888415+010020522481A Network Trojan was detected192.168.2.55023592.255.85.369000TCP
                    2025-02-18T08:53:42.724871+010020522481A Network Trojan was detected192.168.2.55023692.255.85.369000TCP
                    2025-02-18T08:53:43.524978+010020522481A Network Trojan was detected192.168.2.55023792.255.85.369000TCP
                    2025-02-18T08:53:44.331187+010020522481A Network Trojan was detected192.168.2.55023892.255.85.369000TCP
                    2025-02-18T08:53:45.149314+010020522481A Network Trojan was detected192.168.2.55023992.255.85.369000TCP
                    2025-02-18T08:53:45.964836+010020522481A Network Trojan was detected192.168.2.55024092.255.85.369000TCP
                    2025-02-18T08:53:46.801279+010020522481A Network Trojan was detected192.168.2.55024192.255.85.369000TCP
                    2025-02-18T08:53:47.610084+010020522481A Network Trojan was detected192.168.2.55024292.255.85.369000TCP
                    2025-02-18T08:53:48.418235+010020522481A Network Trojan was detected192.168.2.55024392.255.85.369000TCP
                    2025-02-18T08:53:49.228169+010020522481A Network Trojan was detected192.168.2.55024492.255.85.369000TCP
                    2025-02-18T08:53:50.035974+010020522481A Network Trojan was detected192.168.2.55024592.255.85.369000TCP
                    2025-02-18T08:53:50.853226+010020522481A Network Trojan was detected192.168.2.55024692.255.85.369000TCP
                    2025-02-18T08:53:51.654679+010020522481A Network Trojan was detected192.168.2.55024792.255.85.369000TCP
                    2025-02-18T08:53:52.473898+010020522481A Network Trojan was detected192.168.2.55024892.255.85.369000TCP
                    2025-02-18T08:53:53.291706+010020522481A Network Trojan was detected192.168.2.55024992.255.85.369000TCP
                    2025-02-18T08:53:54.109952+010020522481A Network Trojan was detected192.168.2.55025092.255.85.369000TCP
                    2025-02-18T08:53:54.937280+010020522481A Network Trojan was detected192.168.2.55025192.255.85.369000TCP
                    2025-02-18T08:53:55.739796+010020522481A Network Trojan was detected192.168.2.55025292.255.85.369000TCP
                    2025-02-18T08:53:56.566732+010020522481A Network Trojan was detected192.168.2.55025392.255.85.369000TCP
                    2025-02-18T08:53:57.365707+010020522481A Network Trojan was detected192.168.2.55025492.255.85.369000TCP
                    2025-02-18T08:53:58.180945+010020522481A Network Trojan was detected192.168.2.55025592.255.85.369000TCP
                    2025-02-18T08:53:58.975743+010020522481A Network Trojan was detected192.168.2.55025692.255.85.369000TCP
                    2025-02-18T08:53:59.774767+010020522481A Network Trojan was detected192.168.2.55025792.255.85.369000TCP
                    2025-02-18T08:54:00.695333+010020522481A Network Trojan was detected192.168.2.55025892.255.85.369000TCP
                    2025-02-18T08:54:01.497891+010020522481A Network Trojan was detected192.168.2.55025992.255.85.369000TCP
                    2025-02-18T08:54:02.321277+010020522481A Network Trojan was detected192.168.2.55026092.255.85.369000TCP
                    2025-02-18T08:54:03.164797+010020522481A Network Trojan was detected192.168.2.55026192.255.85.369000TCP
                    2025-02-18T08:54:03.970082+010020522481A Network Trojan was detected192.168.2.55026292.255.85.369000TCP
                    2025-02-18T08:54:04.774938+010020522481A Network Trojan was detected192.168.2.55026392.255.85.369000TCP
                    2025-02-18T08:54:05.700185+010020522481A Network Trojan was detected192.168.2.55026492.255.85.369000TCP
                    2025-02-18T08:54:06.497280+010020522481A Network Trojan was detected192.168.2.55026592.255.85.369000TCP
                    2025-02-18T08:54:07.415423+010020522481A Network Trojan was detected192.168.2.55026692.255.85.369000TCP
                    2025-02-18T08:54:08.207520+010020522481A Network Trojan was detected192.168.2.55026792.255.85.369000TCP
                    2025-02-18T08:54:09.004247+010020522481A Network Trojan was detected192.168.2.55026992.255.85.369000TCP
                    2025-02-18T08:54:09.806913+010020522481A Network Trojan was detected192.168.2.55027092.255.85.369000TCP
                    2025-02-18T08:54:10.611649+010020522481A Network Trojan was detected192.168.2.55027192.255.85.369000TCP
                    2025-02-18T08:54:11.416017+010020522481A Network Trojan was detected192.168.2.55027292.255.85.369000TCP
                    2025-02-18T08:54:12.206896+010020522481A Network Trojan was detected192.168.2.55027392.255.85.369000TCP
                    2025-02-18T08:54:13.018601+010020522481A Network Trojan was detected192.168.2.55027492.255.85.369000TCP
                    2025-02-18T08:54:13.816770+010020522481A Network Trojan was detected192.168.2.55027592.255.85.369000TCP
                    2025-02-18T08:54:14.713513+010020522481A Network Trojan was detected192.168.2.55027692.255.85.369000TCP
                    2025-02-18T08:54:15.505418+010020522481A Network Trojan was detected192.168.2.55027792.255.85.369000TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-02-18T08:50:14.107522+010028033053Unknown Traffic192.168.2.54970692.255.85.369000TCP
                    2025-02-18T08:50:15.814854+010028033053Unknown Traffic192.168.2.54970892.255.85.369000TCP
                    2025-02-18T08:50:20.694334+010028033053Unknown Traffic192.168.2.54971492.255.85.369000TCP
                    2025-02-18T08:50:23.100426+010028033053Unknown Traffic192.168.2.54971792.255.85.369000TCP
                    2025-02-18T08:50:24.690857+010028033053Unknown Traffic192.168.2.54972592.255.85.369000TCP
                    2025-02-18T08:50:26.303794+010028033053Unknown Traffic192.168.2.54973792.255.85.369000TCP
                    2025-02-18T08:50:27.136469+010028033053Unknown Traffic192.168.2.54974492.255.85.369000TCP
                    2025-02-18T08:50:28.920913+010028033053Unknown Traffic192.168.2.54976092.255.85.369000TCP
                    2025-02-18T08:50:29.733093+010028033053Unknown Traffic192.168.2.54976792.255.85.369000TCP
                    2025-02-18T08:50:31.334895+010028033053Unknown Traffic192.168.2.54977992.255.85.369000TCP
                    2025-02-18T08:50:34.627961+010028033053Unknown Traffic192.168.2.54980392.255.85.369000TCP
                    2025-02-18T08:50:36.260295+010028033053Unknown Traffic192.168.2.54981592.255.85.369000TCP
                    2025-02-18T08:50:37.072684+010028033053Unknown Traffic192.168.2.54982192.255.85.369000TCP
                    2025-02-18T08:50:37.886639+010028033053Unknown Traffic192.168.2.54982792.255.85.369000TCP
                    2025-02-18T08:50:41.920407+010028033053Unknown Traffic192.168.2.54985792.255.85.369000TCP
                    2025-02-18T08:50:42.741763+010028033053Unknown Traffic192.168.2.54986492.255.85.369000TCP
                    2025-02-18T08:50:43.543337+010028033053Unknown Traffic192.168.2.54987092.255.85.369000TCP
                    2025-02-18T08:50:44.334495+010028033053Unknown Traffic192.168.2.54987692.255.85.369000TCP
                    2025-02-18T08:50:45.131103+010028033053Unknown Traffic192.168.2.54988292.255.85.369000TCP
                    2025-02-18T08:50:48.966801+010028033053Unknown Traffic192.168.2.54988892.255.85.369000TCP
                    2025-02-18T08:50:54.615999+010028033053Unknown Traffic192.168.2.54995092.255.85.369000TCP
                    2025-02-18T08:50:57.027653+010028033053Unknown Traffic192.168.2.54996892.255.85.369000TCP
                    2025-02-18T08:50:59.466447+010028033053Unknown Traffic192.168.2.54998792.255.85.369000TCP
                    2025-02-18T08:51:01.050720+010028033053Unknown Traffic192.168.2.54999992.255.85.369000TCP
                    2025-02-18T08:51:01.848983+010028033053Unknown Traffic192.168.2.55000692.255.85.369000TCP
                    2025-02-18T08:51:03.444808+010028033053Unknown Traffic192.168.2.55001692.255.85.369000TCP
                    2025-02-18T08:51:05.080897+010028033053Unknown Traffic192.168.2.55003192.255.85.369000TCP
                    2025-02-18T08:51:06.711153+010028033053Unknown Traffic192.168.2.55003992.255.85.369000TCP
                    2025-02-18T08:51:11.561877+010028033053Unknown Traffic192.168.2.55004592.255.85.369000TCP
                    2025-02-18T08:51:14.009240+010028033053Unknown Traffic192.168.2.55004892.255.85.369000TCP
                    2025-02-18T08:51:21.327079+010028033053Unknown Traffic192.168.2.55005892.255.85.369000TCP
                    2025-02-18T08:51:23.775989+010028033053Unknown Traffic192.168.2.55006192.255.85.369000TCP
                    2025-02-18T08:51:24.770028+010028033053Unknown Traffic192.168.2.55006292.255.85.369000TCP
                    2025-02-18T08:51:25.567210+010028033053Unknown Traffic192.168.2.55006492.255.85.369000TCP
                    2025-02-18T08:51:26.364208+010028033053Unknown Traffic192.168.2.55006592.255.85.369000TCP
                    2025-02-18T08:51:29.728916+010028033053Unknown Traffic192.168.2.55006992.255.85.369000TCP
                    2025-02-18T08:51:30.539276+010028033053Unknown Traffic192.168.2.55007192.255.85.369000TCP
                    2025-02-18T08:51:31.346982+010028033053Unknown Traffic192.168.2.55007292.255.85.369000TCP
                    2025-02-18T08:51:33.781460+010028033053Unknown Traffic192.168.2.55007692.255.85.369000TCP
                    2025-02-18T08:51:34.602045+010028033053Unknown Traffic192.168.2.55007792.255.85.369000TCP
                    2025-02-18T08:51:35.395792+010028033053Unknown Traffic192.168.2.55007892.255.85.369000TCP
                    2025-02-18T08:51:36.203429+010028033053Unknown Traffic192.168.2.55007992.255.85.369000TCP
                    2025-02-18T08:51:41.027003+010028033053Unknown Traffic192.168.2.55008592.255.85.369000TCP
                    2025-02-18T08:51:42.633281+010028033053Unknown Traffic192.168.2.55008792.255.85.369000TCP
                    2025-02-18T08:51:44.350358+010028033053Unknown Traffic192.168.2.55008992.255.85.369000TCP
                    2025-02-18T08:51:46.053946+010028033053Unknown Traffic192.168.2.55009192.255.85.369000TCP
                    2025-02-18T08:51:48.755151+010028033053Unknown Traffic192.168.2.55009492.255.85.369000TCP
                    2025-02-18T08:51:51.994537+010028033053Unknown Traffic192.168.2.55009892.255.85.369000TCP
                    2025-02-18T08:51:55.233547+010028033053Unknown Traffic192.168.2.55010292.255.85.369000TCP
                    2025-02-18T08:51:56.866190+010028033053Unknown Traffic192.168.2.55010492.255.85.369000TCP
                    2025-02-18T08:52:00.900901+010028033053Unknown Traffic192.168.2.55010992.255.85.369000TCP
                    2025-02-18T08:52:01.693972+010028033053Unknown Traffic192.168.2.55011092.255.85.369000TCP
                    2025-02-18T08:52:02.506415+010028033053Unknown Traffic192.168.2.55011192.255.85.369000TCP
                    2025-02-18T08:52:04.139944+010028033053Unknown Traffic192.168.2.55011392.255.85.369000TCP
                    2025-02-18T08:52:07.391871+010028033053Unknown Traffic192.168.2.55011792.255.85.369000TCP
                    2025-02-18T08:52:09.042281+010028033053Unknown Traffic192.168.2.55011992.255.85.369000TCP
                    2025-02-18T08:52:12.300982+010028033053Unknown Traffic192.168.2.55012492.255.85.369000TCP
                    2025-02-18T08:52:13.119414+010028033053Unknown Traffic192.168.2.55012592.255.85.369000TCP
                    2025-02-18T08:52:18.820506+010028033053Unknown Traffic192.168.2.55013292.255.85.369000TCP
                    2025-02-18T08:52:19.614488+010028033053Unknown Traffic192.168.2.55013392.255.85.369000TCP
                    2025-02-18T08:52:22.908848+010028033053Unknown Traffic192.168.2.55013792.255.85.369000TCP
                    2025-02-18T08:52:23.730577+010028033053Unknown Traffic192.168.2.55013892.255.85.369000TCP
                    2025-02-18T08:52:25.365172+010028033053Unknown Traffic192.168.2.55014092.255.85.369000TCP
                    2025-02-18T08:52:31.061241+010028033053Unknown Traffic192.168.2.55014792.255.85.369000TCP
                    2025-02-18T08:52:31.869018+010028033053Unknown Traffic192.168.2.55014892.255.85.369000TCP
                    2025-02-18T08:52:32.720274+010028033053Unknown Traffic192.168.2.55014992.255.85.369000TCP
                    2025-02-18T08:52:35.936377+010028033053Unknown Traffic192.168.2.55015392.255.85.369000TCP
                    2025-02-18T08:52:37.585168+010028033053Unknown Traffic192.168.2.55015592.255.85.369000TCP
                    2025-02-18T08:52:39.991564+010028033053Unknown Traffic192.168.2.55015892.255.85.369000TCP
                    2025-02-18T08:52:40.788318+010028033053Unknown Traffic192.168.2.55015992.255.85.369000TCP
                    2025-02-18T08:52:41.590645+010028033053Unknown Traffic192.168.2.55016092.255.85.369000TCP
                    2025-02-18T08:52:42.378779+010028033053Unknown Traffic192.168.2.55016192.255.85.369000TCP
                    2025-02-18T08:52:44.007810+010028033053Unknown Traffic192.168.2.55016392.255.85.369000TCP
                    2025-02-18T08:52:45.004970+010028033053Unknown Traffic192.168.2.55016492.255.85.369000TCP
                    2025-02-18T08:52:45.829112+010028033053Unknown Traffic192.168.2.55016592.255.85.369000TCP
                    2025-02-18T08:52:47.556210+010028033053Unknown Traffic192.168.2.55016792.255.85.369000TCP
                    2025-02-18T08:52:49.266572+010028033053Unknown Traffic192.168.2.55017092.255.85.369000TCP
                    2025-02-18T08:52:50.314798+010028033053Unknown Traffic192.168.2.55017192.255.85.369000TCP
                    2025-02-18T08:52:52.748261+010028033053Unknown Traffic192.168.2.55017492.255.85.369000TCP
                    2025-02-18T08:52:56.067498+010028033053Unknown Traffic192.168.2.55017892.255.85.369000TCP
                    2025-02-18T08:52:58.780551+010028033053Unknown Traffic192.168.2.55018192.255.85.369000TCP
                    2025-02-18T08:53:01.207699+010028033053Unknown Traffic192.168.2.55018492.255.85.369000TCP
                    2025-02-18T08:53:02.041664+010028033053Unknown Traffic192.168.2.55018592.255.85.369000TCP
                    2025-02-18T08:53:04.486933+010028033053Unknown Traffic192.168.2.55018892.255.85.369000TCP
                    2025-02-18T08:53:05.287664+010028033053Unknown Traffic192.168.2.55018992.255.85.369000TCP
                    2025-02-18T08:53:06.093663+010028033053Unknown Traffic192.168.2.55019092.255.85.369000TCP
                    2025-02-18T08:53:09.310890+010028033053Unknown Traffic192.168.2.55019492.255.85.369000TCP
                    2025-02-18T08:53:13.414077+010028033053Unknown Traffic192.168.2.55019992.255.85.369000TCP
                    2025-02-18T08:53:15.027602+010028033053Unknown Traffic192.168.2.55020192.255.85.369000TCP
                    2025-02-18T08:53:16.629639+010028033053Unknown Traffic192.168.2.55020392.255.85.369000TCP
                    2025-02-18T08:53:19.872658+010028033053Unknown Traffic192.168.2.55020892.255.85.369000TCP
                    2025-02-18T08:53:22.353998+010028033053Unknown Traffic192.168.2.55021192.255.85.369000TCP
                    2025-02-18T08:53:24.779088+010028033053Unknown Traffic192.168.2.55021492.255.85.369000TCP
                    2025-02-18T08:53:26.425446+010028033053Unknown Traffic192.168.2.55021692.255.85.369000TCP
                    2025-02-18T08:53:28.038754+010028033053Unknown Traffic192.168.2.55021892.255.85.369000TCP
                    2025-02-18T08:53:28.844092+010028033053Unknown Traffic192.168.2.55021992.255.85.369000TCP
                    2025-02-18T08:53:31.276596+010028033053Unknown Traffic192.168.2.55022292.255.85.369000TCP
                    2025-02-18T08:53:32.089213+010028033053Unknown Traffic192.168.2.55022392.255.85.369000TCP
                    2025-02-18T08:53:33.721939+010028033053Unknown Traffic192.168.2.55022592.255.85.369000TCP
                    2025-02-18T08:53:34.525517+010028033053Unknown Traffic192.168.2.55022692.255.85.369000TCP
                    2025-02-18T08:53:37.790046+010028033053Unknown Traffic192.168.2.55023092.255.85.369000TCP
                    2025-02-18T08:53:38.605615+010028033053Unknown Traffic192.168.2.55023192.255.85.369000TCP
                    2025-02-18T08:53:43.524978+010028033053Unknown Traffic192.168.2.55023792.255.85.369000TCP
                    2025-02-18T08:53:46.801279+010028033053Unknown Traffic192.168.2.55024192.255.85.369000TCP
                    2025-02-18T08:53:51.654679+010028033053Unknown Traffic192.168.2.55024792.255.85.369000TCP
                    2025-02-18T08:53:54.937280+010028033053Unknown Traffic192.168.2.55025192.255.85.369000TCP
                    2025-02-18T08:53:55.739796+010028033053Unknown Traffic192.168.2.55025292.255.85.369000TCP
                    2025-02-18T08:53:58.180945+010028033053Unknown Traffic192.168.2.55025592.255.85.369000TCP
                    2025-02-18T08:53:59.774767+010028033053Unknown Traffic192.168.2.55025792.255.85.369000TCP
                    2025-02-18T08:54:01.497891+010028033053Unknown Traffic192.168.2.55025992.255.85.369000TCP
                    2025-02-18T08:54:03.164797+010028033053Unknown Traffic192.168.2.55026192.255.85.369000TCP
                    2025-02-18T08:54:08.207520+010028033053Unknown Traffic192.168.2.55026792.255.85.369000TCP
                    2025-02-18T08:54:09.004247+010028033053Unknown Traffic192.168.2.55026992.255.85.369000TCP
                    2025-02-18T08:54:12.206896+010028033053Unknown Traffic192.168.2.55027392.255.85.369000TCP
                    2025-02-18T08:54:13.816770+010028033053Unknown Traffic192.168.2.55027592.255.85.369000TCP
                    2025-02-18T08:54:14.713513+010028033053Unknown Traffic192.168.2.55027692.255.85.369000TCP
                    2025-02-18T08:54:15.505418+010028033053Unknown Traffic192.168.2.55027792.255.85.369000TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: 0Hw4Pw6xRd.exeAvira: detected
                    Multi AV Scanner detection for submitted file
                    Source: 0Hw4Pw6xRd.exeVirustotal: Detection: 80%Perma Link
                    Source: 0Hw4Pw6xRd.exeReversingLabs: Detection: 64%
                    Joe Sandbox ML detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E82B20 CryptUnprotectData,0_2_06E82B20
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E82B18 CryptUnprotectData,0_2_06E82B18
                    Source: 0Hw4Pw6xRd.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 4x nop then jmp 06E7A884h0_2_06E7A256
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 4x nop then jmp 06E78666h0_2_06E7854F
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 4x nop then jmp 06E78666h0_2_06E78550
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 4x nop then jmp 06E7A884h0_2_06E7A860
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 4x nop then jmp 07EEC7D2h0_2_07EEBAE8
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 4x nop then mov eax, dword ptr [ebp-60h]0_2_07EEBAE8
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 4x nop then jmp 07EECE45h0_2_07EEBAE8
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 4x nop then jmp 07EE74E1h0_2_07EE7048
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 4x nop then jmp 07EEA979h0_2_07EEA961

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49705 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49716 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49709 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49711 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49712 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49710 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49717 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49708 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49706 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49707 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49744 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49752 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49715 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49791 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49713 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49803 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49714 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49719 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49731 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49779 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49737 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49833 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49845 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49767 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49815 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49809 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49851 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49773 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49839 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49725 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49827 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49864 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49821 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49870 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49876 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49914 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49882 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49926 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49932 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49785 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49760 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49920 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49938 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49944 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49956 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49950 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49797 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49974 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49888 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49857 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49962 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49968 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49994 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49987 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50016 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50023 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49999 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50031 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49981 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50041 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50037 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50040 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50039 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50042 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50013 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50043 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50045 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50046 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50048 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50047 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50044 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50049 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50051 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50050 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50052 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50053 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50055 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50054 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50057 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50058 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50059 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50061 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50062 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50066 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50006 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50065 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50068 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50060 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50067 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50071 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50072 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50064 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50073 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50075 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50069 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50076 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50077 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50078 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50079 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50080 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50081 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50082 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50083 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50084 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50086 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50087 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50088 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50089 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50090 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50091 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50092 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50093 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50094 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50095 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50096 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50097 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50098 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50099 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50085 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50101 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50100 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50102 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50103 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50104 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50105 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50106 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50107 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50108 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50109 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50110 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50111 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50112 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50114 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50113 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50115 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50116 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50117 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50118 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50119 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50121 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50120 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50123 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50124 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50125 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50126 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50127 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50128 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50129 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50130 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50131 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50132 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50133 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50134 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50135 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50136 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50137 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50138 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50139 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50140 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50141 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50142 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50143 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50144 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50145 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50146 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50147 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50148 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50149 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50150 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50151 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50152 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50153 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50154 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50155 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50156 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50157 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50158 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50159 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50161 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50162 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50163 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50160 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50165 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50166 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50167 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50169 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50170 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50171 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50172 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50174 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50175 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50176 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50177 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50178 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50179 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50180 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50181 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50173 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50182 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50183 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50184 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50185 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50186 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50187 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50188 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50189 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50190 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50191 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50192 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50194 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50193 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50195 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50197 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50198 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50199 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50200 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50201 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50202 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50203 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50205 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50207 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50208 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50209 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50210 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50211 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50212 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50214 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50215 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50216 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50218 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50220 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50221 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50222 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50223 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50224 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50225 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50226 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50227 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50228 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50229 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50164 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50230 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50231 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50232 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50233 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50234 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50235 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50236 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50238 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50239 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50204 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50213 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50217 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50240 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50241 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50242 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50243 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50245 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50246 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50247 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50248 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50249 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50250 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50251 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50252 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50253 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50254 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50256 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50219 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50257 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50196 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50258 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50259 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50260 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50261 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50262 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50263 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50264 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50265 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50266 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50267 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50269 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50270 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50271 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50272 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50273 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50274 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50275 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50276 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50277 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50237 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50244 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50255 -> 92.255.85.36:9000
                    Connects to many ports of the same IP (likely port scanning)
                    Source: global trafficTCP traffic: 92.255.85.36 ports 9000,1,4,5,7,8,15847
                    Uses known network protocols on non-standard ports
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49705
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49706
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49707
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49708
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49709
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49710
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49711
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49712
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49713
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49714
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49715
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49716
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49717
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49719
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49725
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49731
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49737
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49744
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49752
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49760
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49767
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49773
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49779
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49785
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49791
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49797
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49803
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49809
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49815
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49821
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49827
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49833
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49839
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49845
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49851
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49857
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49864
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49870
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49876
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49882
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49888
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49914
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49920
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49926
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49932
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49938
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49944
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49950
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49956
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49962
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49968
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49974
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49981 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49981
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49987
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49994
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49999
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50006
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50013
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50016
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50023
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50031
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50037
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50039
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50040
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50041 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50041
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50042
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50043
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50044
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50045
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50046
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50047
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50048
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50049
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50050
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50051
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50052 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50052
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50053 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50053
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50054 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50054
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50055 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50055
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50057 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50057
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50058
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50059 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50059
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50060 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50060
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50061 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50061
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50062 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50062
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50064 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50064
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50065 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50065
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50066 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50066
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50067 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50067
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50068 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50068
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50069 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50069
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50071 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50071
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50072 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50072
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50073 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50073
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50075 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50075
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50076 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50076
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50077 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50077
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50078 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50078
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50079 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50079
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50080 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50080
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50081 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50081
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50082 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50082
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50083 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50083
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50084 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50084
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50085 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50085
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50086 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50086
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50087 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50087
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50088 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50088
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50089 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50089
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50090 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50090
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50091 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50091
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50092 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50092
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50093 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50093
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50094 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50094
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50095 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50095
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50096 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50096
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50097 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50097
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50098 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50098
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50099 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50099
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50100 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50100
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50101 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50101
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50102 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50102
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50103 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50103
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50104 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50104
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50105 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50105
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50106 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50106
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50107 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50107
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50108 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50108
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50109 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50109
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50110 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50110
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50111 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50111
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50112 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50112
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50113 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50113
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50114 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50114
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50115 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50115
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50116 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50116
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50117 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50117
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50118 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50118
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50119 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50119
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50120 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50120
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50121 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50121
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50123 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50123
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50124 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50124
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50125 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50125
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50126 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50126
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50127 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50127
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50128 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50128
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50129 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50129
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50130 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50130
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50131 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50131
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50132 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50132
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50133 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50133
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50134 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50134
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50135 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50135
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50136 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50136
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50137 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50137
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50138 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50138
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50139 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50139
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50140 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50140
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50141 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50141
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50142 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50142
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50143 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50143
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50144 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50144
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50145 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50145
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50146 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50146
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50147 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50147
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50148 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50148
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50149 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50149
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50150 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50150
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50151 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50151
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50152 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50152
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50153 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50153
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50154 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50154
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50155 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50155
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50156 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50156
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50157 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50157
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50158 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50158
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50159 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50159
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50160 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50160
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50161 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50161
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50162 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50162
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50163 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50163
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50164 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50164
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50165 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50165
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50166 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50166
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50167 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50167
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50169 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50169
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50170 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50170
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50171 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50171
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50172 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50172
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50173 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50173
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50174 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50174
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50175 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50175
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50176 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50176
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50177 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50177
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50178 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50178
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50179 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50179
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50180 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50180
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50181 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50181
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50182 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50182
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50183 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50183
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50184 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50184
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50185 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50185
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50186 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50186
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50187 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50187
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50188 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50188
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50189 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50189
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50190 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50190
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50191 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50191
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50192 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50192
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50193 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50193
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50194 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50194
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50195 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50195
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50196 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50196
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50197 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50197
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50198 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50198
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50199 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50199
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50200 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50200
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50201 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50201
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50202 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50202
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50203 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50203
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50204 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50204
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50205 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50205
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50207 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50207
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50208 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50208
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50209 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50209
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50210 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50210
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50211 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50211
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50212 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50212
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50213 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50213
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50214 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50214
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50215 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50215
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50216 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50216
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50217 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50217
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50218 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50218
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50219 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50219
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50220 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50220
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50221 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50221
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50222 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50222
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50223 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50223
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50224 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50224
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50225 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50225
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50226 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50226
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50227 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50227
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50228 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50228
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50229 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50229
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50230 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50230
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50231 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50231
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50232 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50232
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50233 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50233
                    Source: global trafficTCP traffic: 192.168.2.5:49704 -> 92.255.85.36:15847
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: Joe Sandbox ViewASN Name: SOVTEL-ASRU SOVTEL-ASRU
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49717 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49708 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49706 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49744 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49714 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49803 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49737 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49779 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49815 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49767 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49725 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49827 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49864 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49870 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49821 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49876 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49882 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49760 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49950 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49888 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49857 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49968 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49987 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50016 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49999 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50031 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50039 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50045 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50048 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50058 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50061 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50062 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50065 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50006 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50071 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50072 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50064 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50069 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50076 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50077 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50078 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50079 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50087 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50089 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50091 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50094 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50098 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50085 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50102 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50104 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50109 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50110 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50111 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50113 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50117 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50119 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50124 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50125 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50132 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50133 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50137 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50138 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50140 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50147 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50148 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50149 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50153 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50155 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50158 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50159 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50161 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50160 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50163 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50165 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50167 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50170 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50171 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50174 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50178 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50181 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50184 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50185 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50188 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50189 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50190 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50194 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50199 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50201 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50203 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50208 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50211 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50214 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50216 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50218 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50222 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50223 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50225 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50226 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50164 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50230 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50231 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50241 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50247 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50251 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50252 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50219 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50257 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50259 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50261 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50267 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50269 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50273 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50275 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50276 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50277 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50237 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50255 -> 92.255.85.36:9000
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 92.255.85.36:9000
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4533211774.0000000002C24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.255.85.36:9000
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4533211774.0000000002C24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.255.85.36:9000/wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4533211774.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4533211774.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4536563768.0000000003C50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4536563768.0000000003C50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4536563768.0000000003C50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4536563768.0000000003C50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4536563768.0000000003C50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4536563768.0000000003C50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4536563768.0000000003C50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4533211774.0000000002B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com/raw/DWCCqGB0
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4536563768.0000000003C50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4536563768.0000000003C50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 0Hw4Pw6xRd.exe, type: SAMPLEMatched rule: Detects Arechclient2 RAT Author: ditekSHen
                    Source: 0.0.0Hw4Pw6xRd.exe.750000.0.unpack, type: UNPACKEDPEMatched rule: Detects Arechclient2 RAT Author: ditekSHen
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess Stats: CPU usage > 49%
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_00CA00400_2_00CA0040
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_00CA00210_2_00CA0021
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_02999E780_2_02999E78
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_0299B7C80_2_0299B7C8
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_029954B80_2_029954B8
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_02994B310_2_02994B31
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_0299188E0_2_0299188E
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_0299D6EB0_2_0299D6EB
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_02999E670_2_02999E67
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_0299B7BA0_2_0299B7BA
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_0299D7380_2_0299D738
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_029977500_2_02997750
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_029977400_2_02997740
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_029954880_2_02995488
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06CC57480_2_06CC5748
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06CCAB600_2_06CCAB60
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06CC2B770_2_06CC2B77
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06CC04F00_2_06CC04F0
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06CC30960_2_06CC3096
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06CC40000_2_06CC4000
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06CC4D370_2_06CC4D37
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06CCAB4B0_2_06CCAB4B
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06CC63780_2_06CC6378
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06CC4B100_2_06CC4B10
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06CC04E00_2_06CC04E0
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06CCD9FE0_2_06CCD9FE
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06CCD9A70_2_06CCD9A7
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E725F80_2_06E725F8
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E715C00_2_06E715C0
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E733F80_2_06E733F8
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E740A80_2_06E740A8
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E700400_2_06E70040
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E7B1180_2_06E7B118
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E72B200_2_06E72B20
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E788000_2_06E78800
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E725F10_2_06E725F1
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E715B90_2_06E715B9
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E733F10_2_06E733F1
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E700390_2_06E70039
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E72B1D0_2_06E72B1D
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E836480_2_06E83648
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E8BF800_2_06E8BF80
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E88F300_2_06E88F30
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E8AC600_2_06E8AC60
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E884700_2_06E88470
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E800400_2_06E80040
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E8D8300_2_06E8D830
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E858100_2_06E85810
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E8F9300_2_06E8F930
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E846A80_2_06E846A8
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E846B80_2_06E846B8
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E816290_2_06E81629
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E82E200_2_06E82E20
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E816380_2_06E81638
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E8CB680_2_06E8CB68
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E8A7580_2_06E8A758
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E88F200_2_06E88F20
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E8A4A80_2_06E8A4A8
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E8A49A0_2_06E8A49A
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E884620_2_06E88462
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E87C480_2_06E87C48
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E8D82D0_2_06E8D82D
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E858010_2_06E85801
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E800060_2_06E80006
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E8CDA80_2_06E8CDA8
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E8CDB80_2_06E8CDB8
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E8F9280_2_06E8F928
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E8F9220_2_06E8F922
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E8F9240_2_06E8F924
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_0776BAE60_2_0776BAE6
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_0776B0080_2_0776B008
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_07761AF40_2_07761AF4
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_07EE99C80_2_07EE99C8
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_07EE81A80_2_07EE81A8
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_07EE75100_2_07EE7510
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_07EEBAE80_2_07EEBAE8
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_07EECED00_2_07EECED0
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_07EE66600_2_07EE6660
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_07EEAC480_2_07EEAC48
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_07EE13F80_2_07EE13F8
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_07EE81980_2_07EE8198
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_07EEBAD70_2_07EEBAD7
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_07EE20A80_2_07EE20A8
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_07EE20A00_2_07EE20A0
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_07EE0A800_2_07EE0A80
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_07EE209C0_2_07EE209C
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_07EE20980_2_07EE2098
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_07EEF2900_2_07EEF290
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_07EE36600_2_07EE3660
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_07EE00400_2_07EE0040
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_07EE36580_2_07EE3658
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_07EE36550_2_07EE3655
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_07EE36500_2_07EE3650
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_07EE66510_2_07EE6651
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_07EEAC370_2_07EEAC37
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_07EEE8000_2_07EEE800
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06CCDA080_2_06CCDA08
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4539848108.0000000007129000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs 0Hw4Pw6xRd.exe
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4533211774.0000000002B31000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs 0Hw4Pw6xRd.exe
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4531574440.0000000000CFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs 0Hw4Pw6xRd.exe
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000000.2076351911.0000000000810000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenametttrgggrrrt.exe" vs 0Hw4Pw6xRd.exe
                    Source: 0Hw4Pw6xRd.exeBinary or memory string: OriginalFilenametttrgggrrrt.exe" vs 0Hw4Pw6xRd.exe
                    Source: 0Hw4Pw6xRd.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 0Hw4Pw6xRd.exe, type: SAMPLEMatched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
                    Source: 0.0.0Hw4Pw6xRd.exe.750000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/36@0/1
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeFile created: C:\Users\user\AppData\Local\YandexJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeMutant created: NULL
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeMutant created: \Sessions\1\BaseNamedObjects\5c8947d1385c4e608aa7a0853c65418d
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeFile created: C:\Users\user\AppData\Local\Temp\tmp9D26.tmpJump to behavior
                    Source: 0Hw4Pw6xRd.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: 0Hw4Pw6xRd.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4533211774.0000000002F10000.00000004.00000800.00020000.00000000.sdmp, 0Hw4Pw6xRd.exe, 00000000.00000002.4533211774.0000000002EF9000.00000004.00000800.00020000.00000000.sdmp, 0Hw4Pw6xRd.exe, 00000000.00000002.4533211774.0000000002F1E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                    Source: 0Hw4Pw6xRd.exeVirustotal: Detection: 80%
                    Source: 0Hw4Pw6xRd.exeReversingLabs: Detection: 64%
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                    Source: 0Hw4Pw6xRd.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06CCC092 push esp; ret 0_2_06CCC099
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E772F5 push E871h; retf 0_2_06E772F9
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeCode function: 0_2_06E7710A pushfd ; ret 0_2_06E77110
                    Source: 0Hw4Pw6xRd.exeStatic PE information: section name: .text entropy: 6.939591378361454

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Uses known network protocols on non-standard ports
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49705
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49706
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49707
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49708
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49709
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49710
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49711
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49712
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49713
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49714
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49715
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49716
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49717
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49719
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49725
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49731
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49737
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49744
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49752
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49760
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49767
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49773
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49779
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49785
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49791
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49797
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49803
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49809
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49815
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49821
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49827
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49833
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49839
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49845
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49851
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49857
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49864
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49870
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49876
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49882
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49888
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49914
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49920
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49926
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49932
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49938
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49944
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49950
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49956
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49962
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49968
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49974
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49981 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49981
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49987
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49994
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49999
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50006
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50013
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50016
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50023
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50031
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50037
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50039
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50040
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50041 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50041
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50042
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50043
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50044
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50045
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50046
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50047
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50048
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50049
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50050
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50051
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50052 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50052
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50053 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50053
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50054 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50054
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50055 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50055
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50057 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50057
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50058
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50059 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50059
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50060 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50060
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50061 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50061
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50062 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50062
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50064 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50064
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50065 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50065
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50066 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50066
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50067 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50067
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50068 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50068
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50069 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50069
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50071 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50071
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50072 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50072
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50073 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50073
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50075 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50075
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50076 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50076
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50077 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50077
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50078 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50078
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50079 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50079
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50080 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50080
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50081 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50081
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50082 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50082
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50083 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50083
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50084 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50084
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50085 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50085
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50086 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50086
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50087 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50087
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50088 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50088
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50089 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50089
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50090 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50090
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50091 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50091
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50092 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50092
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50093 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50093
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50094 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50094
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50095 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50095
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50096 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50096
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50097 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50097
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50098 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50098
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50099 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50099
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50100 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50100
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50101 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50101
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50102 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50102
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50103 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50103
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50104 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50104
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50105 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50105
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50106 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50106
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50107 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50107
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50108 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50108
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50109 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50109
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50110 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50110
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50111 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50111
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50112 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50112
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50113 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50113
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50114 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50114
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50115 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50115
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50116 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50116
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50117 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50117
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50118 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50118
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50119 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50119
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50120 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50120
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50121 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50121
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50123 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50123
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50124 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50124
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50125 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50125
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50126 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50126
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50127 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50127
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50128 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50128
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50129 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50129
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50130 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50130
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50131 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50131
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50132 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50132
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50133 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50133
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50134 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50134
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50135 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50135
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50136 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50136
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50137 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50137
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50138 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50138
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50139 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50139
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50140 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50140
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50141 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50141
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50142 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50142
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50143 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50143
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50144 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50144
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50145 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50145
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50146 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50146
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50147 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50147
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50148 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50148
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50149 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50149
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50150 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50150
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50151 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50151
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50152 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50152
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50153 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50153
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50154 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50154
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50155 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50155
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50156 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50156
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50157 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50157
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50158 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50158
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50159 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50159
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50160 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50160
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50161 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50161
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50162 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50162
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50163 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50163
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50164 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50164
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50165 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50165
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50166 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50166
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50167 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50167
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50169 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50169
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50170 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50170
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50171 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50171
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50172 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50172
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50173 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50173
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50174 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50174
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50175 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50175
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50176 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50176
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50177 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50177
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50178 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50178
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50179 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50179
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50180 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50180
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50181 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50181
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50182 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50182
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50183 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50183
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50184 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50184
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50185 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50185
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50186 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50186
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50187 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50187
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50188 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50188
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50189 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50189
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50190 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50190
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50191 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50191
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50192 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50192
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50193 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50193
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50194 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50194
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50195 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50195
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50196 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50196
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50197 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50197
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50198 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50198
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50199 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50199
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50200 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50200
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50201 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50201
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50202 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50202
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50203 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50203
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50204 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50204
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50205 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50205
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50207 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50207
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50208 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50208
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50209 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50209
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50210 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50210
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50211 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50211
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50212 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50212
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50213 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50213
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50214 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50214
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50215 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50215
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50216 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50216
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50217 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50217
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50218 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50218
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50219 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50219
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50220 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50220
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50221 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50221
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50222 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50222
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50223 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50223
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50224 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50224
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50225 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50225
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50226 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50226
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50227 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50227
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50228 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50228
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50229 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50229
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50230 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50230
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50231 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50231
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50232 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50232
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50233 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50233
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeMemory allocated: 2950000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeMemory allocated: 2B30000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeMemory allocated: 4B30000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWindow / User API: threadDelayed 2822Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWindow / User API: threadDelayed 6711Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exe TID: 2804Thread sleep time: -32281802128991695s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exe TID: 2804Thread sleep time: -420000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exe TID: 6552Thread sleep time: -36600s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exe TID: 2804Thread sleep time: -59875s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exe TID: 6552Thread sleep time: -38741s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exe TID: 2804Thread sleep time: -59765s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exe TID: 6552Thread sleep time: -43173s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exe TID: 2804Thread sleep time: -59656s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exe TID: 6552Thread sleep time: -40683s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exe TID: 2804Thread sleep time: -59546s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exe TID: 6552Thread sleep time: -55751s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exe TID: 2804Thread sleep time: -59430s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exe TID: 6552Thread sleep time: -35985s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exe TID: 2804Thread sleep time: -59328s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exe TID: 6552Thread sleep time: -32183s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exe TID: 6552Thread sleep time: -48039s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exe TID: 6552Thread sleep time: -33451s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exe TID: 6552Thread sleep time: -55240s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exe TID: 6552Thread sleep time: -45040s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exe TID: 6552Thread sleep time: -46226s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exe TID: 6552Thread sleep time: -56137s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exe TID: 4028Thread sleep time: -30000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exe TID: 5720Thread sleep time: -600000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exe TID: 6552Thread sleep time: -33150s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exe TID: 6552Thread sleep time: -32428s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exe TID: 6552Thread sleep time: -44551s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exe TID: 6552Thread sleep time: -52451s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exe TID: 1048Thread sleep time: -1800000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exe TID: 6552Thread sleep time: -44592s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exe TID: 6552Thread sleep time: -37370s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exe TID: 6552Thread sleep time: -52446s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exe TID: 6552Thread sleep time: -41197s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exe TID: 6552Thread sleep time: -34569s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exe TID: 6552Thread sleep time: -59675s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exe TID: 6552Thread sleep time: -50173s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exe TID: 6552Thread sleep time: -33248s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exe TID: 6552Thread sleep time: -41890s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exe TID: 6552Thread sleep time: -50315s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeThread delayed: delay time: 60000Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeThread delayed: delay time: 36600Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeThread delayed: delay time: 59875Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeThread delayed: delay time: 38741Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeThread delayed: delay time: 59765Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeThread delayed: delay time: 43173Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeThread delayed: delay time: 59656Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeThread delayed: delay time: 40683Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeThread delayed: delay time: 59546Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeThread delayed: delay time: 55751Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeThread delayed: delay time: 59430Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeThread delayed: delay time: 35985Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeThread delayed: delay time: 59328Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeThread delayed: delay time: 32183Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeThread delayed: delay time: 48039Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeThread delayed: delay time: 33451Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeThread delayed: delay time: 55240Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeThread delayed: delay time: 45040Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeThread delayed: delay time: 46226Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeThread delayed: delay time: 56137Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeThread delayed: delay time: 30000Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeThread delayed: delay time: 60000Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeThread delayed: delay time: 33150Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeThread delayed: delay time: 32428Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeThread delayed: delay time: 44551Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeThread delayed: delay time: 52451Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeThread delayed: delay time: 44592Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeThread delayed: delay time: 37370Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeThread delayed: delay time: 52446Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeThread delayed: delay time: 41197Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeThread delayed: delay time: 34569Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeThread delayed: delay time: 59675Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeThread delayed: delay time: 50173Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeThread delayed: delay time: 33248Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeThread delayed: delay time: 41890Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeThread delayed: delay time: 50315Jump to behavior
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4533211774.000000000312E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4533211774.000000000312E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4533211774.000000000312E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4533211774.000000000312E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4533211774.000000000312E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4533211774.000000000312E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4533211774.000000000312E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4533211774.000000000312E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4533211774.000000000312E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4533211774.000000000312E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4533211774.000000000312E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4533211774.000000000312E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4533211774.000000000312E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4531574440.0000000000D8E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4533211774.000000000312E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4533211774.000000000312E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4533211774.000000000312E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4533211774.000000000312E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4533211774.000000000312E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4533211774.000000000312E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4533211774.000000000312E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4533211774.000000000312E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4533211774.000000000312E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4533211774.000000000312E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4533211774.000000000312E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4533211774.000000000312E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4533211774.000000000312E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4533211774.000000000312E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4533211774.000000000312E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4533211774.000000000312E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4533211774.000000000312E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4533211774.000000000312E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeMemory allocated: page read and write | page guardJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeQueries volume information: C:\Users\user\Desktop\0Hw4Pw6xRd.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: 0Hw4Pw6xRd.exe, 00000000.00000002.4538252246.0000000006102000.00000004.00000020.00020000.00000000.sdmp, 0Hw4Pw6xRd.exe, 00000000.00000002.4538252246.00000000060E2000.00000004.00000020.00020000.00000000.sdmp, 0Hw4Pw6xRd.exe, 00000000.00000002.4538252246.0000000006149000.00000004.00000020.00020000.00000000.sdmp, 0Hw4Pw6xRd.exe, 00000000.00000002.4538252246.0000000006157000.00000004.00000020.00020000.00000000.sdmp, 0Hw4Pw6xRd.exe, 00000000.00000002.4531574440.0000000000D8E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                    Stealing of Sensitive Information

                    barindex
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: 0Hw4Pw6xRd.exe, type: SAMPLE
                    Source: Yara matchFile source: 0.0.0Hw4Pw6xRd.exe.750000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000000.2076261192.0000000000752000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: 0Hw4Pw6xRd.exe PID: 6532, type: MEMORYSTR
                    Yara detected SectopRAT
                    Source: Yara matchFile source: Process Memory Space: 0Hw4Pw6xRd.exe PID: 6532, type: MEMORYSTR
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                    Tries to steal Crypto Currency Wallets
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
                    Source: C:\Users\user\Desktop\0Hw4Pw6xRd.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
                    Source: Yara matchFile source: 0Hw4Pw6xRd.exe, type: SAMPLE
                    Source: Yara matchFile source: 0.0.0Hw4Pw6xRd.exe.750000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000000.2076261192.0000000000752000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: 0Hw4Pw6xRd.exe PID: 6532, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: 0Hw4Pw6xRd.exe, type: SAMPLE
                    Source: Yara matchFile source: 0.0.0Hw4Pw6xRd.exe.750000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000000.2076261192.0000000000752000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: 0Hw4Pw6xRd.exe PID: 6532, type: MEMORYSTR
                    Yara detected SectopRAT
                    Source: Yara matchFile source: Process Memory Space: 0Hw4Pw6xRd.exe PID: 6532, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts221
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		1
                    Masquerading                    		1
                    OS Credential Dumping                    		231
                    Security Software Discovery                    		Remote Services1
                    Archive Collected Data                    		2
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
                    Disable or Modify Tools                    		LSASS Memory1
                    Process Discovery                    		Remote Desktop Protocol2
                    Data from Local System                    		11
                    Non-Standard Port                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)241
                    Virtualization/Sandbox Evasion                    		Security Account Manager241
                    Virtualization/Sandbox Evasion                    		SMB/Windows Admin SharesData from Network Shared Drive1
                    Ingress Tool Transfer                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
                    Obfuscated Files or Information                    		NTDS1
                    Application Window Discovery                    		Distributed Component Object ModelInput Capture1
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    Software Packing                    		LSA Secrets113
                    System Information Discovery                    		SSHKeylogging1
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    DLL Side-Loading                    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.