Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
aLS3xiFr39.exe

Overview

General Information

Sample name:aLS3xiFr39.exe
renamed because original name is a hash value
Original sample name:ac5d46a0ed28d976e5ce100e4c74cc4c5d176d85d531752728b19adf16db97b8.exe
Analysis ID:1617793
MD5:801ed561da1b01366f4636e845b52194
SHA1:1c591158b3459f279516cf57f42c7875c3548fd9
SHA256:ac5d46a0ed28d976e5ce100e4c74cc4c5d176d85d531752728b19adf16db97b8
Tags:92-255-85-36exeuser-JAMESWT_MHT
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected RedLine Stealer
Connects to many ports of the same IP (likely port scanning)
Joe Sandbox ML detected suspicious sample
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Uses known network protocols on non-standard ports
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Detected TCP or UDP traffic on non-standard ports
Detected non-DNS traffic on DNS port
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
Internet Provider seen in connection with other malware
Is looking for software installed on the system
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • aLS3xiFr39.exe (PID: 7416 cmdline: "C:\Users\user\Desktop\aLS3xiFr39.exe" MD5: 801ED561DA1B01366F4636E845B52194)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
aLS3xiFr39.exeJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    aLS3xiFr39.exeJoeSecurity_RedLineYara detected RedLine StealerJoe Security
      aLS3xiFr39.exeMALWARE_Win_Arechclient2Detects Arechclient2 RATditekSHen
      • 0xb5026:$s14: keybd_event
      • 0xbbf88:$v1_1: grabber@
      • 0xb5be2:$v1_2: <BrowserProfile>k__
      • 0xb666f:$v1_3: <SystemHardwares>k__
      • 0xb672e:$v1_5: <ScannedWallets>k__
      • 0xb67be:$v1_6: <DicrFiles>k__
      • 0xb679a:$v1_7: <MessageClientFiles>k__
      • 0xb6b64:$v1_8: <ScanBrowsers>k__BackingField
      • 0xb6bb6:$v1_8: <ScanWallets>k__BackingField
      • 0xb6bd3:$v1_8: <ScanScreen>k__BackingField
      • 0xb6c0d:$v1_8: <ScanVPN>k__BackingField
      • 0xa8542:$v1_9: displayName[AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}Local Extension Settingshost
      • 0xa7e4e:$v1_10: \sitemanager.xml MB or SELECT * FROM Cookiesconfig

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000000.1694994602.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000000.00000000.1694994602.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          Process Memory Space: aLS3xiFr39.exe PID: 7416JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Process Memory Space: aLS3xiFr39.exe PID: 7416JoeSecurity_RedLineYara detected RedLine StealerJoe Security

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.0.aLS3xiFr39.exe.de0000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                0.0.aLS3xiFr39.exe.de0000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  0.0.aLS3xiFr39.exe.de0000.0.unpackMALWARE_Win_Arechclient2Detects Arechclient2 RATditekSHen
                  • 0xb5026:$s14: keybd_event
                  • 0xbbf88:$v1_1: grabber@
                  • 0xb5be2:$v1_2: <BrowserProfile>k__
                  • 0xb666f:$v1_3: <SystemHardwares>k__
                  • 0xb672e:$v1_5: <ScannedWallets>k__
                  • 0xb67be:$v1_6: <DicrFiles>k__
                  • 0xb679a:$v1_7: <MessageClientFiles>k__
                  • 0xb6b64:$v1_8: <ScanBrowsers>k__BackingField
                  • 0xb6bb6:$v1_8: <ScanWallets>k__BackingField
                  • 0xb6bd3:$v1_8: <ScanScreen>k__BackingField
                  • 0xb6c0d:$v1_8: <ScanVPN>k__BackingField
                  • 0xa8542:$v1_9: displayName[AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}Local Extension Settingshost
                  • 0xa7e4e:$v1_10: \sitemanager.xml MB or SELECT * FROM Cookiesconfig

                  Sigma Signatures

                  No Sigma rule has matched

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-02-18T08:57:00.258863+010020522481A Network Trojan was detected192.168.2.46191092.255.85.369000TCP
                  2025-02-18T08:57:01.196266+010020522481A Network Trojan was detected192.168.2.46191692.255.85.369000TCP
                  2025-02-18T08:57:02.011349+010020522481A Network Trojan was detected192.168.2.46192292.255.85.369000TCP
                  2025-02-18T08:57:02.823551+010020522481A Network Trojan was detected192.168.2.46192892.255.85.369000TCP
                  2025-02-18T08:57:03.665151+010020522481A Network Trojan was detected192.168.2.46193092.255.85.369000TCP
                  2025-02-18T08:57:04.460213+010020522481A Network Trojan was detected192.168.2.46193592.255.85.369000TCP
                  2025-02-18T08:57:05.287206+010020522481A Network Trojan was detected192.168.2.46194192.255.85.369000TCP
                  2025-02-18T08:57:06.144285+010020522481A Network Trojan was detected192.168.2.46194792.255.85.369000TCP
                  2025-02-18T08:57:06.946397+010020522481A Network Trojan was detected192.168.2.46195392.255.85.369000TCP
                  2025-02-18T08:57:07.769705+010020522481A Network Trojan was detected192.168.2.46195992.255.85.369000TCP
                  2025-02-18T08:57:08.580514+010020522481A Network Trojan was detected192.168.2.46197092.255.85.369000TCP
                  2025-02-18T08:57:09.392190+010020522481A Network Trojan was detected192.168.2.46197692.255.85.369000TCP
                  2025-02-18T08:57:10.196127+010020522481A Network Trojan was detected192.168.2.46198292.255.85.369000TCP
                  2025-02-18T08:57:10.998494+010020522481A Network Trojan was detected192.168.2.46198392.255.85.369000TCP
                  2025-02-18T08:57:11.813729+010020522481A Network Trojan was detected192.168.2.46198992.255.85.369000TCP
                  2025-02-18T08:57:12.644143+010020522481A Network Trojan was detected192.168.2.46199592.255.85.369000TCP
                  2025-02-18T08:57:13.464602+010020522481A Network Trojan was detected192.168.2.46200392.255.85.369000TCP
                  2025-02-18T08:57:14.275283+010020522481A Network Trojan was detected192.168.2.46201192.255.85.369000TCP
                  2025-02-18T08:57:15.076647+010020522481A Network Trojan was detected192.168.2.46201792.255.85.369000TCP
                  2025-02-18T08:57:15.887426+010020522481A Network Trojan was detected192.168.2.46201992.255.85.369000TCP
                  2025-02-18T08:57:16.712362+010020522481A Network Trojan was detected192.168.2.46202592.255.85.369000TCP
                  2025-02-18T08:57:17.525433+010020522481A Network Trojan was detected192.168.2.46203192.255.85.369000TCP
                  2025-02-18T08:57:18.330000+010020522481A Network Trojan was detected192.168.2.46203792.255.85.369000TCP
                  2025-02-18T08:57:19.134548+010020522481A Network Trojan was detected192.168.2.46204492.255.85.369000TCP
                  2025-02-18T08:57:19.941929+010020522481A Network Trojan was detected192.168.2.46205192.255.85.369000TCP
                  2025-02-18T08:57:20.745422+010020522481A Network Trojan was detected192.168.2.46205892.255.85.369000TCP
                  2025-02-18T08:57:21.557135+010020522481A Network Trojan was detected192.168.2.46206192.255.85.369000TCP
                  2025-02-18T08:57:22.351733+010020522481A Network Trojan was detected192.168.2.46206392.255.85.369000TCP
                  2025-02-18T08:57:23.156000+010020522481A Network Trojan was detected192.168.2.46206492.255.85.369000TCP
                  2025-02-18T08:57:23.999154+010020522481A Network Trojan was detected192.168.2.46206592.255.85.369000TCP
                  2025-02-18T08:57:24.824506+010020522481A Network Trojan was detected192.168.2.46206692.255.85.369000TCP
                  2025-02-18T08:57:26.619792+010020522481A Network Trojan was detected192.168.2.46206792.255.85.369000TCP
                  2025-02-18T08:57:28.395869+010020522481A Network Trojan was detected192.168.2.46206992.255.85.369000TCP
                  2025-02-18T08:57:29.225428+010020522481A Network Trojan was detected192.168.2.46207192.255.85.369000TCP
                  2025-02-18T08:57:30.028233+010020522481A Network Trojan was detected192.168.2.46207292.255.85.369000TCP
                  2025-02-18T08:57:30.819707+010020522481A Network Trojan was detected192.168.2.46207392.255.85.369000TCP
                  2025-02-18T08:57:31.627269+010020522481A Network Trojan was detected192.168.2.46207492.255.85.369000TCP
                  2025-02-18T08:57:32.450722+010020522481A Network Trojan was detected192.168.2.46207592.255.85.369000TCP
                  2025-02-18T08:57:33.358202+010020522481A Network Trojan was detected192.168.2.46207692.255.85.369000TCP
                  2025-02-18T08:57:34.167155+010020522481A Network Trojan was detected192.168.2.46207792.255.85.369000TCP
                  2025-02-18T08:57:34.968952+010020522481A Network Trojan was detected192.168.2.46207892.255.85.369000TCP
                  2025-02-18T08:57:35.768416+010020522481A Network Trojan was detected192.168.2.46207992.255.85.369000TCP
                  2025-02-18T08:57:36.589011+010020522481A Network Trojan was detected192.168.2.46208092.255.85.369000TCP
                  2025-02-18T08:57:37.423269+010020522481A Network Trojan was detected192.168.2.46208192.255.85.369000TCP
                  2025-02-18T08:57:38.252051+010020522481A Network Trojan was detected192.168.2.46208292.255.85.369000TCP
                  2025-02-18T08:57:39.066711+010020522481A Network Trojan was detected192.168.2.46208392.255.85.369000TCP
                  2025-02-18T08:57:39.888841+010020522481A Network Trojan was detected192.168.2.46208492.255.85.369000TCP
                  2025-02-18T08:57:40.692074+010020522481A Network Trojan was detected192.168.2.46208592.255.85.369000TCP
                  2025-02-18T08:57:41.493416+010020522481A Network Trojan was detected192.168.2.46208692.255.85.369000TCP
                  2025-02-18T08:57:42.318689+010020522481A Network Trojan was detected192.168.2.46208792.255.85.369000TCP
                  2025-02-18T08:57:43.125327+010020522481A Network Trojan was detected192.168.2.46208892.255.85.369000TCP
                  2025-02-18T08:57:43.949211+010020522481A Network Trojan was detected192.168.2.46208992.255.85.369000TCP
                  2025-02-18T08:57:44.759264+010020522481A Network Trojan was detected192.168.2.46209092.255.85.369000TCP
                  2025-02-18T08:57:45.565637+010020522481A Network Trojan was detected192.168.2.46209192.255.85.369000TCP
                  2025-02-18T08:57:46.368417+010020522481A Network Trojan was detected192.168.2.46209292.255.85.369000TCP
                  2025-02-18T08:57:47.167106+010020522481A Network Trojan was detected192.168.2.46209392.255.85.369000TCP
                  2025-02-18T08:57:47.962532+010020522481A Network Trojan was detected192.168.2.46209492.255.85.369000TCP
                  2025-02-18T08:57:48.759804+010020522481A Network Trojan was detected192.168.2.46209592.255.85.369000TCP
                  2025-02-18T08:57:49.555200+010020522481A Network Trojan was detected192.168.2.46209692.255.85.369000TCP
                  2025-02-18T08:57:50.354526+010020522481A Network Trojan was detected192.168.2.46209792.255.85.369000TCP
                  2025-02-18T08:57:51.154379+010020522481A Network Trojan was detected192.168.2.46209892.255.85.369000TCP
                  2025-02-18T08:57:51.968237+010020522481A Network Trojan was detected192.168.2.46209992.255.85.369000TCP
                  2025-02-18T08:57:52.759596+010020522481A Network Trojan was detected192.168.2.46210092.255.85.369000TCP
                  2025-02-18T08:57:53.556719+010020522481A Network Trojan was detected192.168.2.46210192.255.85.369000TCP
                  2025-02-18T08:57:54.373391+010020522481A Network Trojan was detected192.168.2.46210292.255.85.369000TCP
                  2025-02-18T08:57:55.173664+010020522481A Network Trojan was detected192.168.2.46210392.255.85.369000TCP
                  2025-02-18T08:57:55.998182+010020522481A Network Trojan was detected192.168.2.46210492.255.85.369000TCP
                  2025-02-18T08:57:56.819280+010020522481A Network Trojan was detected192.168.2.46210592.255.85.369000TCP
                  2025-02-18T08:57:57.637623+010020522481A Network Trojan was detected192.168.2.46210692.255.85.369000TCP
                  2025-02-18T08:57:58.434765+010020522481A Network Trojan was detected192.168.2.46210792.255.85.369000TCP
                  2025-02-18T08:57:59.244931+010020522481A Network Trojan was detected192.168.2.46210892.255.85.369000TCP
                  2025-02-18T08:58:00.069265+010020522481A Network Trojan was detected192.168.2.46210992.255.85.369000TCP
                  2025-02-18T08:58:00.891809+010020522481A Network Trojan was detected192.168.2.46211092.255.85.369000TCP
                  2025-02-18T08:58:01.736757+010020522481A Network Trojan was detected192.168.2.46211192.255.85.369000TCP
                  2025-02-18T08:58:02.544999+010020522481A Network Trojan was detected192.168.2.46211292.255.85.369000TCP
                  2025-02-18T08:58:03.368837+010020522481A Network Trojan was detected192.168.2.46211392.255.85.369000TCP
                  2025-02-18T08:58:04.174578+010020522481A Network Trojan was detected192.168.2.46211492.255.85.369000TCP
                  2025-02-18T08:58:04.979699+010020522481A Network Trojan was detected192.168.2.46211592.255.85.369000TCP
                  2025-02-18T08:58:05.784825+010020522481A Network Trojan was detected192.168.2.46211692.255.85.369000TCP
                  2025-02-18T08:58:06.615239+010020522481A Network Trojan was detected192.168.2.46211792.255.85.369000TCP
                  2025-02-18T08:58:07.417625+010020522481A Network Trojan was detected192.168.2.46211992.255.85.369000TCP
                  2025-02-18T08:58:08.224548+010020522481A Network Trojan was detected192.168.2.46212192.255.85.369000TCP
                  2025-02-18T08:58:09.060287+010020522481A Network Trojan was detected192.168.2.46212292.255.85.369000TCP
                  2025-02-18T08:58:09.861753+010020522481A Network Trojan was detected192.168.2.46212492.255.85.369000TCP
                  2025-02-18T08:58:10.840363+010020522481A Network Trojan was detected192.168.2.46212592.255.85.369000TCP
                  2025-02-18T08:58:11.673566+010020522481A Network Trojan was detected192.168.2.46212992.255.85.369000TCP
                  2025-02-18T08:58:12.699867+010020522481A Network Trojan was detected192.168.2.46213192.255.85.369000TCP
                  2025-02-18T08:58:13.492032+010020522481A Network Trojan was detected192.168.2.46213392.255.85.369000TCP
                  2025-02-18T08:58:14.314518+010020522481A Network Trojan was detected192.168.2.46213792.255.85.369000TCP
                  2025-02-18T08:58:15.121354+010020522481A Network Trojan was detected192.168.2.46213892.255.85.369000TCP
                  2025-02-18T08:58:15.921891+010020522481A Network Trojan was detected192.168.2.46214192.255.85.369000TCP
                  2025-02-18T08:58:16.711872+010020522481A Network Trojan was detected192.168.2.46214292.255.85.369000TCP
                  2025-02-18T08:58:17.509346+010020522481A Network Trojan was detected192.168.2.46214392.255.85.369000TCP
                  2025-02-18T08:58:18.326443+010020522481A Network Trojan was detected192.168.2.46214592.255.85.369000TCP
                  2025-02-18T08:58:19.114450+010020522481A Network Trojan was detected192.168.2.46214892.255.85.369000TCP
                  2025-02-18T08:58:19.914083+010020522481A Network Trojan was detected192.168.2.46214992.255.85.369000TCP
                  2025-02-18T08:58:20.710976+010020522481A Network Trojan was detected192.168.2.46215092.255.85.369000TCP
                  2025-02-18T08:58:21.508726+010020522481A Network Trojan was detected192.168.2.46215192.255.85.369000TCP
                  2025-02-18T08:58:22.463529+010020522481A Network Trojan was detected192.168.2.46215292.255.85.369000TCP
                  2025-02-18T08:58:23.285991+010020522481A Network Trojan was detected192.168.2.46215592.255.85.369000TCP
                  2025-02-18T08:58:24.095677+010020522481A Network Trojan was detected192.168.2.46215792.255.85.369000TCP
                  2025-02-18T08:58:24.902318+010020522481A Network Trojan was detected192.168.2.46215992.255.85.369000TCP
                  2025-02-18T08:58:25.695917+010020522481A Network Trojan was detected192.168.2.46216592.255.85.369000TCP
                  2025-02-18T08:58:26.512486+010020522481A Network Trojan was detected192.168.2.46216792.255.85.369000TCP
                  2025-02-18T08:58:27.479237+010020522481A Network Trojan was detected192.168.2.46217092.255.85.369000TCP
                  2025-02-18T08:58:28.302228+010020522481A Network Trojan was detected192.168.2.46217292.255.85.369000TCP
                  2025-02-18T08:58:29.124545+010020522481A Network Trojan was detected192.168.2.46217392.255.85.369000TCP
                  2025-02-18T08:58:29.920927+010020522481A Network Trojan was detected192.168.2.46217492.255.85.369000TCP
                  2025-02-18T08:58:30.712898+010020522481A Network Trojan was detected192.168.2.46217892.255.85.369000TCP
                  2025-02-18T08:58:31.520242+010020522481A Network Trojan was detected192.168.2.46218092.255.85.369000TCP
                  2025-02-18T08:58:32.328949+010020522481A Network Trojan was detected192.168.2.46218392.255.85.369000TCP
                  2025-02-18T08:58:33.264053+010020522481A Network Trojan was detected192.168.2.46218892.255.85.369000TCP
                  2025-02-18T08:58:34.088950+010020522481A Network Trojan was detected192.168.2.46218992.255.85.369000TCP
                  2025-02-18T08:58:34.917921+010020522481A Network Trojan was detected192.168.2.46219392.255.85.369000TCP
                  2025-02-18T08:58:35.716277+010020522481A Network Trojan was detected192.168.2.46219592.255.85.369000TCP
                  2025-02-18T08:58:36.508738+010020522481A Network Trojan was detected192.168.2.46219692.255.85.369000TCP
                  2025-02-18T08:58:37.305760+010020522481A Network Trojan was detected192.168.2.46219992.255.85.369000TCP
                  2025-02-18T08:58:38.229452+010020522481A Network Trojan was detected192.168.2.46220392.255.85.369000TCP
                  2025-02-18T08:58:39.081595+010020522481A Network Trojan was detected192.168.2.46220592.255.85.369000TCP
                  2025-02-18T08:58:40.076571+010020522481A Network Trojan was detected192.168.2.46220992.255.85.369000TCP
                  2025-02-18T08:58:40.897142+010020522481A Network Trojan was detected192.168.2.46221292.255.85.369000TCP
                  2025-02-18T08:58:41.703048+010020522481A Network Trojan was detected192.168.2.46221592.255.85.369000TCP
                  2025-02-18T08:58:43.528909+010020522481A Network Trojan was detected192.168.2.46221692.255.85.369000TCP
                  2025-02-18T08:58:44.469403+010020522481A Network Trojan was detected192.168.2.46222592.255.85.369000TCP
                  2025-02-18T08:58:45.275129+010020522481A Network Trojan was detected192.168.2.46222792.255.85.369000TCP
                  2025-02-18T08:58:46.094023+010020522481A Network Trojan was detected192.168.2.46222992.255.85.369000TCP
                  2025-02-18T08:58:46.903149+010020522481A Network Trojan was detected192.168.2.46223092.255.85.369000TCP
                  2025-02-18T08:58:47.742012+010020522481A Network Trojan was detected192.168.2.46223392.255.85.369000TCP
                  2025-02-18T08:58:48.558247+010020522481A Network Trojan was detected192.168.2.46223492.255.85.369000TCP
                  2025-02-18T08:58:49.351047+010020522481A Network Trojan was detected192.168.2.46223692.255.85.369000TCP
                  2025-02-18T08:58:50.155869+010020522481A Network Trojan was detected192.168.2.46223992.255.85.369000TCP
                  2025-02-18T08:58:50.961704+010020522481A Network Trojan was detected192.168.2.46224092.255.85.369000TCP
                  2025-02-18T08:58:51.869332+010020522481A Network Trojan was detected192.168.2.46224292.255.85.369000TCP
                  2025-02-18T08:58:52.663549+010020522481A Network Trojan was detected192.168.2.46224492.255.85.369000TCP
                  2025-02-18T08:58:53.485339+010020522481A Network Trojan was detected192.168.2.46224692.255.85.369000TCP
                  2025-02-18T08:58:54.303236+010020522481A Network Trojan was detected192.168.2.46224992.255.85.369000TCP
                  2025-02-18T08:58:55.133585+010020522481A Network Trojan was detected192.168.2.46225192.255.85.369000TCP
                  2025-02-18T08:58:55.946627+010020522481A Network Trojan was detected192.168.2.46225292.255.85.369000TCP
                  2025-02-18T08:58:56.751882+010020522481A Network Trojan was detected192.168.2.46225492.255.85.369000TCP
                  2025-02-18T08:58:57.562138+010020522481A Network Trojan was detected192.168.2.46225992.255.85.369000TCP
                  2025-02-18T08:58:58.467402+010020522481A Network Trojan was detected192.168.2.46226092.255.85.369000TCP
                  2025-02-18T08:58:59.284029+010020522481A Network Trojan was detected192.168.2.46226192.255.85.369000TCP
                  2025-02-18T08:59:00.091958+010020522481A Network Trojan was detected192.168.2.46226292.255.85.369000TCP
                  2025-02-18T08:59:00.893553+010020522481A Network Trojan was detected192.168.2.46226792.255.85.369000TCP
                  2025-02-18T08:59:01.806792+010020522481A Network Trojan was detected192.168.2.46226992.255.85.369000TCP
                  2025-02-18T08:59:02.630327+010020522481A Network Trojan was detected192.168.2.46227092.255.85.369000TCP
                  2025-02-18T08:59:03.432857+010020522481A Network Trojan was detected192.168.2.46227392.255.85.369000TCP
                  2025-02-18T08:59:04.245259+010020522481A Network Trojan was detected192.168.2.46227492.255.85.369000TCP
                  2025-02-18T08:59:05.049443+010020522481A Network Trojan was detected192.168.2.46227792.255.85.369000TCP
                  2025-02-18T08:59:05.853628+010020522481A Network Trojan was detected192.168.2.46227992.255.85.369000TCP
                  2025-02-18T08:59:06.673060+010020522481A Network Trojan was detected192.168.2.46228092.255.85.369000TCP
                  2025-02-18T08:59:07.476471+010020522481A Network Trojan was detected192.168.2.46228192.255.85.369000TCP
                  2025-02-18T08:59:08.302472+010020522481A Network Trojan was detected192.168.2.46228292.255.85.369000TCP
                  2025-02-18T08:59:09.193214+010020522481A Network Trojan was detected192.168.2.46228392.255.85.369000TCP
                  2025-02-18T08:59:10.004942+010020522481A Network Trojan was detected192.168.2.46228492.255.85.369000TCP
                  2025-02-18T08:59:10.854437+010020522481A Network Trojan was detected192.168.2.46228592.255.85.369000TCP
                  2025-02-18T08:59:11.652111+010020522481A Network Trojan was detected192.168.2.46228692.255.85.369000TCP
                  2025-02-18T08:59:12.461891+010020522481A Network Trojan was detected192.168.2.46228792.255.85.369000TCP
                  2025-02-18T08:59:13.289582+010020522481A Network Trojan was detected192.168.2.46228892.255.85.369000TCP
                  2025-02-18T08:59:14.192785+010020522481A Network Trojan was detected192.168.2.46228992.255.85.369000TCP
                  2025-02-18T08:59:15.013731+010020522481A Network Trojan was detected192.168.2.46229092.255.85.369000TCP
                  2025-02-18T08:59:15.812495+010020522481A Network Trojan was detected192.168.2.46229192.255.85.369000TCP
                  2025-02-18T08:59:16.619759+010020522481A Network Trojan was detected192.168.2.46229292.255.85.369000TCP
                  2025-02-18T08:59:17.420696+010020522481A Network Trojan was detected192.168.2.46229392.255.85.369000TCP
                  2025-02-18T08:59:18.221643+010020522481A Network Trojan was detected192.168.2.46229492.255.85.369000TCP
                  2025-02-18T08:59:19.050892+010020522481A Network Trojan was detected192.168.2.46229592.255.85.369000TCP
                  2025-02-18T08:59:19.862778+010020522481A Network Trojan was detected192.168.2.46229692.255.85.369000TCP
                  2025-02-18T08:59:20.731638+010020522481A Network Trojan was detected192.168.2.46229792.255.85.369000TCP
                  2025-02-18T08:59:21.523130+010020522481A Network Trojan was detected192.168.2.46229892.255.85.369000TCP
                  2025-02-18T08:59:22.350251+010020522481A Network Trojan was detected192.168.2.46229992.255.85.369000TCP
                  2025-02-18T08:59:23.163806+010020522481A Network Trojan was detected192.168.2.46230192.255.85.369000TCP
                  2025-02-18T08:59:23.997605+010020522481A Network Trojan was detected192.168.2.46230292.255.85.369000TCP
                  2025-02-18T08:59:24.798899+010020522481A Network Trojan was detected192.168.2.46230392.255.85.369000TCP
                  2025-02-18T08:59:25.779730+010020522481A Network Trojan was detected192.168.2.46230492.255.85.369000TCP
                  2025-02-18T08:59:26.755783+010020522481A Network Trojan was detected192.168.2.46230592.255.85.369000TCP
                  2025-02-18T08:59:27.565476+010020522481A Network Trojan was detected192.168.2.46230692.255.85.369000TCP
                  2025-02-18T08:59:28.568897+010020522481A Network Trojan was detected192.168.2.46230792.255.85.369000TCP
                  2025-02-18T08:59:29.375469+010020522481A Network Trojan was detected192.168.2.46230892.255.85.369000TCP
                  2025-02-18T08:59:30.185012+010020522481A Network Trojan was detected192.168.2.46230992.255.85.369000TCP
                  2025-02-18T08:59:30.987368+010020522481A Network Trojan was detected192.168.2.46231092.255.85.369000TCP
                  2025-02-18T08:59:31.813437+010020522481A Network Trojan was detected192.168.2.46231192.255.85.369000TCP
                  2025-02-18T08:59:32.637887+010020522481A Network Trojan was detected192.168.2.46231292.255.85.369000TCP
                  2025-02-18T08:59:33.516158+010020522481A Network Trojan was detected192.168.2.46231392.255.85.369000TCP
                  2025-02-18T08:59:34.337595+010020522481A Network Trojan was detected192.168.2.46231492.255.85.369000TCP
                  2025-02-18T08:59:35.135271+010020522481A Network Trojan was detected192.168.2.46231592.255.85.369000TCP
                  2025-02-18T08:59:35.956240+010020522481A Network Trojan was detected192.168.2.46231692.255.85.369000TCP
                  2025-02-18T08:59:36.766373+010020522481A Network Trojan was detected192.168.2.46231792.255.85.369000TCP
                  2025-02-18T08:59:37.602091+010020522481A Network Trojan was detected192.168.2.46231892.255.85.369000TCP
                  2025-02-18T08:59:38.422509+010020522481A Network Trojan was detected192.168.2.46231992.255.85.369000TCP
                  2025-02-18T08:59:39.858267+010020522481A Network Trojan was detected192.168.2.46232092.255.85.369000TCP
                  2025-02-18T08:59:40.678009+010020522481A Network Trojan was detected192.168.2.46232192.255.85.369000TCP
                  2025-02-18T08:59:41.487200+010020522481A Network Trojan was detected192.168.2.46232292.255.85.369000TCP
                  2025-02-18T08:59:42.290791+010020522481A Network Trojan was detected192.168.2.46232392.255.85.369000TCP
                  2025-02-18T08:59:43.088608+010020522481A Network Trojan was detected192.168.2.46232492.255.85.369000TCP
                  2025-02-18T08:59:43.890032+010020522481A Network Trojan was detected192.168.2.46232592.255.85.369000TCP
                  2025-02-18T08:59:44.679769+010020522481A Network Trojan was detected192.168.2.46232692.255.85.369000TCP
                  2025-02-18T08:59:45.528778+010020522481A Network Trojan was detected192.168.2.46232792.255.85.369000TCP
                  2025-02-18T08:59:46.334561+010020522481A Network Trojan was detected192.168.2.46232892.255.85.369000TCP
                  2025-02-18T08:59:47.133286+010020522481A Network Trojan was detected192.168.2.46233092.255.85.369000TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-02-18T08:57:02.823551+010028033053Unknown Traffic192.168.2.46192892.255.85.369000TCP
                  2025-02-18T08:57:03.665151+010028033053Unknown Traffic192.168.2.46193092.255.85.369000TCP
                  2025-02-18T08:57:05.287206+010028033053Unknown Traffic192.168.2.46194192.255.85.369000TCP
                  2025-02-18T08:57:06.144285+010028033053Unknown Traffic192.168.2.46194792.255.85.369000TCP
                  2025-02-18T08:57:06.946397+010028033053Unknown Traffic192.168.2.46195392.255.85.369000TCP
                  2025-02-18T08:57:07.769705+010028033053Unknown Traffic192.168.2.46195992.255.85.369000TCP
                  2025-02-18T08:57:09.392190+010028033053Unknown Traffic192.168.2.46197692.255.85.369000TCP
                  2025-02-18T08:57:10.196127+010028033053Unknown Traffic192.168.2.46198292.255.85.369000TCP
                  2025-02-18T08:57:10.998494+010028033053Unknown Traffic192.168.2.46198392.255.85.369000TCP
                  2025-02-18T08:57:11.813729+010028033053Unknown Traffic192.168.2.46198992.255.85.369000TCP
                  2025-02-18T08:57:12.644143+010028033053Unknown Traffic192.168.2.46199592.255.85.369000TCP
                  2025-02-18T08:57:13.464602+010028033053Unknown Traffic192.168.2.46200392.255.85.369000TCP
                  2025-02-18T08:57:18.330000+010028033053Unknown Traffic192.168.2.46203792.255.85.369000TCP
                  2025-02-18T08:57:19.134548+010028033053Unknown Traffic192.168.2.46204492.255.85.369000TCP
                  2025-02-18T08:57:20.745422+010028033053Unknown Traffic192.168.2.46205892.255.85.369000TCP
                  2025-02-18T08:57:21.557135+010028033053Unknown Traffic192.168.2.46206192.255.85.369000TCP
                  2025-02-18T08:57:22.351733+010028033053Unknown Traffic192.168.2.46206392.255.85.369000TCP
                  2025-02-18T08:57:23.156000+010028033053Unknown Traffic192.168.2.46206492.255.85.369000TCP
                  2025-02-18T08:57:24.824506+010028033053Unknown Traffic192.168.2.46206692.255.85.369000TCP
                  2025-02-18T08:57:26.619792+010028033053Unknown Traffic192.168.2.46206792.255.85.369000TCP
                  2025-02-18T08:57:29.225428+010028033053Unknown Traffic192.168.2.46207192.255.85.369000TCP
                  2025-02-18T08:57:30.028233+010028033053Unknown Traffic192.168.2.46207292.255.85.369000TCP
                  2025-02-18T08:57:30.819707+010028033053Unknown Traffic192.168.2.46207392.255.85.369000TCP
                  2025-02-18T08:57:34.167155+010028033053Unknown Traffic192.168.2.46207792.255.85.369000TCP
                  2025-02-18T08:57:37.423269+010028033053Unknown Traffic192.168.2.46208192.255.85.369000TCP
                  2025-02-18T08:57:38.252051+010028033053Unknown Traffic192.168.2.46208292.255.85.369000TCP
                  2025-02-18T08:57:39.888841+010028033053Unknown Traffic192.168.2.46208492.255.85.369000TCP
                  2025-02-18T08:57:43.125327+010028033053Unknown Traffic192.168.2.46208892.255.85.369000TCP
                  2025-02-18T08:57:44.759264+010028033053Unknown Traffic192.168.2.46209092.255.85.369000TCP
                  2025-02-18T08:57:46.368417+010028033053Unknown Traffic192.168.2.46209292.255.85.369000TCP
                  2025-02-18T08:57:48.759804+010028033053Unknown Traffic192.168.2.46209592.255.85.369000TCP
                  2025-02-18T08:57:49.555200+010028033053Unknown Traffic192.168.2.46209692.255.85.369000TCP
                  2025-02-18T08:57:51.154379+010028033053Unknown Traffic192.168.2.46209892.255.85.369000TCP
                  2025-02-18T08:57:55.998182+010028033053Unknown Traffic192.168.2.46210492.255.85.369000TCP
                  2025-02-18T08:57:57.637623+010028033053Unknown Traffic192.168.2.46210692.255.85.369000TCP
                  2025-02-18T08:58:02.544999+010028033053Unknown Traffic192.168.2.46211292.255.85.369000TCP
                  2025-02-18T08:58:04.979699+010028033053Unknown Traffic192.168.2.46211592.255.85.369000TCP
                  2025-02-18T08:58:05.784825+010028033053Unknown Traffic192.168.2.46211692.255.85.369000TCP
                  2025-02-18T08:58:08.224548+010028033053Unknown Traffic192.168.2.46212192.255.85.369000TCP
                  2025-02-18T08:58:09.060287+010028033053Unknown Traffic192.168.2.46212292.255.85.369000TCP
                  2025-02-18T08:58:10.840363+010028033053Unknown Traffic192.168.2.46212592.255.85.369000TCP
                  2025-02-18T08:58:12.699867+010028033053Unknown Traffic192.168.2.46213192.255.85.369000TCP
                  2025-02-18T08:58:16.711872+010028033053Unknown Traffic192.168.2.46214292.255.85.369000TCP
                  2025-02-18T08:58:19.914083+010028033053Unknown Traffic192.168.2.46214992.255.85.369000TCP
                  2025-02-18T08:58:21.508726+010028033053Unknown Traffic192.168.2.46215192.255.85.369000TCP
                  2025-02-18T08:58:24.902318+010028033053Unknown Traffic192.168.2.46215992.255.85.369000TCP
                  2025-02-18T08:58:27.479237+010028033053Unknown Traffic192.168.2.46217092.255.85.369000TCP
                  2025-02-18T08:58:30.712898+010028033053Unknown Traffic192.168.2.46217892.255.85.369000TCP
                  2025-02-18T08:58:34.088950+010028033053Unknown Traffic192.168.2.46218992.255.85.369000TCP
                  2025-02-18T08:58:34.917921+010028033053Unknown Traffic192.168.2.46219392.255.85.369000TCP
                  2025-02-18T08:58:39.081595+010028033053Unknown Traffic192.168.2.46220592.255.85.369000TCP
                  2025-02-18T08:58:41.703048+010028033053Unknown Traffic192.168.2.46221592.255.85.369000TCP
                  2025-02-18T08:58:45.275129+010028033053Unknown Traffic192.168.2.46222792.255.85.369000TCP
                  2025-02-18T08:58:47.742012+010028033053Unknown Traffic192.168.2.46223392.255.85.369000TCP
                  2025-02-18T08:58:50.961704+010028033053Unknown Traffic192.168.2.46224092.255.85.369000TCP
                  2025-02-18T08:58:53.485339+010028033053Unknown Traffic192.168.2.46224692.255.85.369000TCP
                  2025-02-18T08:58:55.946627+010028033053Unknown Traffic192.168.2.46225292.255.85.369000TCP
                  2025-02-18T08:58:57.562138+010028033053Unknown Traffic192.168.2.46225992.255.85.369000TCP
                  2025-02-18T08:58:58.467402+010028033053Unknown Traffic192.168.2.46226092.255.85.369000TCP
                  2025-02-18T08:58:59.284029+010028033053Unknown Traffic192.168.2.46226192.255.85.369000TCP
                  2025-02-18T08:59:02.630327+010028033053Unknown Traffic192.168.2.46227092.255.85.369000TCP
                  2025-02-18T08:59:03.432857+010028033053Unknown Traffic192.168.2.46227392.255.85.369000TCP
                  2025-02-18T08:59:04.245259+010028033053Unknown Traffic192.168.2.46227492.255.85.369000TCP
                  2025-02-18T08:59:05.049443+010028033053Unknown Traffic192.168.2.46227792.255.85.369000TCP
                  2025-02-18T08:59:06.673060+010028033053Unknown Traffic192.168.2.46228092.255.85.369000TCP
                  2025-02-18T08:59:09.193214+010028033053Unknown Traffic192.168.2.46228392.255.85.369000TCP
                  2025-02-18T08:59:15.812495+010028033053Unknown Traffic192.168.2.46229192.255.85.369000TCP
                  2025-02-18T08:59:17.420696+010028033053Unknown Traffic192.168.2.46229392.255.85.369000TCP
                  2025-02-18T08:59:19.050892+010028033053Unknown Traffic192.168.2.46229592.255.85.369000TCP
                  2025-02-18T08:59:20.731638+010028033053Unknown Traffic192.168.2.46229792.255.85.369000TCP
                  2025-02-18T08:59:21.523130+010028033053Unknown Traffic192.168.2.46229892.255.85.369000TCP
                  2025-02-18T08:59:27.565476+010028033053Unknown Traffic192.168.2.46230692.255.85.369000TCP
                  2025-02-18T08:59:31.813437+010028033053Unknown Traffic192.168.2.46231192.255.85.369000TCP
                  2025-02-18T08:59:34.337595+010028033053Unknown Traffic192.168.2.46231492.255.85.369000TCP
                  2025-02-18T08:59:40.678009+010028033053Unknown Traffic192.168.2.46232192.255.85.369000TCP
                  2025-02-18T08:59:44.679769+010028033053Unknown Traffic192.168.2.46232692.255.85.369000TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus / Scanner detection for submitted sample
                  Source: aLS3xiFr39.exeAvira: detected
                  Multi AV Scanner detection for submitted file
                  Source: aLS3xiFr39.exeReversingLabs: Detection: 67%
                  Source: aLS3xiFr39.exeVirustotal: Detection: 77%Perma Link
                  Joe Sandbox ML detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Source: aLS3xiFr39.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 4x nop then jmp 0751AE3Ch0_2_0751A82D

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:61910 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:61916 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:61922 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:61928 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:61930 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:61935 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:61941 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:61947 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:61953 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:61959 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:61970 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:61976 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:61982 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:61983 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:61989 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:61995 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62003 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62011 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62017 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62019 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62037 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62044 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62051 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62058 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62061 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62063 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62064 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62065 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62066 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62067 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62071 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62072 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62073 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62074 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62075 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62076 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62077 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62078 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62079 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62080 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62081 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62082 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62083 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62084 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62085 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62088 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62086 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62093 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62090 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62089 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62094 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62092 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62098 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62097 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62099 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62096 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62101 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62102 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62100 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62103 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62106 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62108 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62107 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62109 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62104 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62113 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62110 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62111 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62115 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62121 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62091 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62114 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62117 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62129 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62119 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62116 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62133 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62141 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62122 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62138 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62143 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62137 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62145 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62149 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62150 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62157 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62159 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62142 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62124 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62165 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62167 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62148 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62155 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62173 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62152 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62174 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62172 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62188 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62151 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62195 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62199 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62189 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62193 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62183 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62125 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62212 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62170 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62196 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62205 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62216 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62227 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62225 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62229 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62233 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62239 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62087 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62234 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62242 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62240 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62131 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62244 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62230 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62251 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62180 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62215 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62203 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62254 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62246 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62236 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62260 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62249 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62259 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62252 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62178 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62267 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62269 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62270 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62279 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62277 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62280 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62274 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62281 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62261 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62273 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62262 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62282 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62283 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62284 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62286 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62287 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62288 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62290 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62289 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62293 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62295 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62297 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62298 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62299 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62301 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62302 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62303 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62305 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62306 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62307 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62308 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62309 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62310 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62311 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62312 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62025 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62313 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62314 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62315 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62316 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62317 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62031 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62318 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62319 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62320 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62321 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62322 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62323 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62069 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62324 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62105 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62112 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62285 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62296 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62304 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62325 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62326 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62291 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62327 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62328 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62330 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62095 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62292 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62209 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:62294 -> 92.255.85.36:9000
                  Connects to many ports of the same IP (likely port scanning)
                  Source: global trafficTCP traffic: 92.255.85.36 ports 9000,1,4,5,7,8,15847
                  Uses known network protocols on non-standard ports
                  Source: unknownNetwork traffic detected: HTTP traffic on port 61910 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 61910
                  Source: unknownNetwork traffic detected: HTTP traffic on port 61916 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 61916
                  Source: unknownNetwork traffic detected: HTTP traffic on port 61922 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 61922
                  Source: unknownNetwork traffic detected: HTTP traffic on port 61928 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 61928
                  Source: unknownNetwork traffic detected: HTTP traffic on port 61930 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 61930
                  Source: unknownNetwork traffic detected: HTTP traffic on port 61935 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 61935
                  Source: unknownNetwork traffic detected: HTTP traffic on port 61941 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 61941
                  Source: unknownNetwork traffic detected: HTTP traffic on port 61947 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 61947
                  Source: unknownNetwork traffic detected: HTTP traffic on port 61953 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 61953
                  Source: unknownNetwork traffic detected: HTTP traffic on port 61959 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 61959
                  Source: unknownNetwork traffic detected: HTTP traffic on port 61970 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 61970
                  Source: unknownNetwork traffic detected: HTTP traffic on port 61976 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 61976
                  Source: unknownNetwork traffic detected: HTTP traffic on port 61982 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 61982
                  Source: unknownNetwork traffic detected: HTTP traffic on port 61983 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 61983
                  Source: unknownNetwork traffic detected: HTTP traffic on port 61989 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 61989
                  Source: unknownNetwork traffic detected: HTTP traffic on port 61995 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 61995
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62003 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62003
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62011 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62011
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62017 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62017
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62019 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62019
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62025 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62025
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62031 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62031
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62037 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62037
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62044 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62044
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62051 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62051
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62058 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62058
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62061 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62061
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62063 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62063
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62064 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62064
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62065 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62065
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62066 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62066
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62067 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62067
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62067
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62067
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62069 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62069
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62069
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62069
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62071 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62071
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62072 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62072
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62073 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62073
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62074 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62074
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62075 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62075
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62076 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62076
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62077 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62077
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62078 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62078
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62079 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62079
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62080 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62080
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62081 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62081
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62082 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62082
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62083 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62083
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62084 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62084
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62085 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62085
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62086 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62086
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62087 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62087
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62088 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62088
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62089 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62089
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62090 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62090
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62091 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62091
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62092 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62092
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62093 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62093
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62094 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62094
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62095 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62095
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62096 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62096
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62097 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62097
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62098 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62098
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62099 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62099
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62100 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62100
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62101 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62101
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62102 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62102
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62103 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62103
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62104 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62104
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62105 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62105
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62106 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62106
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62107 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62107
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62108 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62108
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62109 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62109
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62110 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62110
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62111 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62111
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62112 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62112
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62113 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62113
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62114 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62114
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62115 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62115
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62116 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62116
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62117 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62117
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62119 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62119
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62121 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62121
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62122 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62122
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62124 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62124
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62125 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62125
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62129 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62129
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62131 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62131
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62133 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62133
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62137 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62137
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62138 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62138
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62141 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62141
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62142 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62142
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62143 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62143
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62145 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62148 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62148
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62149 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62149
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62150 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62150
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62151 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62151
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62152 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62152
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62155 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62155
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62157 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62157
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62159 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62159
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62165 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62165
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62167 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62167
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62170 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62170
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62172 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62172
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62173 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62173
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62174 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62174
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62178 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62178
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62180 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62180
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62183 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62183
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62188 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62188
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62189 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62189
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62193 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62193
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62195 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62195
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62196 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62196
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62199 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62199
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62203 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62203
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62205 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62205
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62209 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62209
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62212 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62212
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62215 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62215
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62216 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62216
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62216
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62216
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62225 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62225
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62227 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62227
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62229 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62229
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62230 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62230
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62233 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62233
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62234 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62234
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62236 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62236
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62239 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62239
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62240 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62240
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62242 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62242
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62244 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62244
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62246 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62246
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62249 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62249
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62251 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62251
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62252 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62252
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62254 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62254
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62259 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62259
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62260 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62260
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62261 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62261
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62262 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62262
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62267 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62267
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62269 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62269
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62270 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62270
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62273 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62273
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62274 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62274
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62277 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62277
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62279 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62279
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62280 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62280
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62281 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62281
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62282 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62282
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62283 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62283
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62284 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62284
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62285 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62285
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62286 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62286
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62287 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62287
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62288 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62288
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62289 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62289
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62290 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62290
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62291 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62291
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62292 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62292
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62293 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62293
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62294 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62294
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62295 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62295
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62296 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62296
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62297 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62297
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62298 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62298
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62299 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62299
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62301 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62301
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62302 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62302
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62303 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62303
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62304 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62304
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62305 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62305
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62306 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62306
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62307 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62307
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62308 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62308
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62309 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62309
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62310 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62310
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62311 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62311
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62312 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62312
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62313 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62313
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62314 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62314
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62315 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62315
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62316 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62316
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62317 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62317
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62318 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62318
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62319 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62319
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62320 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62320
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62320
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62321 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62321
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62322 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62322
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62323 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62323
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62324 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62324
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62325 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62325
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62326 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62326
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62327 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62327
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62328 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62328
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62330 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62330
                  Source: global trafficTCP traffic: 192.168.2.4:49731 -> 92.255.85.36:15847
                  Source: global trafficTCP traffic: 192.168.2.4:61765 -> 1.1.1.1:53
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: Joe Sandbox ViewASN Name: SOVTEL-ASRU SOVTEL-ASRU
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:61928 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:61930 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:61941 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:61947 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:61953 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:61959 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:61976 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:61982 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:61983 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:61989 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:61995 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62003 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62037 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62044 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62058 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62061 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62063 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62064 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62066 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62067 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62071 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62072 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62073 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62077 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62081 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62082 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62084 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62088 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62090 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62092 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62098 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62096 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62106 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62104 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62115 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62121 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62116 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62122 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62149 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62159 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62142 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62151 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62189 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62193 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62125 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62170 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62205 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62227 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62233 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62240 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62131 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62215 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62246 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62260 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62259 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62252 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62178 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62270 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62277 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62280 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62274 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62261 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62273 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62283 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62293 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62295 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62297 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62298 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62306 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62311 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62314 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62321 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62112 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62326 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62291 -> 92.255.85.36:9000
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:62095 -> 92.255.85.36:9000
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                  Source: aLS3xiFr39.exe, 00000000.00000002.4153940210.0000000003331000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.255.85.36:9000
                  Source: aLS3xiFr39.exe, 00000000.00000002.4153940210.0000000003331000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.255.85.36:9000/wbinjget?q=8587D7BC4236146899B093C1B42EFE08
                  Source: aLS3xiFr39.exe, 00000000.00000002.4153940210.0000000003331000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: aLS3xiFr39.exe, 00000000.00000002.4162829570.0000000004E60000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4153940210.000000000340F000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4153940210.000000000344E000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4162829570.0000000004E7C000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4162829570.00000000049A5000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4162829570.00000000049C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: aLS3xiFr39.exe, 00000000.00000002.4162829570.0000000004E60000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4153940210.000000000340F000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4153940210.000000000344E000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4162829570.0000000004E7C000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4162829570.00000000049A5000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4162829570.00000000049C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: aLS3xiFr39.exe, 00000000.00000002.4162829570.0000000004E60000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4153940210.000000000340F000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4153940210.000000000344E000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4162829570.0000000004E7C000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4162829570.00000000049A5000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4162829570.00000000049C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                  Source: aLS3xiFr39.exe, 00000000.00000002.4162829570.0000000004E60000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4153940210.000000000340F000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4153940210.000000000344E000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4162829570.0000000004E7C000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4162829570.00000000049A5000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4162829570.00000000049C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                  Source: aLS3xiFr39.exe, 00000000.00000002.4162829570.0000000004E60000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4153940210.000000000340F000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4153940210.000000000344E000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4162829570.0000000004E7C000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4162829570.00000000049A5000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4162829570.00000000049C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: aLS3xiFr39.exe, 00000000.00000002.4153940210.000000000340F000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4162829570.0000000004E7C000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4162829570.00000000049C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                  Source: aLS3xiFr39.exe, 00000000.00000002.4162829570.0000000004E60000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4153940210.000000000344E000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4162829570.00000000049A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabS
                  Source: aLS3xiFr39.exe, 00000000.00000002.4162829570.0000000004E60000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4153940210.000000000340F000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4153940210.000000000344E000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4162829570.0000000004E7C000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4162829570.00000000049A5000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4162829570.00000000049C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: aLS3xiFr39.exe, 00000000.00000002.4153940210.0000000003331000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com/raw/DWCCqGB0
                  Source: aLS3xiFr39.exe, 00000000.00000002.4162829570.0000000004E60000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4153940210.000000000340F000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4153940210.000000000344E000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4162829570.0000000004E7C000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4162829570.00000000049A5000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4162829570.00000000049C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                  Source: aLS3xiFr39.exe, 00000000.00000002.4162829570.0000000004E60000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4153940210.000000000340F000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4153940210.000000000344E000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4162829570.0000000004E7C000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4162829570.00000000049A5000.00000004.00000800.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4162829570.00000000049C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: aLS3xiFr39.exe, type: SAMPLEMatched rule: Detects Arechclient2 RAT Author: ditekSHen
                  Source: 0.0.aLS3xiFr39.exe.de0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Arechclient2 RAT Author: ditekSHen
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess Stats: CPU usage > 49%
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_0187188E0_2_0187188E
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_018754B80_2_018754B8
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_0187B7C80_2_0187B7C8
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_01879E780_2_01879E78
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_01878C8B0_2_01878C8B
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_0187B7BA0_2_0187B7BA
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_018797D00_2_018797D0
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_0187D7380_2_0187D738
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_018777400_2_01877740
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_018777500_2_01877750
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_0187D6EB0_2_0187D6EB
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_01879E670_2_01879E67
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_057004480_2_05700448
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_057004390_2_05700439
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_057014100_2_05701410
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_057037180_2_05703718
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_057083500_2_05708350
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_057013F20_2_057013F2
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_05709C080_2_05709C08
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_05709BF70_2_05709BF7
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_07364F3E0_2_07364F3E
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_073623980_2_07362398
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_07366BDF0_2_07366BDF
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_07364A200_2_07364A20
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_07365EA80_2_07365EA8
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_0736C9F30_2_0736C9F3
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_073611C00_2_073611C0
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_073600400_2_07360040
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_073623890_2_07362389
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_0736D3E80_2_0736D3E8
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_073682200_2_07368220
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_073675F00_2_073675F0
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_073600160_2_07360016
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_073E7B780_2_073E7B78
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_073EE7680_2_073EE768
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_073E2DB80_2_073E2DB8
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_073EC3A80_2_073EC3A8
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_073E73900_2_073E7390
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_073E9FF00_2_073E9FF0
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_073E4DC70_2_073E4DC7
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_073EAAB00_2_073EAAB0
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_073EEC900_2_073EEC90
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_073ED6C80_2_073ED6C8
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_073E1B000_2_073E1B00
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_073EE7580_2_073EE758
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_073E45A00_2_073E45A0
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_073E73800_2_073E7380
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_073E9FE00_2_073E9FE0
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_073E97C80_2_073E97C8
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_073E003F0_2_073E003F
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_073E62380_2_073E6238
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_073EC0280_2_073EC028
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_073E62280_2_073E6228
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_073EC0180_2_073EC018
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_073E840C0_2_073E840C
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_073EEC760_2_073EEC76
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_073EAAA00_2_073EAAA0
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_073E1AF00_2_073E1AF0
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_075116C80_2_075116C8
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_075125980_2_07512598
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_075143180_2_07514318
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_075100400_2_07510040
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_075125890_2_07512589
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_075143080_2_07514308
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_075100060_2_07510006
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_07510CF00_2_07510CF0
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_07510CEF0_2_07510CEF
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_075189500_2_07518950
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_075189420_2_07518942
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_07DF3AF40_2_07DF3AF4
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_07DF5F1A0_2_07DF5F1A
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_07DF1B0C0_2_07DF1B0C
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_07DFB2310_2_07DFB231
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_057036F30_2_057036F3
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_057083600_2_05708360
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_0570B9000_2_0570B900
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_0570B8F10_2_0570B8F1
                  Source: aLS3xiFr39.exe, 00000000.00000000.1695054641.0000000000EA0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenametttrgggrrrt.exe" vs aLS3xiFr39.exe
                  Source: aLS3xiFr39.exe, 00000000.00000002.4170261752.0000000007868000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs aLS3xiFr39.exe
                  Source: aLS3xiFr39.exe, 00000000.00000002.4151680991.00000000015AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs aLS3xiFr39.exe
                  Source: aLS3xiFr39.exe, 00000000.00000002.4153940210.0000000003331000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs aLS3xiFr39.exe
                  Source: aLS3xiFr39.exeBinary or memory string: OriginalFilenametttrgggrrrt.exe" vs aLS3xiFr39.exe
                  Source: aLS3xiFr39.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: aLS3xiFr39.exe, type: SAMPLEMatched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
                  Source: 0.0.aLS3xiFr39.exe.de0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/36@0/1
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeFile created: C:\Users\user\AppData\Local\YandexJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeMutant created: NULL
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeMutant created: \Sessions\1\BaseNamedObjects\5c8947d1385c4e608aa7a0853c65418d
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeFile created: C:\Users\user\AppData\Local\Temp\tmpC097.tmpJump to behavior
                  Source: aLS3xiFr39.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: aLS3xiFr39.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: aLS3xiFr39.exeReversingLabs: Detection: 67%
                  Source: aLS3xiFr39.exeVirustotal: Detection: 77%
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                  Source: aLS3xiFr39.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_0751752A pushfd ; ret 0_2_07517530
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeCode function: 0_2_07DFA126 push dword ptr [ecx+ecx-75h]; iretd 0_2_07DFA133
                  Source: aLS3xiFr39.exeStatic PE information: section name: .text entropy: 6.939591378361454

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Uses known network protocols on non-standard ports
                  Source: unknownNetwork traffic detected: HTTP traffic on port 61910 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 61910
                  Source: unknownNetwork traffic detected: HTTP traffic on port 61916 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 61916
                  Source: unknownNetwork traffic detected: HTTP traffic on port 61922 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 61922
                  Source: unknownNetwork traffic detected: HTTP traffic on port 61928 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 61928
                  Source: unknownNetwork traffic detected: HTTP traffic on port 61930 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 61930
                  Source: unknownNetwork traffic detected: HTTP traffic on port 61935 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 61935
                  Source: unknownNetwork traffic detected: HTTP traffic on port 61941 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 61941
                  Source: unknownNetwork traffic detected: HTTP traffic on port 61947 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 61947
                  Source: unknownNetwork traffic detected: HTTP traffic on port 61953 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 61953
                  Source: unknownNetwork traffic detected: HTTP traffic on port 61959 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 61959
                  Source: unknownNetwork traffic detected: HTTP traffic on port 61970 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 61970
                  Source: unknownNetwork traffic detected: HTTP traffic on port 61976 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 61976
                  Source: unknownNetwork traffic detected: HTTP traffic on port 61982 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 61982
                  Source: unknownNetwork traffic detected: HTTP traffic on port 61983 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 61983
                  Source: unknownNetwork traffic detected: HTTP traffic on port 61989 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 61989
                  Source: unknownNetwork traffic detected: HTTP traffic on port 61995 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 61995
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62003 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62003
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62011 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62011
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62017 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62017
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62019 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62019
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62025 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62025
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62031 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62031
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62037 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62037
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62044 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62044
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62051 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62051
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62058 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62058
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62061 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62061
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62063 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62063
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62064 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62064
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62065 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62065
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62066 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62066
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62067 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62067
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62067
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62067
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62069 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62069
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62069
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62069
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62071 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62071
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62072 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62072
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62073 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62073
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62074 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62074
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62075 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62075
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62076 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62076
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62077 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62077
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62078 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62078
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62079 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62079
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62080 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62080
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62081 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62081
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62082 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62082
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62083 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62083
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62084 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62084
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62085 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62085
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62086 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62086
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62087 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62087
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62088 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62088
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62089 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62089
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62090 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62090
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62091 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62091
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62092 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62092
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62093 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62093
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62094 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62094
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62095 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62095
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62096 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62096
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62097 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62097
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62098 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62098
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62099 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62099
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62100 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62100
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62101 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62101
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62102 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62102
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62103 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62103
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62104 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62104
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62105 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62105
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62106 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62106
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62107 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62107
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62108 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62108
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62109 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62109
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62110 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62110
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62111 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62111
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62112 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62112
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62113 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62113
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62114 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62114
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62115 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62115
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62116 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62116
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62117 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62117
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62119 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62119
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62121 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62121
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62122 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62122
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62124 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62124
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62125 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62125
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62129 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62129
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62131 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62131
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62133 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62133
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62137 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62137
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62138 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62138
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62141 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62141
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62142 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62142
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62143 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62143
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62145 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62148 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62148
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62149 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62149
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62150 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62150
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62151 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62151
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62152 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62152
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62155 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62155
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62157 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62157
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62159 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62159
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62165 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62165
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62167 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62167
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62170 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62170
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62172 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62172
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62173 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62173
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62174 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62174
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62178 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62178
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62180 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62180
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62183 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62183
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62188 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62188
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62189 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62189
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62193 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62193
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62195 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62195
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62196 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62196
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62199 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62199
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62203 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62203
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62205 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62205
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62209 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62209
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62212 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62212
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62215 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62215
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62216 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62216
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62216
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62216
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62225 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62225
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62227 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62227
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62229 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62229
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62230 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62230
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62233 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62233
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62234 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62234
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62236 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62236
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62239 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62239
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62240 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62240
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62242 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62242
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62244 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62244
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62246 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62246
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62249 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62249
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62251 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62251
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62252 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62252
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62254 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62254
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62259 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62259
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62260 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62260
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62261 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62261
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62262 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62262
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62267 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62267
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62269 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62269
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62270 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62270
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62273 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62273
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62274 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62274
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62277 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62277
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62279 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62279
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62280 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62280
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62281 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62281
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62282 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62282
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62283 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62283
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62284 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62284
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62285 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62285
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62286 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62286
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62287 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62287
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62288 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62288
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62289 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62289
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62290 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62290
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62291 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62291
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62292 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62292
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62293 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62293
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62294 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62294
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62295 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62295
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62296 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62296
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62297 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62297
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62298 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62298
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62299 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62299
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62301 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62301
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62302 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62302
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62303 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62303
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62304 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62304
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62305 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62305
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62306 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62306
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62307 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62307
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62308 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62308
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62309 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62309
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62310 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62310
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62311 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62311
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62312 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62312
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62313 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62313
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62314 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62314
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62315 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62315
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62316 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62316
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62317 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62317
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62318 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62318
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62319 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62319
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62320 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62320
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62320
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62321 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62321
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62322 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62322
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62323 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62323
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62324 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62324
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62325 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62325
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62326 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62326
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62327 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62327
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62328 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62328
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62330 -> 9000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62330
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeMemory allocated: 1810000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeMemory allocated: 3330000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeMemory allocated: 3140000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWindow / User API: threadDelayed 2323Jump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWindow / User API: threadDelayed 7414Jump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeRegistry key enumerated: More than 160 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exe TID: 7440Thread sleep time: -35971150943733603s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exe TID: 7440Thread sleep time: -60000s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exe TID: 7420Thread sleep time: -42393s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exe TID: 7440Thread sleep time: -59874s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exe TID: 7440Thread sleep time: -59765s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exe TID: 7420Thread sleep time: -52561s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exe TID: 7440Thread sleep time: -59656s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exe TID: 7420Thread sleep time: -54878s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exe TID: 7440Thread sleep time: -59545s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exe TID: 7420Thread sleep time: -52343s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exe TID: 7440Thread sleep time: -59437s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exe TID: 7440Thread sleep time: -59327s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exe TID: 7420Thread sleep time: -50784s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exe TID: 7420Thread sleep time: -40012s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exe TID: 7420Thread sleep time: -30348s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exe TID: 7420Thread sleep time: -34523s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exe TID: 7420Thread sleep time: -51752s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exe TID: 7420Thread sleep time: -36991s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exe TID: 7420Thread sleep time: -55512s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exe TID: 7420Thread sleep time: -45147s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exe TID: 7420Thread sleep time: -40201s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exe TID: 7420Thread sleep time: -40158s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exe TID: 7420Thread sleep time: -56442s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exe TID: 7420Thread sleep time: -31957s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exe TID: 7420Thread sleep time: -54942s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exe TID: 7420Thread sleep time: -49187s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exe TID: 7420Thread sleep time: -36934s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exe TID: 7420Thread sleep time: -36096s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exe TID: 7420Thread sleep time: -41692s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exe TID: 7420Thread sleep time: -45465s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exe TID: 7420Thread sleep time: -40021s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exe TID: 7420Thread sleep time: -54889s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exe TID: 7420Thread sleep time: -37507s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exe TID: 7420Thread sleep time: -31888s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exe TID: 7420Thread sleep time: -36299s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exe TID: 7420Thread sleep time: -37530s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exe TID: 7420Thread sleep time: -51307s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeThread delayed: delay time: 60000Jump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeThread delayed: delay time: 42393Jump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeThread delayed: delay time: 59874Jump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeThread delayed: delay time: 59765Jump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeThread delayed: delay time: 52561Jump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeThread delayed: delay time: 59656Jump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeThread delayed: delay time: 54878Jump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeThread delayed: delay time: 59545Jump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeThread delayed: delay time: 52343Jump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeThread delayed: delay time: 59437Jump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeThread delayed: delay time: 59327Jump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeThread delayed: delay time: 50784Jump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeThread delayed: delay time: 40012Jump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeThread delayed: delay time: 30348Jump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeThread delayed: delay time: 34523Jump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeThread delayed: delay time: 51752Jump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeThread delayed: delay time: 36991Jump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeThread delayed: delay time: 55512Jump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeThread delayed: delay time: 45147Jump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeThread delayed: delay time: 40201Jump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeThread delayed: delay time: 40158Jump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeThread delayed: delay time: 56442Jump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeThread delayed: delay time: 31957Jump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeThread delayed: delay time: 54942Jump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeThread delayed: delay time: 49187Jump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeThread delayed: delay time: 36934Jump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeThread delayed: delay time: 36096Jump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeThread delayed: delay time: 41692Jump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeThread delayed: delay time: 45465Jump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeThread delayed: delay time: 40021Jump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeThread delayed: delay time: 54889Jump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeThread delayed: delay time: 37507Jump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeThread delayed: delay time: 31888Jump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeThread delayed: delay time: 36299Jump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeThread delayed: delay time: 37530Jump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeThread delayed: delay time: 51307Jump to behavior
                  Source: aLS3xiFr39.exe, 00000000.00000002.4151680991.0000000001648000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllx
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeMemory allocated: page read and write | page guardJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeQueries volume information: C:\Users\user\Desktop\aLS3xiFr39.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: aLS3xiFr39.exe, 00000000.00000002.4151680991.0000000001648000.00000004.00000020.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4168905935.0000000006768000.00000004.00000020.00020000.00000000.sdmp, aLS3xiFr39.exe, 00000000.00000002.4168905935.0000000006722000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                  Stealing of Sensitive Information

                  barindex
                  Yara detected RedLine Stealer
                  Source: Yara matchFile source: aLS3xiFr39.exe, type: SAMPLE
                  Source: Yara matchFile source: 0.0.aLS3xiFr39.exe.de0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000000.1694994602.0000000000DE2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: aLS3xiFr39.exe PID: 7416, type: MEMORYSTR
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                  Source: C:\Users\user\Desktop\aLS3xiFr39.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                  Source: Yara matchFile source: aLS3xiFr39.exe, type: SAMPLE
                  Source: Yara matchFile source: 0.0.aLS3xiFr39.exe.de0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000000.1694994602.0000000000DE2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: aLS3xiFr39.exe PID: 7416, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected RedLine Stealer
                  Source: Yara matchFile source: aLS3xiFr39.exe, type: SAMPLE
                  Source: Yara matchFile source: 0.0.aLS3xiFr39.exe.de0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000000.1694994602.0000000000DE2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: aLS3xiFr39.exe PID: 7416, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts221
                  Windows Management Instrumentation                  		1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		1
                  Masquerading                  		1
                  OS Credential Dumping                  		231
                  Security Software Discovery                  		Remote Services1
                  Archive Collected Data                  		1
                  Encrypted Channel                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
                  Disable or Modify Tools                  		LSASS Memory11
                  Process Discovery                  		Remote Desktop Protocol1
                  Data from Local System                  		11
                  Non-Standard Port                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)241
                  Virtualization/Sandbox Evasion                  		Security Account Manager241
                  Virtualization/Sandbox Evasion                  		SMB/Windows Admin SharesData from Network Shared Drive1
                  Ingress Tool Transfer                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
                  Obfuscated Files or Information                  		NTDS1
                  Application Window Discovery                  		Distributed Component Object ModelInput Capture1
                  Non-Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                  Software Packing                  		LSA Secrets123
                  System Information Discovery                  		SSHKeylogging1
                  Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  DLL Side-Loading                  		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.