Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PMLQRJIN.msi

Overview

General Information

Sample name:PMLQRJIN.msi
Analysis ID:1624701
MD5:08fddb3395aa1c8c194e73b47ceef47c
SHA1:270d7d2c73c287e7c14bfb0be95e99d1365200e8
SHA256:dc0af3253349bc3d6cff84b99746de1302117bd2fba34c8ff2f4b3225aa3d060
Tags:92-255-85-23msiuser-JAMESWT_MHT
Infos:

Detection

RedLine, SectopRAT
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Suricata IDS alerts for network traffic
Yara detected RedLine Stealer
Yara detected SectopRAT
Connects to many ports of the same IP (likely port scanning)
Found direct / indirect Syscall (likely to bypass EDR)
Found hidden mapped module (file has been removed from disk)
Joe Sandbox ML detected suspicious sample
Maps a DLL or memory area into another process
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Uses known network protocols on non-standard ports
Writes to foreign memory regions
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for available system drives (often done to infect USB drives)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to detect virtual machines (SLDT)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to read the clipboard data
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected non-DNS traffic on DNS port
Detected potential crypto function
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
Internet Provider seen in connection with other malware
Is looking for software installed on the system
JA3 SSL client fingerprint seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Suricata IDS alerts with low severity for network traffic
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 2544 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\PMLQRJIN.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 2100 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • RoboTaskLite.exe (PID: 5348 cmdline: "C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exe" MD5: 6EE5F7F9F0016B5CC4F93A949A08F0DC)
      • RoboTaskLite.exe (PID: 2888 cmdline: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exe MD5: 6EE5F7F9F0016B5CC4F93A949A08F0DC)
        • cmd.exe (PID: 1056 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 3960 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • MSBuild.exe (PID: 5672 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
  • RoboTaskLite.exe (PID: 5916 cmdline: "C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exe" MD5: 6EE5F7F9F0016B5CC4F93A949A08F0DC)
    • cmd.exe (PID: 2620 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 2664 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • MSBuild.exe (PID: 5768 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\orpfyhuanJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    C:\Users\user\AppData\Local\Temp\orpfyhuanJoeSecurity_RedLineYara detected RedLine StealerJoe Security
      C:\Users\user\AppData\Local\Temp\oluJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        C:\Users\user\AppData\Local\Temp\oluJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          C:\Users\user\AppData\Local\Temp\orpfyhuanMALWARE_Win_Arechclient2Detects Arechclient2 RATditekSHen
          • 0xb50d6:$s14: keybd_event
          • 0xbc02e:$v1_1: grabber@
          • 0xb5c92:$v1_2: <BrowserProfile>k__
          • 0xb671f:$v1_3: <SystemHardwares>k__
          • 0xb67de:$v1_5: <ScannedWallets>k__
          • 0xb686e:$v1_6: <DicrFiles>k__
          • 0xb684a:$v1_7: <MessageClientFiles>k__
          • 0xb6c14:$v1_8: <ScanBrowsers>k__BackingField
          • 0xb6c66:$v1_8: <ScanWallets>k__BackingField
          • 0xb6c83:$v1_8: <ScanScreen>k__BackingField
          • 0xb6cbd:$v1_8: <ScanVPN>k__BackingField
          • 0xa85f6:$v1_9: displayName[AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}Local Extension Settingshost
          • 0xa7f02:$v1_10: \sitemanager.xml MB or SELECT * FROM Cookiesconfig
          Click to see the 1 entries

          Memory Dumps

          SourceRuleDescriptionAuthorStrings
          00000010.00000002.2680031617.0000000001302000.00000002.00000001.01000000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000010.00000002.2680031617.0000000001302000.00000002.00000001.01000000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              0000000B.00000002.2680862100.0000000004FA0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                0000000B.00000002.2680862100.0000000004FA0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  00000005.00000002.2464520106.0000000005D20000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                    Click to see the 9 entries

                    Unpacked PEs

                    SourceRuleDescriptionAuthorStrings
                    5.2.cmd.exe.5d200c8.8.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                      5.2.cmd.exe.5d200c8.8.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                        5.2.cmd.exe.5d200c8.8.unpackMALWARE_Win_Arechclient2Detects Arechclient2 RATditekSHen
                        • 0xb32d6:$s14: keybd_event
                        • 0xba22e:$v1_1: grabber@
                        • 0xb3e92:$v1_2: <BrowserProfile>k__
                        • 0xb491f:$v1_3: <SystemHardwares>k__
                        • 0xb49de:$v1_5: <ScannedWallets>k__
                        • 0xb4a6e:$v1_6: <DicrFiles>k__
                        • 0xb4a4a:$v1_7: <MessageClientFiles>k__
                        • 0xb4e14:$v1_8: <ScanBrowsers>k__BackingField
                        • 0xb4e66:$v1_8: <ScanWallets>k__BackingField
                        • 0xb4e83:$v1_8: <ScanScreen>k__BackingField
                        • 0xb4ebd:$v1_8: <ScanVPN>k__BackingField
                        • 0xa67f6:$v1_9: displayName[AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}Local Extension Settingshost
                        • 0xa6102:$v1_10: \sitemanager.xml MB or SELECT * FROM Cookiesconfig
                        5.2.cmd.exe.5d200c8.8.raw.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                          5.2.cmd.exe.5d200c8.8.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                            Click to see the 10 entries

                            Sigma Signatures

                            No Sigma rule has matched

                            Suricata Signatures

                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2025-02-26T13:42:02.263914+010020522481A Network Trojan was detected192.168.2.66208692.255.85.239000TCP
                            2025-02-26T13:42:03.201381+010020522481A Network Trojan was detected192.168.2.66209292.255.85.239000TCP
                            2025-02-26T13:42:04.031484+010020522481A Network Trojan was detected192.168.2.66209992.255.85.239000TCP
                            2025-02-26T13:42:04.852915+010020522481A Network Trojan was detected192.168.2.66210492.255.85.239000TCP
                            2025-02-26T13:42:05.667212+010020522481A Network Trojan was detected192.168.2.66211192.255.85.239000TCP
                            2025-02-26T13:42:06.480657+010020522481A Network Trojan was detected192.168.2.66211792.255.85.239000TCP
                            2025-02-26T13:42:07.296608+010020522481A Network Trojan was detected192.168.2.66212492.255.85.239000TCP
                            2025-02-26T13:42:08.120633+010020522481A Network Trojan was detected192.168.2.66213092.255.85.239000TCP
                            2025-02-26T13:42:08.926521+010020522481A Network Trojan was detected192.168.2.66213692.255.85.239000TCP
                            2025-02-26T13:42:09.730074+010020522481A Network Trojan was detected192.168.2.66214192.255.85.239000TCP
                            2025-02-26T13:42:10.737852+010020522481A Network Trojan was detected192.168.2.66214892.255.85.239000TCP
                            2025-02-26T13:42:11.537933+010020522481A Network Trojan was detected192.168.2.66215492.255.85.239000TCP
                            2025-02-26T13:42:12.352206+010020522481A Network Trojan was detected192.168.2.66216092.255.85.239000TCP
                            2025-02-26T13:42:13.175171+010020522481A Network Trojan was detected192.168.2.66216792.255.85.239000TCP
                            2025-02-26T13:42:13.968464+010020522481A Network Trojan was detected192.168.2.66217492.255.85.239000TCP
                            2025-02-26T13:42:14.765031+010020522481A Network Trojan was detected192.168.2.66218192.255.85.239000TCP
                            2025-02-26T13:42:15.560139+010020522481A Network Trojan was detected192.168.2.66218992.255.85.239000TCP
                            2025-02-26T13:42:16.364239+010020522481A Network Trojan was detected192.168.2.66219492.255.85.239000TCP
                            2025-02-26T13:42:17.165748+010020522481A Network Trojan was detected192.168.2.66220092.255.85.239000TCP
                            2025-02-26T13:42:17.972639+010020522481A Network Trojan was detected192.168.2.66220192.255.85.239000TCP
                            2025-02-26T13:42:18.778739+010020522481A Network Trojan was detected192.168.2.66220292.255.85.239000TCP
                            2025-02-26T13:42:19.699951+010020522481A Network Trojan was detected192.168.2.66220392.255.85.239000TCP
                            2025-02-26T13:42:20.505251+010020522481A Network Trojan was detected192.168.2.66220492.255.85.239000TCP
                            2025-02-26T13:42:21.343407+010020522481A Network Trojan was detected192.168.2.66220592.255.85.239000TCP
                            2025-02-26T13:42:22.141843+010020522481A Network Trojan was detected192.168.2.66220792.255.85.239000TCP
                            2025-02-26T13:42:22.938513+010020522481A Network Trojan was detected192.168.2.66220892.255.85.239000TCP
                            2025-02-26T13:42:23.742838+010020522481A Network Trojan was detected192.168.2.66220992.255.85.239000TCP
                            2025-02-26T13:42:24.550179+010020522481A Network Trojan was detected192.168.2.66221092.255.85.239000TCP
                            2025-02-26T13:42:25.357023+010020522481A Network Trojan was detected192.168.2.66221192.255.85.239000TCP
                            2025-02-26T13:42:26.167022+010020522481A Network Trojan was detected192.168.2.66221292.255.85.239000TCP
                            2025-02-26T13:42:26.973729+010020522481A Network Trojan was detected192.168.2.66221392.255.85.239000TCP
                            2025-02-26T13:42:27.766564+010020522481A Network Trojan was detected192.168.2.66221492.255.85.239000TCP
                            2025-02-26T13:42:28.582970+010020522481A Network Trojan was detected192.168.2.66221592.255.85.239000TCP
                            2025-02-26T13:42:29.387129+010020522481A Network Trojan was detected192.168.2.66221692.255.85.239000TCP
                            2025-02-26T13:42:30.213579+010020522481A Network Trojan was detected192.168.2.66221892.255.85.239000TCP
                            2025-02-26T13:42:31.030247+010020522481A Network Trojan was detected192.168.2.66221992.255.85.239000TCP
                            2025-02-26T13:42:31.828127+010020522481A Network Trojan was detected192.168.2.66222092.255.85.239000TCP
                            2025-02-26T13:42:32.636536+010020522481A Network Trojan was detected192.168.2.66222192.255.85.239000TCP
                            2025-02-26T13:42:33.441080+010020522481A Network Trojan was detected192.168.2.66222292.255.85.239000TCP
                            2025-02-26T13:42:34.245662+010020522481A Network Trojan was detected192.168.2.66222392.255.85.239000TCP
                            2025-02-26T13:42:35.060577+010020522481A Network Trojan was detected192.168.2.66222492.255.85.239000TCP
                            2025-02-26T13:42:35.891342+010020522481A Network Trojan was detected192.168.2.66222592.255.85.239000TCP
                            2025-02-26T13:42:36.691221+010020522481A Network Trojan was detected192.168.2.66222692.255.85.239000TCP
                            2025-02-26T13:42:37.488690+010020522481A Network Trojan was detected192.168.2.66222792.255.85.239000TCP
                            2025-02-26T13:42:38.378843+010020522481A Network Trojan was detected192.168.2.66222892.255.85.239000TCP
                            2025-02-26T13:42:39.168867+010020522481A Network Trojan was detected192.168.2.66222992.255.85.239000TCP
                            2025-02-26T13:42:39.981915+010020522481A Network Trojan was detected192.168.2.66223092.255.85.239000TCP
                            2025-02-26T13:42:40.794760+010020522481A Network Trojan was detected192.168.2.66223192.255.85.239000TCP
                            2025-02-26T13:42:41.609639+010020522481A Network Trojan was detected192.168.2.66223292.255.85.239000TCP
                            2025-02-26T13:42:42.417053+010020522481A Network Trojan was detected192.168.2.66223392.255.85.239000TCP
                            2025-02-26T13:42:43.229825+010020522481A Network Trojan was detected192.168.2.66223492.255.85.239000TCP
                            2025-02-26T13:42:44.032958+010020522481A Network Trojan was detected192.168.2.66223592.255.85.239000TCP
                            2025-02-26T13:42:44.839160+010020522481A Network Trojan was detected192.168.2.66223692.255.85.239000TCP
                            2025-02-26T13:42:45.679274+010020522481A Network Trojan was detected192.168.2.66223792.255.85.239000TCP
                            2025-02-26T13:42:46.495523+010020522481A Network Trojan was detected192.168.2.66223892.255.85.239000TCP
                            2025-02-26T13:42:47.312656+010020522481A Network Trojan was detected192.168.2.66223992.255.85.239000TCP
                            2025-02-26T13:42:48.123041+010020522481A Network Trojan was detected192.168.2.66224092.255.85.239000TCP
                            2025-02-26T13:42:48.934090+010020522481A Network Trojan was detected192.168.2.66224192.255.85.239000TCP
                            2025-02-26T13:42:49.746288+010020522481A Network Trojan was detected192.168.2.66224292.255.85.239000TCP
                            2025-02-26T13:42:50.547967+010020522481A Network Trojan was detected192.168.2.66224392.255.85.239000TCP
                            2025-02-26T13:42:51.454155+010020522481A Network Trojan was detected192.168.2.66224492.255.85.239000TCP
                            2025-02-26T13:42:52.253271+010020522481A Network Trojan was detected192.168.2.66224592.255.85.239000TCP
                            2025-02-26T13:42:53.049102+010020522481A Network Trojan was detected192.168.2.66224692.255.85.239000TCP
                            2025-02-26T13:42:53.856665+010020522481A Network Trojan was detected192.168.2.66224792.255.85.239000TCP
                            2025-02-26T13:42:54.668232+010020522481A Network Trojan was detected192.168.2.66224892.255.85.239000TCP
                            2025-02-26T13:42:55.473531+010020522481A Network Trojan was detected192.168.2.66224992.255.85.239000TCP
                            2025-02-26T13:42:56.287974+010020522481A Network Trojan was detected192.168.2.66225092.255.85.239000TCP
                            2025-02-26T13:42:57.081211+010020522481A Network Trojan was detected192.168.2.66225192.255.85.239000TCP
                            2025-02-26T13:42:57.876970+010020522481A Network Trojan was detected192.168.2.66225292.255.85.239000TCP
                            2025-02-26T13:42:58.683097+010020522481A Network Trojan was detected192.168.2.66225392.255.85.239000TCP
                            2025-02-26T13:42:59.485002+010020522481A Network Trojan was detected192.168.2.66225492.255.85.239000TCP
                            2025-02-26T13:43:00.333716+010020522481A Network Trojan was detected192.168.2.66225592.255.85.239000TCP
                            2025-02-26T13:43:01.132482+010020522481A Network Trojan was detected192.168.2.66225792.255.85.239000TCP
                            2025-02-26T13:43:01.926256+010020522481A Network Trojan was detected192.168.2.66225892.255.85.239000TCP
                            2025-02-26T13:43:02.724112+010020522481A Network Trojan was detected192.168.2.66225992.255.85.239000TCP
                            2025-02-26T13:43:03.527248+010020522481A Network Trojan was detected192.168.2.66226092.255.85.239000TCP
                            2025-02-26T13:43:04.332597+010020522481A Network Trojan was detected192.168.2.66226192.255.85.239000TCP
                            2025-02-26T13:43:05.129077+010020522481A Network Trojan was detected192.168.2.66226292.255.85.239000TCP
                            2025-02-26T13:43:05.939079+010020522481A Network Trojan was detected192.168.2.66226392.255.85.239000TCP
                            2025-02-26T13:43:06.746522+010020522481A Network Trojan was detected192.168.2.66226492.255.85.239000TCP
                            2025-02-26T13:43:07.573312+010020522481A Network Trojan was detected192.168.2.66226592.255.85.239000TCP
                            2025-02-26T13:43:08.377830+010020522481A Network Trojan was detected192.168.2.66226692.255.85.239000TCP
                            2025-02-26T13:43:09.183472+010020522481A Network Trojan was detected192.168.2.66226892.255.85.239000TCP
                            2025-02-26T13:43:09.988038+010020522481A Network Trojan was detected192.168.2.66226992.255.85.239000TCP
                            2025-02-26T13:43:10.821077+010020522481A Network Trojan was detected192.168.2.66227192.255.85.239000TCP
                            2025-02-26T13:43:11.635450+010020522481A Network Trojan was detected192.168.2.66227292.255.85.239000TCP
                            2025-02-26T13:43:12.439114+010020522481A Network Trojan was detected192.168.2.66227392.255.85.239000TCP
                            2025-02-26T13:43:13.237869+010020522481A Network Trojan was detected192.168.2.66227492.255.85.239000TCP
                            2025-02-26T13:43:14.035604+010020522481A Network Trojan was detected192.168.2.66227692.255.85.239000TCP
                            2025-02-26T13:43:14.838602+010020522481A Network Trojan was detected192.168.2.66227792.255.85.239000TCP
                            2025-02-26T13:43:15.640835+010020522481A Network Trojan was detected192.168.2.66227892.255.85.239000TCP
                            2025-02-26T13:43:16.449578+010020522481A Network Trojan was detected192.168.2.66227992.255.85.239000TCP
                            2025-02-26T13:43:17.260219+010020522481A Network Trojan was detected192.168.2.66228092.255.85.239000TCP
                            2025-02-26T13:43:18.074939+010020522481A Network Trojan was detected192.168.2.66228292.255.85.239000TCP
                            2025-02-26T13:43:18.993015+010020522481A Network Trojan was detected192.168.2.66228492.255.85.239000TCP
                            2025-02-26T13:43:19.823229+010020522481A Network Trojan was detected192.168.2.66228592.255.85.239000TCP
                            2025-02-26T13:43:20.639526+010020522481A Network Trojan was detected192.168.2.66228692.255.85.239000TCP
                            2025-02-26T13:43:21.467170+010020522481A Network Trojan was detected192.168.2.66228792.255.85.239000TCP
                            2025-02-26T13:43:22.324736+010020522481A Network Trojan was detected192.168.2.66228892.255.85.239000TCP
                            2025-02-26T13:43:23.241023+010020522481A Network Trojan was detected192.168.2.66228992.255.85.239000TCP
                            2025-02-26T13:43:24.072760+010020522481A Network Trojan was detected192.168.2.66229092.255.85.239000TCP
                            2025-02-26T13:43:24.879232+010020522481A Network Trojan was detected192.168.2.66229192.255.85.239000TCP
                            2025-02-26T13:43:25.688585+010020522481A Network Trojan was detected192.168.2.66229292.255.85.239000TCP
                            2025-02-26T13:43:26.482980+010020522481A Network Trojan was detected192.168.2.66229392.255.85.239000TCP
                            2025-02-26T13:43:27.311577+010020522481A Network Trojan was detected192.168.2.66229492.255.85.239000TCP
                            2025-02-26T13:43:28.133955+010020522481A Network Trojan was detected192.168.2.66229592.255.85.239000TCP
                            2025-02-26T13:43:28.941880+010020522481A Network Trojan was detected192.168.2.66229692.255.85.239000TCP
                            2025-02-26T13:43:29.749808+010020522481A Network Trojan was detected192.168.2.66229792.255.85.239000TCP
                            2025-02-26T13:43:30.551936+010020522481A Network Trojan was detected192.168.2.66229892.255.85.239000TCP
                            2025-02-26T13:43:31.344877+010020522481A Network Trojan was detected192.168.2.66229992.255.85.239000TCP
                            2025-02-26T13:43:32.142534+010020522481A Network Trojan was detected192.168.2.66230092.255.85.239000TCP
                            2025-02-26T13:43:32.941752+010020522481A Network Trojan was detected192.168.2.66230192.255.85.239000TCP
                            2025-02-26T13:43:33.739882+010020522481A Network Trojan was detected192.168.2.66230292.255.85.239000TCP
                            2025-02-26T13:43:34.535844+010020522481A Network Trojan was detected192.168.2.66230392.255.85.239000TCP
                            2025-02-26T13:43:35.337121+010020522481A Network Trojan was detected192.168.2.66230492.255.85.239000TCP
                            2025-02-26T13:43:36.145187+010020522481A Network Trojan was detected192.168.2.66230592.255.85.239000TCP
                            2025-02-26T13:43:36.939309+010020522481A Network Trojan was detected192.168.2.66230692.255.85.239000TCP
                            2025-02-26T13:43:37.747877+010020522481A Network Trojan was detected192.168.2.66230792.255.85.239000TCP
                            2025-02-26T13:43:38.727167+010020522481A Network Trojan was detected192.168.2.66230892.255.85.239000TCP
                            2025-02-26T13:43:39.553934+010020522481A Network Trojan was detected192.168.2.66231092.255.85.239000TCP
                            2025-02-26T13:43:40.381290+010020522481A Network Trojan was detected192.168.2.66231192.255.85.239000TCP
                            2025-02-26T13:43:41.207975+010020522481A Network Trojan was detected192.168.2.66231292.255.85.239000TCP
                            2025-02-26T13:43:42.034423+010020522481A Network Trojan was detected192.168.2.66231392.255.85.239000TCP
                            2025-02-26T13:43:42.925253+010020522481A Network Trojan was detected192.168.2.66231492.255.85.239000TCP
                            2025-02-26T13:43:43.721516+010020522481A Network Trojan was detected192.168.2.66231592.255.85.239000TCP
                            2025-02-26T13:43:44.563584+010020522481A Network Trojan was detected192.168.2.66231692.255.85.239000TCP
                            2025-02-26T13:43:45.378513+010020522481A Network Trojan was detected192.168.2.66231792.255.85.239000TCP
                            2025-02-26T13:43:46.182288+010020522481A Network Trojan was detected192.168.2.66231892.255.85.239000TCP
                            2025-02-26T13:43:47.407848+010020522481A Network Trojan was detected192.168.2.66231992.255.85.239000TCP
                            2025-02-26T13:43:48.206199+010020522481A Network Trojan was detected192.168.2.66232092.255.85.239000TCP
                            2025-02-26T13:43:49.032528+010020522481A Network Trojan was detected192.168.2.66232192.255.85.239000TCP
                            2025-02-26T13:43:49.830695+010020522481A Network Trojan was detected192.168.2.66232292.255.85.239000TCP
                            2025-02-26T13:43:50.630494+010020522481A Network Trojan was detected192.168.2.66232392.255.85.239000TCP
                            2025-02-26T13:43:51.451672+010020522481A Network Trojan was detected192.168.2.66232492.255.85.239000TCP
                            2025-02-26T13:43:52.254081+010020522481A Network Trojan was detected192.168.2.66232592.255.85.239000TCP
                            2025-02-26T13:43:53.052845+010020522481A Network Trojan was detected192.168.2.66232692.255.85.239000TCP
                            2025-02-26T13:43:53.963673+010020522481A Network Trojan was detected192.168.2.66232792.255.85.239000TCP
                            2025-02-26T13:43:54.842648+010020522481A Network Trojan was detected192.168.2.66232892.255.85.239000TCP
                            2025-02-26T13:43:55.659460+010020522481A Network Trojan was detected192.168.2.66232992.255.85.239000TCP
                            2025-02-26T13:43:56.463513+010020522481A Network Trojan was detected192.168.2.66233092.255.85.239000TCP
                            2025-02-26T13:43:57.395419+010020522481A Network Trojan was detected192.168.2.66233192.255.85.239000TCP
                            2025-02-26T13:43:58.204558+010020522481A Network Trojan was detected192.168.2.66233292.255.85.239000TCP
                            2025-02-26T13:43:59.031534+010020522481A Network Trojan was detected192.168.2.66233392.255.85.239000TCP
                            2025-02-26T13:43:59.862047+010020522481A Network Trojan was detected192.168.2.66233492.255.85.239000TCP
                            2025-02-26T13:44:00.662936+010020522481A Network Trojan was detected192.168.2.66233592.255.85.239000TCP
                            2025-02-26T13:44:01.458810+010020522481A Network Trojan was detected192.168.2.66233792.255.85.239000TCP
                            2025-02-26T13:44:02.267688+010020522481A Network Trojan was detected192.168.2.66233892.255.85.239000TCP
                            2025-02-26T13:44:03.075395+010020522481A Network Trojan was detected192.168.2.66233992.255.85.239000TCP
                            2025-02-26T13:44:03.893194+010020522481A Network Trojan was detected192.168.2.66234092.255.85.239000TCP
                            2025-02-26T13:44:04.700731+010020522481A Network Trojan was detected192.168.2.66234192.255.85.239000TCP
                            2025-02-26T13:44:05.512340+010020522481A Network Trojan was detected192.168.2.66234292.255.85.239000TCP
                            2025-02-26T13:44:06.319486+010020522481A Network Trojan was detected192.168.2.66234392.255.85.239000TCP
                            2025-02-26T13:44:07.137785+010020522481A Network Trojan was detected192.168.2.66234492.255.85.239000TCP
                            2025-02-26T13:44:07.942364+010020522481A Network Trojan was detected192.168.2.66234592.255.85.239000TCP
                            2025-02-26T13:44:08.738809+010020522481A Network Trojan was detected192.168.2.66234692.255.85.239000TCP
                            2025-02-26T13:44:09.542021+010020522481A Network Trojan was detected192.168.2.66234792.255.85.239000TCP
                            2025-02-26T13:44:10.384166+010020522481A Network Trojan was detected192.168.2.66234892.255.85.239000TCP
                            2025-02-26T13:44:11.217701+010020522481A Network Trojan was detected192.168.2.66234992.255.85.239000TCP
                            2025-02-26T13:44:12.031284+010020522481A Network Trojan was detected192.168.2.66235092.255.85.239000TCP
                            2025-02-26T13:44:12.845167+010020522481A Network Trojan was detected192.168.2.66235192.255.85.239000TCP
                            2025-02-26T13:44:13.645925+010020522481A Network Trojan was detected192.168.2.66235292.255.85.239000TCP
                            2025-02-26T13:44:14.465758+010020522481A Network Trojan was detected192.168.2.66235392.255.85.239000TCP
                            2025-02-26T13:44:15.268668+010020522481A Network Trojan was detected192.168.2.66235492.255.85.239000TCP
                            2025-02-26T13:44:16.999941+010020522481A Network Trojan was detected192.168.2.66235592.255.85.239000TCP
                            2025-02-26T13:44:17.823747+010020522481A Network Trojan was detected192.168.2.66235692.255.85.239000TCP
                            2025-02-26T13:44:18.688574+010020522481A Network Trojan was detected192.168.2.66235792.255.85.239000TCP
                            2025-02-26T13:44:19.488290+010020522481A Network Trojan was detected192.168.2.66235892.255.85.239000TCP
                            2025-02-26T13:44:20.292163+010020522481A Network Trojan was detected192.168.2.66235992.255.85.239000TCP
                            2025-02-26T13:44:21.152081+010020522481A Network Trojan was detected192.168.2.66236092.255.85.239000TCP
                            2025-02-26T13:44:21.959403+010020522481A Network Trojan was detected192.168.2.66236192.255.85.239000TCP
                            2025-02-26T13:44:22.752178+010020522481A Network Trojan was detected192.168.2.66236292.255.85.239000TCP
                            2025-02-26T13:44:23.586977+010020522481A Network Trojan was detected192.168.2.66236392.255.85.239000TCP
                            2025-02-26T13:44:24.395522+010020522481A Network Trojan was detected192.168.2.66236492.255.85.239000TCP
                            2025-02-26T13:44:25.247932+010020522481A Network Trojan was detected192.168.2.66236692.255.85.239000TCP
                            2025-02-26T13:44:26.140479+010020522481A Network Trojan was detected192.168.2.66236792.255.85.239000TCP
                            2025-02-26T13:44:26.951600+010020522481A Network Trojan was detected192.168.2.66236892.255.85.239000TCP
                            2025-02-26T13:44:28.068632+010020522481A Network Trojan was detected192.168.2.66236992.255.85.239000TCP
                            2025-02-26T13:44:28.993896+010020522481A Network Trojan was detected192.168.2.66237092.255.85.239000TCP
                            2025-02-26T13:44:29.823151+010020522481A Network Trojan was detected192.168.2.66237192.255.85.239000TCP
                            2025-02-26T13:44:30.650186+010020522481A Network Trojan was detected192.168.2.66237292.255.85.239000TCP
                            2025-02-26T13:44:31.465408+010020522481A Network Trojan was detected192.168.2.66237392.255.85.239000TCP
                            2025-02-26T13:44:32.293066+010020522481A Network Trojan was detected192.168.2.66237492.255.85.239000TCP
                            2025-02-26T13:44:33.165648+010020522481A Network Trojan was detected192.168.2.66237592.255.85.239000TCP
                            2025-02-26T13:44:33.987355+010020522481A Network Trojan was detected192.168.2.66237692.255.85.239000TCP
                            2025-02-26T13:44:34.824427+010020522481A Network Trojan was detected192.168.2.66237792.255.85.239000TCP
                            2025-02-26T13:44:35.688229+010020522481A Network Trojan was detected192.168.2.66237892.255.85.239000TCP
                            2025-02-26T13:44:36.495005+010020522481A Network Trojan was detected192.168.2.66237992.255.85.239000TCP
                            2025-02-26T13:44:37.461801+010020522481A Network Trojan was detected192.168.2.66238092.255.85.239000TCP
                            2025-02-26T13:44:38.278779+010020522481A Network Trojan was detected192.168.2.66238192.255.85.239000TCP
                            2025-02-26T13:44:39.088650+010020522481A Network Trojan was detected192.168.2.66238292.255.85.239000TCP
                            2025-02-26T13:44:40.186266+010020522481A Network Trojan was detected192.168.2.66238392.255.85.239000TCP
                            2025-02-26T13:44:40.989069+010020522481A Network Trojan was detected192.168.2.66238692.255.85.239000TCP
                            2025-02-26T13:44:41.785590+010020522481A Network Trojan was detected192.168.2.66238792.255.85.239000TCP
                            2025-02-26T13:44:42.579810+010020522481A Network Trojan was detected192.168.2.66238892.255.85.239000TCP
                            2025-02-26T13:44:43.379705+010020522481A Network Trojan was detected192.168.2.66238992.255.85.239000TCP
                            2025-02-26T13:44:44.180835+010020522481A Network Trojan was detected192.168.2.66239092.255.85.239000TCP
                            2025-02-26T13:44:45.000810+010020522481A Network Trojan was detected192.168.2.66239192.255.85.239000TCP
                            2025-02-26T13:44:45.823957+010020522481A Network Trojan was detected192.168.2.66239292.255.85.239000TCP
                            2025-02-26T13:44:46.649048+010020522481A Network Trojan was detected192.168.2.66239392.255.85.239000TCP
                            2025-02-26T13:44:47.456372+010020522481A Network Trojan was detected192.168.2.66239492.255.85.239000TCP
                            2025-02-26T13:44:48.266034+010020522481A Network Trojan was detected192.168.2.66239592.255.85.239000TCP
                            2025-02-26T13:44:49.064604+010020522481A Network Trojan was detected192.168.2.66239692.255.85.239000TCP
                            2025-02-26T13:44:49.876502+010020522481A Network Trojan was detected192.168.2.66239792.255.85.239000TCP
                            2025-02-26T13:44:50.687829+010020522481A Network Trojan was detected192.168.2.66239892.255.85.239000TCP
                            2025-02-26T13:44:51.487779+010020522481A Network Trojan was detected192.168.2.66239992.255.85.239000TCP
                            2025-02-26T13:44:52.291015+010020522481A Network Trojan was detected192.168.2.66240092.255.85.239000TCP
                            2025-02-26T13:44:53.121304+010020522481A Network Trojan was detected192.168.2.66240192.255.85.239000TCP
                            2025-02-26T13:44:54.058117+010020522481A Network Trojan was detected192.168.2.66240292.255.85.239000TCP
                            2025-02-26T13:44:54.881634+010020522481A Network Trojan was detected192.168.2.66240392.255.85.239000TCP
                            2025-02-26T13:44:55.701234+010020522481A Network Trojan was detected192.168.2.66240492.255.85.239000TCP
                            2025-02-26T13:44:56.506681+010020522481A Network Trojan was detected192.168.2.66240692.255.85.239000TCP
                            2025-02-26T13:44:57.381940+010020522481A Network Trojan was detected192.168.2.66240792.255.85.239000TCP
                            2025-02-26T13:44:58.216403+010020522481A Network Trojan was detected192.168.2.66240892.255.85.239000TCP
                            2025-02-26T13:44:59.028629+010020522481A Network Trojan was detected192.168.2.66240992.255.85.239000TCP
                            2025-02-26T13:44:59.872579+010020522481A Network Trojan was detected192.168.2.66241092.255.85.239000TCP
                            2025-02-26T13:45:00.685556+010020522481A Network Trojan was detected192.168.2.66241192.255.85.239000TCP
                            2025-02-26T13:45:01.488245+010020522481A Network Trojan was detected192.168.2.66241292.255.85.239000TCP
                            2025-02-26T13:45:02.290228+010020522481A Network Trojan was detected192.168.2.66241392.255.85.239000TCP
                            2025-02-26T13:45:03.127867+010020522481A Network Trojan was detected192.168.2.66241492.255.85.239000TCP
                            2025-02-26T13:45:03.924935+010020522481A Network Trojan was detected192.168.2.66241692.255.85.239000TCP
                            2025-02-26T13:45:04.736338+010020522481A Network Trojan was detected192.168.2.66241792.255.85.239000TCP
                            2025-02-26T13:45:05.545134+010020522481A Network Trojan was detected192.168.2.66241992.255.85.239000TCP
                            2025-02-26T13:45:06.408832+010020522481A Network Trojan was detected192.168.2.66242092.255.85.239000TCP
                            2025-02-26T13:45:07.205497+010020522481A Network Trojan was detected192.168.2.66242192.255.85.239000TCP
                            2025-02-26T13:45:08.145618+010020522481A Network Trojan was detected192.168.2.66242292.255.85.239000TCP
                            2025-02-26T13:45:09.146831+010020522481A Network Trojan was detected192.168.2.66242392.255.85.239000TCP
                            2025-02-26T13:45:09.947552+010020522481A Network Trojan was detected192.168.2.66242492.255.85.239000TCP
                            2025-02-26T13:45:10.775030+010020522481A Network Trojan was detected192.168.2.66242592.255.85.239000TCP
                            2025-02-26T13:45:11.589145+010020522481A Network Trojan was detected192.168.2.66242692.255.85.239000TCP
                            2025-02-26T13:45:12.396113+010020522481A Network Trojan was detected192.168.2.66242792.255.85.239000TCP
                            2025-02-26T13:45:13.213825+010020522481A Network Trojan was detected192.168.2.66242892.255.85.239000TCP
                            2025-02-26T13:45:14.034927+010020522481A Network Trojan was detected192.168.2.66242992.255.85.239000TCP
                            2025-02-26T13:45:14.848786+010020522481A Network Trojan was detected192.168.2.66243092.255.85.239000TCP
                            2025-02-26T13:45:15.659035+010020522481A Network Trojan was detected192.168.2.66243192.255.85.239000TCP
                            2025-02-26T13:45:16.475172+010020522481A Network Trojan was detected192.168.2.66243292.255.85.239000TCP
                            2025-02-26T13:45:17.309335+010020522481A Network Trojan was detected192.168.2.66243392.255.85.239000TCP
                            2025-02-26T13:45:18.172336+010020522481A Network Trojan was detected192.168.2.66243492.255.85.239000TCP
                            2025-02-26T13:45:19.034664+010020522481A Network Trojan was detected192.168.2.66243592.255.85.239000TCP
                            2025-02-26T13:45:19.851379+010020522481A Network Trojan was detected192.168.2.66243692.255.85.239000TCP
                            2025-02-26T13:45:20.648841+010020522481A Network Trojan was detected192.168.2.66243792.255.85.239000TCP
                            2025-02-26T13:45:21.457529+010020522481A Network Trojan was detected192.168.2.66243892.255.85.239000TCP
                            2025-02-26T13:45:22.292719+010020522481A Network Trojan was detected192.168.2.66243992.255.85.239000TCP
                            2025-02-26T13:45:23.118758+010020522481A Network Trojan was detected192.168.2.66244092.255.85.239000TCP
                            2025-02-26T13:45:23.928428+010020522481A Network Trojan was detected192.168.2.66244192.255.85.239000TCP
                            2025-02-26T13:45:24.725804+010020522481A Network Trojan was detected192.168.2.66244292.255.85.239000TCP
                            2025-02-26T13:45:25.521096+010020522481A Network Trojan was detected192.168.2.66244392.255.85.239000TCP
                            2025-02-26T13:45:26.324865+010020522481A Network Trojan was detected192.168.2.66244492.255.85.239000TCP
                            2025-02-26T13:45:27.128038+010020522481A Network Trojan was detected192.168.2.66244592.255.85.239000TCP
                            2025-02-26T13:45:28.094838+010020522481A Network Trojan was detected192.168.2.66244692.255.85.239000TCP
                            2025-02-26T13:45:28.992110+010020522481A Network Trojan was detected192.168.2.66244792.255.85.239000TCP
                            2025-02-26T13:45:29.841953+010020522481A Network Trojan was detected192.168.2.66244892.255.85.239000TCP
                            2025-02-26T13:45:30.690965+010020522481A Network Trojan was detected192.168.2.66244992.255.85.239000TCP
                            2025-02-26T13:45:31.493236+010020522481A Network Trojan was detected192.168.2.66245092.255.85.239000TCP
                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2025-02-26T13:42:04.031484+010028033053Unknown Traffic192.168.2.66209992.255.85.239000TCP
                            2025-02-26T13:42:04.852915+010028033053Unknown Traffic192.168.2.66210492.255.85.239000TCP
                            2025-02-26T13:42:05.667212+010028033053Unknown Traffic192.168.2.66211192.255.85.239000TCP
                            2025-02-26T13:42:06.480657+010028033053Unknown Traffic192.168.2.66211792.255.85.239000TCP
                            2025-02-26T13:42:07.296608+010028033053Unknown Traffic192.168.2.66212492.255.85.239000TCP
                            2025-02-26T13:42:08.120633+010028033053Unknown Traffic192.168.2.66213092.255.85.239000TCP
                            2025-02-26T13:42:09.730074+010028033053Unknown Traffic192.168.2.66214192.255.85.239000TCP
                            2025-02-26T13:42:10.737852+010028033053Unknown Traffic192.168.2.66214892.255.85.239000TCP
                            2025-02-26T13:42:13.175171+010028033053Unknown Traffic192.168.2.66216792.255.85.239000TCP
                            2025-02-26T13:42:13.968464+010028033053Unknown Traffic192.168.2.66217492.255.85.239000TCP
                            2025-02-26T13:42:14.765031+010028033053Unknown Traffic192.168.2.66218192.255.85.239000TCP
                            2025-02-26T13:42:17.165748+010028033053Unknown Traffic192.168.2.66220092.255.85.239000TCP
                            2025-02-26T13:42:18.778739+010028033053Unknown Traffic192.168.2.66220292.255.85.239000TCP
                            2025-02-26T13:42:21.343407+010028033053Unknown Traffic192.168.2.66220592.255.85.239000TCP
                            2025-02-26T13:42:22.938513+010028033053Unknown Traffic192.168.2.66220892.255.85.239000TCP
                            2025-02-26T13:42:23.742838+010028033053Unknown Traffic192.168.2.66220992.255.85.239000TCP
                            2025-02-26T13:42:25.357023+010028033053Unknown Traffic192.168.2.66221192.255.85.239000TCP
                            2025-02-26T13:42:29.387129+010028033053Unknown Traffic192.168.2.66221692.255.85.239000TCP
                            2025-02-26T13:42:30.213579+010028033053Unknown Traffic192.168.2.66221892.255.85.239000TCP
                            2025-02-26T13:42:31.030247+010028033053Unknown Traffic192.168.2.66221992.255.85.239000TCP
                            2025-02-26T13:42:31.828127+010028033053Unknown Traffic192.168.2.66222092.255.85.239000TCP
                            2025-02-26T13:42:32.636536+010028033053Unknown Traffic192.168.2.66222192.255.85.239000TCP
                            2025-02-26T13:42:33.441080+010028033053Unknown Traffic192.168.2.66222292.255.85.239000TCP
                            2025-02-26T13:42:35.060577+010028033053Unknown Traffic192.168.2.66222492.255.85.239000TCP
                            2025-02-26T13:42:38.378843+010028033053Unknown Traffic192.168.2.66222892.255.85.239000TCP
                            2025-02-26T13:42:39.981915+010028033053Unknown Traffic192.168.2.66223092.255.85.239000TCP
                            2025-02-26T13:42:42.417053+010028033053Unknown Traffic192.168.2.66223392.255.85.239000TCP
                            2025-02-26T13:42:46.495523+010028033053Unknown Traffic192.168.2.66223892.255.85.239000TCP
                            2025-02-26T13:42:50.547967+010028033053Unknown Traffic192.168.2.66224392.255.85.239000TCP
                            2025-02-26T13:42:51.454155+010028033053Unknown Traffic192.168.2.66224492.255.85.239000TCP
                            2025-02-26T13:42:54.668232+010028033053Unknown Traffic192.168.2.66224892.255.85.239000TCP
                            2025-02-26T13:42:59.485002+010028033053Unknown Traffic192.168.2.66225492.255.85.239000TCP
                            2025-02-26T13:43:00.333716+010028033053Unknown Traffic192.168.2.66225592.255.85.239000TCP
                            2025-02-26T13:43:01.132482+010028033053Unknown Traffic192.168.2.66225792.255.85.239000TCP
                            2025-02-26T13:43:01.926256+010028033053Unknown Traffic192.168.2.66225892.255.85.239000TCP
                            2025-02-26T13:43:02.724112+010028033053Unknown Traffic192.168.2.66225992.255.85.239000TCP
                            2025-02-26T13:43:03.527248+010028033053Unknown Traffic192.168.2.66226092.255.85.239000TCP
                            2025-02-26T13:43:05.939079+010028033053Unknown Traffic192.168.2.66226392.255.85.239000TCP
                            2025-02-26T13:43:06.746522+010028033053Unknown Traffic192.168.2.66226492.255.85.239000TCP
                            2025-02-26T13:43:09.183472+010028033053Unknown Traffic192.168.2.66226892.255.85.239000TCP
                            2025-02-26T13:43:10.821077+010028033053Unknown Traffic192.168.2.66227192.255.85.239000TCP
                            2025-02-26T13:43:11.635450+010028033053Unknown Traffic192.168.2.66227292.255.85.239000TCP
                            2025-02-26T13:43:12.439114+010028033053Unknown Traffic192.168.2.66227392.255.85.239000TCP
                            2025-02-26T13:43:14.035604+010028033053Unknown Traffic192.168.2.66227692.255.85.239000TCP
                            2025-02-26T13:43:16.449578+010028033053Unknown Traffic192.168.2.66227992.255.85.239000TCP
                            2025-02-26T13:43:17.260219+010028033053Unknown Traffic192.168.2.66228092.255.85.239000TCP
                            2025-02-26T13:43:18.074939+010028033053Unknown Traffic192.168.2.66228292.255.85.239000TCP
                            2025-02-26T13:43:18.993015+010028033053Unknown Traffic192.168.2.66228492.255.85.239000TCP
                            2025-02-26T13:43:19.823229+010028033053Unknown Traffic192.168.2.66228592.255.85.239000TCP
                            2025-02-26T13:43:20.639526+010028033053Unknown Traffic192.168.2.66228692.255.85.239000TCP
                            2025-02-26T13:43:21.467170+010028033053Unknown Traffic192.168.2.66228792.255.85.239000TCP
                            2025-02-26T13:43:22.324736+010028033053Unknown Traffic192.168.2.66228892.255.85.239000TCP
                            2025-02-26T13:43:23.241023+010028033053Unknown Traffic192.168.2.66228992.255.85.239000TCP
                            2025-02-26T13:43:24.072760+010028033053Unknown Traffic192.168.2.66229092.255.85.239000TCP
                            2025-02-26T13:43:24.879232+010028033053Unknown Traffic192.168.2.66229192.255.85.239000TCP
                            2025-02-26T13:43:25.688585+010028033053Unknown Traffic192.168.2.66229292.255.85.239000TCP
                            2025-02-26T13:43:26.482980+010028033053Unknown Traffic192.168.2.66229392.255.85.239000TCP
                            2025-02-26T13:43:27.311577+010028033053Unknown Traffic192.168.2.66229492.255.85.239000TCP
                            2025-02-26T13:43:28.133955+010028033053Unknown Traffic192.168.2.66229592.255.85.239000TCP
                            2025-02-26T13:43:28.941880+010028033053Unknown Traffic192.168.2.66229692.255.85.239000TCP
                            2025-02-26T13:43:29.749808+010028033053Unknown Traffic192.168.2.66229792.255.85.239000TCP
                            2025-02-26T13:43:30.551936+010028033053Unknown Traffic192.168.2.66229892.255.85.239000TCP
                            2025-02-26T13:43:31.344877+010028033053Unknown Traffic192.168.2.66229992.255.85.239000TCP
                            2025-02-26T13:43:32.142534+010028033053Unknown Traffic192.168.2.66230092.255.85.239000TCP
                            2025-02-26T13:43:32.941752+010028033053Unknown Traffic192.168.2.66230192.255.85.239000TCP
                            2025-02-26T13:43:33.739882+010028033053Unknown Traffic192.168.2.66230292.255.85.239000TCP
                            2025-02-26T13:43:34.535844+010028033053Unknown Traffic192.168.2.66230392.255.85.239000TCP
                            2025-02-26T13:43:35.337121+010028033053Unknown Traffic192.168.2.66230492.255.85.239000TCP
                            2025-02-26T13:43:36.145187+010028033053Unknown Traffic192.168.2.66230592.255.85.239000TCP
                            2025-02-26T13:43:36.939309+010028033053Unknown Traffic192.168.2.66230692.255.85.239000TCP
                            2025-02-26T13:43:37.747877+010028033053Unknown Traffic192.168.2.66230792.255.85.239000TCP
                            2025-02-26T13:43:38.727167+010028033053Unknown Traffic192.168.2.66230892.255.85.239000TCP
                            2025-02-26T13:43:39.553934+010028033053Unknown Traffic192.168.2.66231092.255.85.239000TCP
                            2025-02-26T13:43:40.381290+010028033053Unknown Traffic192.168.2.66231192.255.85.239000TCP
                            2025-02-26T13:43:41.207975+010028033053Unknown Traffic192.168.2.66231292.255.85.239000TCP
                            2025-02-26T13:43:42.034423+010028033053Unknown Traffic192.168.2.66231392.255.85.239000TCP
                            2025-02-26T13:43:42.925253+010028033053Unknown Traffic192.168.2.66231492.255.85.239000TCP
                            2025-02-26T13:43:43.721516+010028033053Unknown Traffic192.168.2.66231592.255.85.239000TCP
                            2025-02-26T13:43:44.563584+010028033053Unknown Traffic192.168.2.66231692.255.85.239000TCP
                            2025-02-26T13:43:45.378513+010028033053Unknown Traffic192.168.2.66231792.255.85.239000TCP
                            2025-02-26T13:43:46.182288+010028033053Unknown Traffic192.168.2.66231892.255.85.239000TCP
                            2025-02-26T13:43:47.407848+010028033053Unknown Traffic192.168.2.66231992.255.85.239000TCP
                            2025-02-26T13:43:48.206199+010028033053Unknown Traffic192.168.2.66232092.255.85.239000TCP
                            2025-02-26T13:43:49.032528+010028033053Unknown Traffic192.168.2.66232192.255.85.239000TCP
                            2025-02-26T13:43:49.830695+010028033053Unknown Traffic192.168.2.66232292.255.85.239000TCP
                            2025-02-26T13:43:50.630494+010028033053Unknown Traffic192.168.2.66232392.255.85.239000TCP
                            2025-02-26T13:43:51.451672+010028033053Unknown Traffic192.168.2.66232492.255.85.239000TCP
                            2025-02-26T13:43:52.254081+010028033053Unknown Traffic192.168.2.66232592.255.85.239000TCP
                            2025-02-26T13:43:53.052845+010028033053Unknown Traffic192.168.2.66232692.255.85.239000TCP
                            2025-02-26T13:43:53.963673+010028033053Unknown Traffic192.168.2.66232792.255.85.239000TCP
                            2025-02-26T13:43:54.842648+010028033053Unknown Traffic192.168.2.66232892.255.85.239000TCP
                            2025-02-26T13:43:57.395419+010028033053Unknown Traffic192.168.2.66233192.255.85.239000TCP
                            2025-02-26T13:43:58.204558+010028033053Unknown Traffic192.168.2.66233292.255.85.239000TCP
                            2025-02-26T13:44:00.662936+010028033053Unknown Traffic192.168.2.66233592.255.85.239000TCP
                            2025-02-26T13:44:01.458810+010028033053Unknown Traffic192.168.2.66233792.255.85.239000TCP
                            2025-02-26T13:44:02.267688+010028033053Unknown Traffic192.168.2.66233892.255.85.239000TCP
                            2025-02-26T13:44:05.512340+010028033053Unknown Traffic192.168.2.66234292.255.85.239000TCP
                            2025-02-26T13:44:11.217701+010028033053Unknown Traffic192.168.2.66234992.255.85.239000TCP
                            2025-02-26T13:44:12.031284+010028033053Unknown Traffic192.168.2.66235092.255.85.239000TCP
                            2025-02-26T13:44:13.645925+010028033053Unknown Traffic192.168.2.66235292.255.85.239000TCP
                            2025-02-26T13:44:15.268668+010028033053Unknown Traffic192.168.2.66235492.255.85.239000TCP
                            2025-02-26T13:44:18.688574+010028033053Unknown Traffic192.168.2.66235792.255.85.239000TCP
                            2025-02-26T13:44:20.292163+010028033053Unknown Traffic192.168.2.66235992.255.85.239000TCP
                            2025-02-26T13:44:26.140479+010028033053Unknown Traffic192.168.2.66236792.255.85.239000TCP
                            2025-02-26T13:44:28.993896+010028033053Unknown Traffic192.168.2.66237092.255.85.239000TCP
                            2025-02-26T13:44:29.823151+010028033053Unknown Traffic192.168.2.66237192.255.85.239000TCP
                            2025-02-26T13:44:31.465408+010028033053Unknown Traffic192.168.2.66237392.255.85.239000TCP
                            2025-02-26T13:44:34.824427+010028033053Unknown Traffic192.168.2.66237792.255.85.239000TCP
                            2025-02-26T13:44:36.495005+010028033053Unknown Traffic192.168.2.66237992.255.85.239000TCP
                            2025-02-26T13:44:38.278779+010028033053Unknown Traffic192.168.2.66238192.255.85.239000TCP
                            2025-02-26T13:44:40.186266+010028033053Unknown Traffic192.168.2.66238392.255.85.239000TCP
                            2025-02-26T13:44:42.579810+010028033053Unknown Traffic192.168.2.66238892.255.85.239000TCP
                            2025-02-26T13:44:46.649048+010028033053Unknown Traffic192.168.2.66239392.255.85.239000TCP
                            2025-02-26T13:44:47.456372+010028033053Unknown Traffic192.168.2.66239492.255.85.239000TCP
                            2025-02-26T13:44:49.876502+010028033053Unknown Traffic192.168.2.66239792.255.85.239000TCP
                            2025-02-26T13:44:52.291015+010028033053Unknown Traffic192.168.2.66240092.255.85.239000TCP
                            2025-02-26T13:44:53.121304+010028033053Unknown Traffic192.168.2.66240192.255.85.239000TCP
                            2025-02-26T13:44:54.058117+010028033053Unknown Traffic192.168.2.66240292.255.85.239000TCP
                            2025-02-26T13:44:56.506681+010028033053Unknown Traffic192.168.2.66240692.255.85.239000TCP
                            2025-02-26T13:44:57.381940+010028033053Unknown Traffic192.168.2.66240792.255.85.239000TCP
                            2025-02-26T13:44:59.872579+010028033053Unknown Traffic192.168.2.66241092.255.85.239000TCP
                            2025-02-26T13:45:02.290228+010028033053Unknown Traffic192.168.2.66241392.255.85.239000TCP
                            2025-02-26T13:45:03.127867+010028033053Unknown Traffic192.168.2.66241492.255.85.239000TCP
                            2025-02-26T13:45:04.736338+010028033053Unknown Traffic192.168.2.66241792.255.85.239000TCP
                            2025-02-26T13:45:06.408832+010028033053Unknown Traffic192.168.2.66242092.255.85.239000TCP
                            2025-02-26T13:45:09.146831+010028033053Unknown Traffic192.168.2.66242392.255.85.239000TCP
                            2025-02-26T13:45:11.589145+010028033053Unknown Traffic192.168.2.66242692.255.85.239000TCP
                            2025-02-26T13:45:13.213825+010028033053Unknown Traffic192.168.2.66242892.255.85.239000TCP
                            2025-02-26T13:45:14.848786+010028033053Unknown Traffic192.168.2.66243092.255.85.239000TCP
                            2025-02-26T13:45:16.475172+010028033053Unknown Traffic192.168.2.66243292.255.85.239000TCP
                            2025-02-26T13:45:20.648841+010028033053Unknown Traffic192.168.2.66243792.255.85.239000TCP
                            2025-02-26T13:45:21.457529+010028033053Unknown Traffic192.168.2.66243892.255.85.239000TCP
                            2025-02-26T13:45:23.928428+010028033053Unknown Traffic192.168.2.66244192.255.85.239000TCP
                            2025-02-26T13:45:24.725804+010028033053Unknown Traffic192.168.2.66244292.255.85.239000TCP
                            2025-02-26T13:45:26.324865+010028033053Unknown Traffic192.168.2.66244492.255.85.239000TCP
                            2025-02-26T13:45:27.128038+010028033053Unknown Traffic192.168.2.66244592.255.85.239000TCP
                            2025-02-26T13:45:28.992110+010028033053Unknown Traffic192.168.2.66244792.255.85.239000TCP

                            Joe Sandbox Signatures

                            Click to jump to signature section

                            Show All Signature Results

                            AV Detection

                            barindex
                            Antivirus detection for dropped file
                            Source: C:\Users\user\AppData\Local\Temp\orpfyhuanAvira: detection malicious, Label: HEUR/AGEN.1307453
                            Source: C:\Users\user\AppData\Local\Temp\oluAvira: detection malicious, Label: HEUR/AGEN.1307453
                            Multi AV Scanner detection for dropped file
                            Source: C:\Users\user\AppData\Local\Temp\oluReversingLabs: Detection: 71%
                            Source: C:\Users\user\AppData\Local\Temp\orpfyhuanReversingLabs: Detection: 71%
                            Joe Sandbox ML detected suspicious sample
                            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06D65F98 CryptUnprotectData,9_2_06D65F98
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06D66688 CryptUnprotectData,9_2_06D66688
                            Source: unknownHTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:62161 version: TLS 1.0
                            Source: Binary string: wntdll.pdbUGP source: RoboTaskLite.exe, 00000003.00000002.2178210295.000000000971E000.00000004.00000020.00020000.00000000.sdmp, RoboTaskLite.exe, 00000003.00000002.2178805908.0000000009A70000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2463144969.0000000004ECF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2463734385.00000000053A0000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2680218634.0000000004613000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2680599264.0000000004AF0000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: wntdll.pdb source: RoboTaskLite.exe, 00000003.00000002.2178210295.000000000971E000.00000004.00000020.00020000.00000000.sdmp, RoboTaskLite.exe, 00000003.00000002.2178805908.0000000009A70000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2463144969.0000000004ECF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2463734385.00000000053A0000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2680218634.0000000004613000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2680599264.0000000004AF0000.00000004.00001000.00020000.00000000.sdmp
                            Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
                            Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
                            Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
                            Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
                            Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
                            Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
                            Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
                            Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
                            Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
                            Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
                            Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
                            Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
                            Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
                            Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
                            Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
                            Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
                            Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
                            Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
                            Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
                            Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
                            Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
                            Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
                            Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeFile opened: c:Jump to behavior
                            Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4x nop then jmp 06E993AEh9_2_06E99298
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4x nop then jmp 06E9DF8Ah9_2_06E9D95E
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4x nop then jmp 06E993AEh9_2_06E99289
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4x nop then jmp 07FAD339h9_2_07FACEA0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4x nop then jmp 07FA0D2Ah9_2_07FA0040
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4x nop then mov eax, dword ptr [ebp-60h]9_2_07FA0040
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4x nop then jmp 07FA139Dh9_2_07FA0040
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4x nop then imul eax, dword ptr [ebp-44h], 11A80000h9_2_07FA941B
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4x nop then jmp 07FAB309h9_2_07FAB2F1

                            Networking

                            barindex
                            Suricata IDS alerts for network traffic
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62086 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62111 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62099 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62104 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62124 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62092 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62141 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62154 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62136 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62148 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62160 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62167 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62189 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62117 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62174 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62204 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62207 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62202 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62209 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62200 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62211 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62216 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62194 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62213 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62212 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62205 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62219 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62221 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62210 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62218 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62224 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62226 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62203 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62201 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62227 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62181 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62229 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62230 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62222 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62232 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62215 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62231 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62235 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62234 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62233 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62223 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62237 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62225 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62238 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62239 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62130 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62240 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62241 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62228 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62236 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62242 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62243 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62244 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62245 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62246 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62248 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62214 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62247 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62249 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62251 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62253 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62252 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62254 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62220 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62255 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62257 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62259 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62260 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62258 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62261 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62262 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62263 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62264 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62265 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62266 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62268 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62269 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62272 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62271 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62277 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62278 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62273 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62279 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62280 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62284 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62285 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62282 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62286 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62276 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62287 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62289 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62288 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62291 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62290 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62292 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62208 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62274 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62294 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62295 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62296 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62297 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62298 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62299 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62300 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62301 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62302 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62303 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62304 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62305 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62306 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62307 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62250 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62308 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62310 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62311 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62312 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62313 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62315 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62314 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62316 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62317 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62318 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62319 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62293 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62320 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62321 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62322 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62323 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62324 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62325 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62326 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62327 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62329 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62330 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62331 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62332 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62333 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62334 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62335 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62338 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62337 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62339 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62340 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62341 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62342 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62343 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62344 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62345 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62346 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62347 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62348 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62349 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62350 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62351 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62352 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62355 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62356 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62354 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62353 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62357 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62358 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62359 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62360 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62361 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62362 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62363 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62364 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62366 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62367 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62368 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62370 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62371 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62372 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62369 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62373 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62374 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62375 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62376 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62377 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62378 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62379 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62381 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62383 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62382 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62387 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62388 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62386 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62389 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62391 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62392 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62393 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62394 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62395 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62397 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62396 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62398 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62399 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62400 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62404 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62406 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62407 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62403 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62411 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62410 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62412 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62413 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62414 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62417 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62419 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62416 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62420 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62421 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62402 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62422 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62409 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62423 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62424 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62425 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62426 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62428 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62429 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62430 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62432 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62433 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62408 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62434 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62436 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62438 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62328 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62431 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62440 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62437 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62439 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62442 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62441 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62443 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62444 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62445 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62446 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62447 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62449 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62450 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62448 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62380 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62390 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62401 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62427 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.6:62435 -> 92.255.85.23:9000
                            Connects to many ports of the same IP (likely port scanning)
                            Source: global trafficTCP traffic: 92.255.85.23 ports 9000,1,4,5,7,8,15847
                            Uses known network protocols on non-standard ports
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62086 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62086
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62092 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62092
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62099 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62099
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62104 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62104
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62111 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62111
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62117 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62117
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62124 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62124
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62130 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62130
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62136 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62136
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62141 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62141
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62148 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62148
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62154 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62154
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62160 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62160
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62167 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62167
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62174 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62174
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62181 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62181
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62189 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62189
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62194 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62194
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62200 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62200
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62201 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62201
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62202 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62202
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62203 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62203
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62204 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62204
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62205 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62205
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62207 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62207
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62208 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62208
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62209 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62209
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62210 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62210
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62211 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62211
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62212 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62212
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62213 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62213
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62214 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62214
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62215 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62215
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62216 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62216
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62218 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62218
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62219 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62219
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62220 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62220
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62221 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62221
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62222 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62222
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62223 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62223
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62224 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62224
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62225 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62225
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62226 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62226
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62227 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62227
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62228 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62228
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62229 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62229
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62230 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62230
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62231 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62231
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62232 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62232
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62233 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62233
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62234 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62234
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62235 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62235
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62236 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62236
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62237 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62237
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62238 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62238
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62239 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62239
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62240 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62240
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62241 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62241
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62242 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62242
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62243 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62243
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62244 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62244
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62245 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62245
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62246 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62246
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62247 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62247
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62248 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62248
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62249 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62249
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62250 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62250
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62251 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62251
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62252 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62252
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62253 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62253
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62254 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62254
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62255 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62255
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62257 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62257
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62258 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62258
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62259 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62259
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62260 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62260
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62261 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62261
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62262 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62262
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62263 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62263
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62264 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62264
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62265 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62265
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62266 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62266
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62268 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62268
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62269 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62269
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62271 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62271
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62272 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62272
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62273 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62273
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62274 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62274
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62276 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62276
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62277 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62277
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62278 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62278
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62279 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62279
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62280 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62280
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62282 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62282
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62284 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62284
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62285 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62285
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62286 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62286
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62287 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62287
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62288 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62288
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62289 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62289
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62290 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62290
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62291 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62291
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62292 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62292
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62293 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62293
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62294 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62294
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62295 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62295
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62296 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62296
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62297 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62297
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62298 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62298
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62299 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62299
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62300 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62300
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62301 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62301
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62302 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62302
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62303 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62303
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62304 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62304
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62305 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62305
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62306 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62306
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62307 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62307
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62308 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62308
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62310 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62310
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62311 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62311
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62312 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62312
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62313 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62313
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62314 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62314
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62315 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62315
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62316 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62316
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62317 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62317
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62318 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62318
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62319 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62319
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62319
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62320 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62320
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62321 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62321
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62322 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62322
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62323 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62323
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62324 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62324
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62325 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62325
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62326 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62326
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62327 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62327
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62328 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62328
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62329 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62329
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62330 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62330
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62331 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62331
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62332 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62332
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62333 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62333
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62334 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62334
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62335 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62335
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62337 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62337
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62338 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62338
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62339 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62339
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62340 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62340
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62341 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62341
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62342 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62342
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62343 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62343
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62344 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62344
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62345 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62345
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62346 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62346
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62347 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62347
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62348 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62348
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62349 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62349
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62350 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62350
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62351 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62351
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62352 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62352
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62353 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62353
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62354 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62354
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62355 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62355
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62355
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62355
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62356 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62356
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62357 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62357
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62358 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62358
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62359 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62359
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62360 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62360
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62361 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62361
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62362 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62362
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62363 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62363
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62364 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62364
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62366 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62366
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62367 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62367
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62368 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62368
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62369 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62369
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62370 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62370
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62371 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62371
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62372 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62372
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62373 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62373
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62374 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62374
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62375 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62375
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62376 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62376
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62377 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62377
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62378 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62378
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62379 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62379
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62380 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62380
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62381 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62381
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62382 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62382
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62383 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62383
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62386 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62386
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62387 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62387
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62388 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62388
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62389 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62389
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62390 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62390
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62391 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62391
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62392 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62392
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62393 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62393
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62394 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62394
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62395 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62395
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62396 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62396
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62397 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62397
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62398 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62398
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62399 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62399
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62400 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62400
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62401 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62401
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62402 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62402
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62403 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62403
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62404 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62404
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62406 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62406
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62407 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62407
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62408 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62408
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62409 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62409
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62410 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62410
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62411 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62411
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62412 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62412
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62413 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62413
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62414 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62414
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62416 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62416
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62417 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62417
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62419 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62419
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62420 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62420
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62421 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62421
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62422 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62422
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62423 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62423
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62424 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62424
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62425 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62425
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62426 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62426
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62427 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62427
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62428 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62428
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62429 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62429
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62430 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62430
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62431 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62431
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62432 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62432
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62433 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62433
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62434 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62434
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62435 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62435
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62436 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62436
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62437 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62437
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62438 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62438
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62439 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62439
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62440 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62440
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62441 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62441
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62442 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62442
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62443 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62444 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62444
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62445 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62445
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62446 -> 9000
                            Source: global trafficTCP traffic: 192.168.2.6:62067 -> 92.255.85.23:15847
                            Source: global trafficTCP traffic: 192.168.2.6:61978 -> 1.1.1.1:53
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: Joe Sandbox ViewASN Name: SOVTEL-ASRU SOVTEL-ASRU
                            Source: Joe Sandbox ViewJA3 fingerprint: 1138de370e523e824bbca92d049a3777
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62099 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62111 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62104 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62124 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62141 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62148 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62167 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62117 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62202 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62174 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62209 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62200 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62211 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62216 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62181 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62205 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62219 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62221 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62224 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62218 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62230 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62222 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62233 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62238 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62130 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62228 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62243 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62244 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62248 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62254 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62220 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62255 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62257 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62259 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62260 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62258 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62263 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62264 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62268 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62272 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62271 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62273 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62279 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62280 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62284 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62285 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62282 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62286 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62276 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62287 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62289 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62288 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62290 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62291 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62292 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62208 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62294 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62295 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62296 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62297 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62298 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62299 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62300 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62301 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62302 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62303 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62304 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62305 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62306 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62307 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62308 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62310 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62311 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62312 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62313 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62315 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62314 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62316 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62317 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62318 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62319 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62293 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62320 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62321 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62322 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62323 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62324 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62325 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62326 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62327 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62331 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62332 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62335 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62338 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62337 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62342 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62349 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62350 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62352 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62354 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62357 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62359 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62367 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62370 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62371 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62373 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62377 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62379 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62381 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62383 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62388 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62393 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62394 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62397 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62400 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62406 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62407 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62410 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62413 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62414 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62417 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62420 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62402 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62423 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62426 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62428 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62430 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62432 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62438 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62328 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62437 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62442 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62441 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62444 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62445 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62447 -> 92.255.85.23:9000
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:62401 -> 92.255.85.23:9000
                            Source: unknownHTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:62161 version: TLS 1.0
                            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                            Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.23
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.23
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.23
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.23
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.23
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.23
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.23
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.23
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.23
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.23
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.23
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.23
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.23
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.23
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.23
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.23
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.23
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.23
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.23
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.23
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.23
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.23
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.23
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.23
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.23
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.23
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.23
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.23
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.23
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.23
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.23
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.23
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.23
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.23
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.23
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.23
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.23
                            Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.23
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000002C8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.255.85.23:
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000002C5A000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4590212922.0000000002C56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.255.85.23:9000
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000002C5A000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4590212922.0000000002C6F000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4590212922.0000000002C56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.255.85.23:9000/wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919A
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000002C8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.255.85.23:9000/wbinjget?q=134E4BB7E28B15E8895E4B76ECC3919AP
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000002C8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.255.85.23:9000t-
                            Source: RoboTaskLite.exe, 00000003.00000002.2177483371.00000000094E6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2463565196.0000000005268000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2680407584.00000000049B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
                            Source: RoboTaskLite.exe, 00000003.00000002.2177483371.00000000094E6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2463565196.0000000005268000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2680407584.00000000049B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
                            Source: RoboTaskLite.exe, 00000003.00000003.2163752497.0000000009E20000.00000004.00000001.00020000.00000000.sdmp, RoboTaskLite.exe, 00000003.00000002.2177483371.00000000094E6000.00000004.00000020.00020000.00000000.sdmp, RoboTaskLite.exe, 00000003.00000003.2160653446.0000000009E21000.00000004.00000001.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2463565196.0000000005268000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2680407584.00000000049B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                            Source: RoboTaskLite.exe, 00000003.00000003.2163752497.0000000009E20000.00000004.00000001.00020000.00000000.sdmp, RoboTaskLite.exe, 00000003.00000003.2160653446.0000000009E21000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                            Source: RoboTaskLite.exe, 00000003.00000002.2177483371.00000000094E6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2463565196.0000000005268000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2680407584.00000000049B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                            Source: RoboTaskLite.exe, 00000003.00000003.2159440717.0000000009E2D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                            Source: RoboTaskLite.exe, 00000003.00000003.2159440717.0000000009E2D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
                            Source: RoboTaskLite.exe, 00000003.00000003.2159440717.0000000009E2D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
                            Source: RoboTaskLite.exe, 00000003.00000003.2159440717.0000000009E2D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
                            Source: RoboTaskLite.exe, 00000003.00000002.2177483371.00000000094E6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2463565196.0000000005268000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2680407584.00000000049B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
                            Source: RoboTaskLite.exe, 00000003.00000002.2177483371.00000000094E6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2463565196.0000000005268000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2680407584.00000000049B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
                            Source: RoboTaskLite.exe, 00000003.00000003.2163752497.0000000009E20000.00000004.00000001.00020000.00000000.sdmp, RoboTaskLite.exe, 00000003.00000003.2160653446.0000000009E21000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                            Source: RoboTaskLite.exe, 00000003.00000002.2177483371.00000000094E6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2463565196.0000000005268000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2680407584.00000000049B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                            Source: RoboTaskLite.exe, 00000003.00000002.2177483371.00000000094E6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2463565196.0000000005268000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2680407584.00000000049B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00
                            Source: RoboTaskLite.exe, 00000003.00000003.2163752497.0000000009E20000.00000004.00000001.00020000.00000000.sdmp, RoboTaskLite.exe, 00000003.00000003.2160653446.0000000009E21000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                            Source: RoboTaskLite.exe, 00000003.00000002.2177483371.00000000094E6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2463565196.0000000005268000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2680407584.00000000049B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                            Source: RoboTaskLite.exe, 00000003.00000002.2177483371.00000000094E6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2463565196.0000000005268000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2680407584.00000000049B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
                            Source: RoboTaskLite.exe, 00000003.00000002.2177483371.00000000094E6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2463565196.0000000005268000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2680407584.00000000049B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
                            Source: RoboTaskLite.exe, 00000003.00000003.2163752497.0000000009E20000.00000004.00000001.00020000.00000000.sdmp, RoboTaskLite.exe, 00000003.00000002.2177483371.00000000094E6000.00000004.00000020.00020000.00000000.sdmp, RoboTaskLite.exe, 00000003.00000003.2160653446.0000000009E21000.00000004.00000001.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2463565196.0000000005268000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2680407584.00000000049B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                            Source: RoboTaskLite.exe, 00000003.00000002.2177483371.00000000094E6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2463565196.0000000005268000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2680407584.00000000049B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L
                            Source: RoboTaskLite.exe, 00000003.00000003.2163752497.0000000009E20000.00000004.00000001.00020000.00000000.sdmp, RoboTaskLite.exe, 00000003.00000003.2160653446.0000000009E21000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
                            Source: RoboTaskLite.exe, 00000003.00000002.2177483371.00000000094E6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2463565196.0000000005268000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2680407584.00000000049B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                            Source: RoboTaskLite.exe, 00000003.00000003.2159440717.0000000009E2D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
                            Source: RoboTaskLite.exe, 00000003.00000003.2159440717.0000000009E2D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
                            Source: RoboTaskLite.exe, 00000003.00000003.2159440717.0000000009E2D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
                            Source: RoboTaskLite.exe, 00000003.00000003.2159440717.0000000009E2D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                            Source: RoboTaskLite.exe, 00000003.00000002.2177483371.00000000094E6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2463565196.0000000005268000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2680407584.00000000049B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                            Source: RoboTaskLite.exe, 00000003.00000003.2163752497.0000000009E20000.00000004.00000001.00020000.00000000.sdmp, RoboTaskLite.exe, 00000003.00000002.2177483371.00000000094E6000.00000004.00000020.00020000.00000000.sdmp, RoboTaskLite.exe, 00000003.00000003.2160653446.0000000009E21000.00000004.00000001.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2463565196.0000000005268000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2680407584.00000000049B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                            Source: RoboTaskLite.exe, 00000003.00000002.2177483371.00000000094E6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2463565196.0000000005268000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2680407584.00000000049B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0L
                            Source: RoboTaskLite.exe, 00000003.00000003.2163752497.0000000009E20000.00000004.00000001.00020000.00000000.sdmp, RoboTaskLite.exe, 00000003.00000003.2160653446.0000000009E21000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
                            Source: RoboTaskLite.exe, 00000003.00000002.2177483371.00000000094E6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2463565196.0000000005268000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2680407584.00000000049B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
                            Source: RoboTaskLite.exe, 00000003.00000003.2159440717.0000000009E2D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
                            Source: MSBuild.exe, 00000009.00000002.4611187429.0000000007CD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purl.oen
                            Source: RoboTaskLite.exe, 00000003.00000003.2163752497.0000000009E20000.00000004.00000001.00020000.00000000.sdmp, RoboTaskLite.exe, 00000003.00000003.2160653446.0000000009E21000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://s.symcb.com/universal-root.crl0
                            Source: RoboTaskLite.exe, 00000003.00000003.2163752497.0000000009E20000.00000004.00000001.00020000.00000000.sdmp, RoboTaskLite.exe, 00000003.00000003.2160653446.0000000009E21000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://s.symcd.com06
                            Source: RoboTaskLite.exe, 00000003.00000002.2177483371.00000000094E6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2463565196.0000000005268000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2680407584.00000000049B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
                            Source: RoboTaskLite.exe, 00000003.00000002.2177483371.00000000094E6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2463565196.0000000005268000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2680407584.00000000049B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s2.symcb.com0
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000002B61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000002B61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                            Source: RoboTaskLite.exe, 00000003.00000002.2177483371.00000000094E6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2463565196.0000000005268000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2680407584.00000000049B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crl0a
                            Source: RoboTaskLite.exe, 00000003.00000002.2177483371.00000000094E6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2463565196.0000000005268000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2680407584.00000000049B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crt0
                            Source: RoboTaskLite.exe, 00000003.00000002.2177483371.00000000094E6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2463565196.0000000005268000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2680407584.00000000049B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcd.com0&
                            Source: RoboTaskLite.exe, 00000003.00000003.2163752497.0000000009E20000.00000004.00000001.00020000.00000000.sdmp, RoboTaskLite.exe, 00000003.00000003.2160653446.0000000009E21000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
                            Source: RoboTaskLite.exe, 00000003.00000003.2163752497.0000000009E20000.00000004.00000001.00020000.00000000.sdmp, RoboTaskLite.exe, 00000003.00000003.2160653446.0000000009E21000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
                            Source: RoboTaskLite.exe, 00000003.00000003.2163752497.0000000009E20000.00000004.00000001.00020000.00000000.sdmp, RoboTaskLite.exe, 00000003.00000003.2160653446.0000000009E21000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
                            Source: RoboTaskLite.exe, 00000003.00000003.2163752497.0000000009E20000.00000004.00000001.00020000.00000000.sdmp, RoboTaskLite.exe, 00000003.00000003.2160653446.0000000009E21000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
                            Source: RoboTaskLite.exe, 00000003.00000002.2177483371.00000000094E6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2463565196.0000000005268000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2680407584.00000000049B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
                            Source: RoboTaskLite.exe, 00000003.00000003.2159440717.0000000009E2D000.00000004.00000001.00020000.00000000.sdmp, RoboTaskLite.exe, 00000003.00000000.2151441882.00000000005C0000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.geocities.com/SiliconValley/Network/2114/zipbeta.html
                            Source: RoboTaskLite.exe, 00000003.00000002.2177483371.0000000009490000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2463565196.0000000005220000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2680407584.0000000004970000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.info-zip.org/
                            Source: RoboTaskLite.exe, 00000003.00000003.2159440717.0000000009E2D000.00000004.00000001.00020000.00000000.sdmp, RoboTaskLite.exe, 00000003.00000000.2151441882.00000000005C0000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.robotask.com/
                            Source: RoboTaskLite.exe, 00000003.00000000.2151206561.0000000000401000.00000020.00000001.01000000.00000003.sdmp, RoboTaskLite.exe.2.drString found in binary or memory: http://www.robotask.com/?ref=rtliteopenX5OP8O
                            Source: RoboTaskLite.exe, 00000003.00000000.2151206561.0000000000401000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.robotask.com/bugreport/
                            Source: RoboTaskLite.exe, 00000003.00000000.2151206561.0000000000401000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.robotask.com/support/?ref=rtliteopen
                            Source: RoboTaskLite.exe, 00000003.00000000.2151206561.0000000000401000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.robotask.com/upgradefromlite/open
                            Source: RoboTaskLite.exe, 00000003.00000000.2151206561.0000000000401000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.robotask.com/upgradefromlite/openU
                            Source: RoboTaskLite.exe, 00000003.00000002.2177483371.00000000094E6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2463565196.0000000005268000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2680407584.00000000049B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/cps0(
                            Source: RoboTaskLite.exe, 00000003.00000002.2177483371.00000000094E6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2463565196.0000000005268000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2680407584.00000000049B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/rpa00
                            Source: RoboTaskLite.exe, 00000003.00000002.2177483371.00000000094E6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2463565196.0000000005268000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2680407584.00000000049B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.com/0
                            Source: RoboTaskLite.exe, 00000003.00000002.2177483371.00000000094E6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2463565196.0000000005268000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2680407584.00000000049B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.com/0/
                            Source: RoboTaskLite.exe, 00000003.00000002.2179554477.0000000050051000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: https://%s:%u/d.phpP
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000003197000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000003197000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000003197000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000003197000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                            Source: MSBuild.exe, 00000009.00000002.4590212922.000000000317B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
                            Source: MSBuild.exe, 00000009.00000002.4590212922.000000000317B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxPO
                            Source: RoboTaskLite.exe, 00000003.00000003.2163752497.0000000009E20000.00000004.00000001.00020000.00000000.sdmp, RoboTaskLite.exe, 00000003.00000002.2177483371.00000000094E6000.00000004.00000020.00020000.00000000.sdmp, RoboTaskLite.exe, 00000003.00000003.2160653446.0000000009E21000.00000004.00000001.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2463565196.0000000005268000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2680407584.00000000049B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
                            Source: RoboTaskLite.exe, 00000003.00000003.2163752497.0000000009E20000.00000004.00000001.00020000.00000000.sdmp, RoboTaskLite.exe, 00000003.00000002.2177483371.00000000094E6000.00000004.00000020.00020000.00000000.sdmp, RoboTaskLite.exe, 00000003.00000003.2160653446.0000000009E21000.00000004.00000001.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2463565196.0000000005268000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2680407584.00000000049B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
                            Source: RoboTaskLite.exe, 00000003.00000003.2163752497.0000000009E20000.00000004.00000001.00020000.00000000.sdmp, RoboTaskLite.exe, 00000003.00000003.2160653446.0000000009E21000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0.
                            Source: MSBuild.exe, 00000009.00000002.4590212922.000000000317B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
                            Source: MSBuild.exe, 00000009.00000002.4590212922.000000000317B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-autopush.corp.google.com/
                            Source: MSBuild.exe, 00000009.00000002.4590212922.000000000317B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-0.corp.google.com/
                            Source: MSBuild.exe, 00000009.00000002.4590212922.000000000317B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-1.corp.google.com/
                            Source: MSBuild.exe, 00000009.00000002.4590212922.000000000317B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-2.corp.google.com/
                            Source: MSBuild.exe, 00000009.00000002.4590212922.000000000317B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-3.corp.google.com/
                            Source: MSBuild.exe, 00000009.00000002.4590212922.000000000317B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-4.corp.google.com/
                            Source: MSBuild.exe, 00000009.00000002.4590212922.000000000317B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-5.corp.google.com/
                            Source: MSBuild.exe, 00000009.00000002.4590212922.000000000317B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-6.corp.google.com/
                            Source: MSBuild.exe, 00000009.00000002.4590212922.000000000317B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-preprod.corp.google.com/
                            Source: MSBuild.exe, 00000009.00000002.4590212922.000000000317B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-staging.corp.google.c
                            Source: MSBuild.exe, 00000009.00000002.4590212922.000000000317B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-staging.corp.google.co
                            Source: MSBuild.exe, 00000009.00000002.4590212922.000000000317B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-staging.corp.google.com/
                            Source: MSBuild.exe, 00000009.00000002.4590212922.000000000317B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000003197000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000003197000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabS
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000003197000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                            Source: MSBuild.exe, 00000010.00000002.2683428635.00000000032B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com/raw/UPxYyFp8
                            Source: MSBuild.exe, 00000010.00000002.2683428635.00000000032B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com/raw/UPxYyFp8PO
                            Source: RoboTaskLite.exe, 00000003.00000000.2151206561.0000000000401000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://robotask.com/help/
                            Source: RoboTaskLite.exe, 00000003.00000000.2151206561.0000000000401000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://robotask.com/openhelp/?id=%d.openSV
                            Source: RoboTaskLite.exe, 00000003.00000003.2159440717.0000000009E2D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
                            Source: RoboTaskLite.exe, 00000003.00000003.2163752497.0000000009E20000.00000004.00000001.00020000.00000000.sdmp, RoboTaskLite.exe, 00000003.00000002.2177483371.00000000094E6000.00000004.00000020.00020000.00000000.sdmp, RoboTaskLite.exe, 00000003.00000003.2160653446.0000000009E21000.00000004.00000001.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2463565196.0000000005268000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2680407584.00000000049B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000003197000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                            Source: MSBuild.exe, 00000009.00000002.4590212922.000000000317B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000003197000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62161
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62161 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeCode function: 3_2_50CB8570 @Vcl@Consts@_SCannotOpenClipboard,@Vcl@Consts@_SMCIWaveAudio,@Vcl@Consts@_SMCIUnknownError,@Vcl@Consts@_SBoldItalicFont,@Vcl@Consts@_SBoldFont,@Vcl@Consts@_SItalicFont,@Vcl@Consts@_SExecute,@Vcl@Consts@_SStart,@Vcl@Consts@_SStop,@Vcl@Consts@_SPause,@Vcl@Consts@_SContinue,@Vcl@Consts@_SServiceInstallOK,@Vcl@Consts@_SServiceInstallFailed,@Vcl@Consts@_SServiceUninstallOK,@Vcl@Consts@_SServiceUninstallFailed,@Vcl@Consts@_SDockedCtlNeedsName,@Vcl@Consts@_SDockZoneVersionConflict,@Vcl@Consts@_SAllCommands,@Vcl@Consts@_SDuplicateItem,@Vcl@Consts@_STextNotFound,@Vcl@Consts@_SBrowserExecError,@Vcl@Consts@_SPromptArrayEmpty,@Vcl@Consts@_SUsername,@Vcl@Consts@_SPassword,@Vcl@Consts@_SDomain,@Vcl@Consts@_SLogin,@Vcl@Consts@_SKeyNotFound,@Vcl@Consts@_SNoColumnMoving,@Vcl@Consts@_SNoEqualsInKey,@Vcl@Consts@_SSendError,@Vcl@Consts@_SAssignSubItemError,@Vcl@Consts@_SMoreButtons,@Vcl@Consts@_SErrorDownloadingURL,@Vcl@Consts@_SUrlMonDllMissing,@Vcl@Consts@_SAllActions,@Vcl@Consts@_SNoCategory,@Vcl@Consts@_SErrorLoadingFile,@Vcl@Consts@_SResetUsageData,@Vcl@Consts@_SFileRunDialogTitle,@Vcl@Consts@_SNoName,@Vcl@Consts@_SErrorActionManagerNotAssigned,3_2_50CB8570
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeCode function: 3_2_50CC7D80 @Vcl@Graphics@TMetafile@LoadFromClipboardFormat$qqrusuip10HPALETTE__,GetClipboardData,@Vcl@Consts@_SUnknownClipboardFormat,@Vcl@Graphics@TMetafile@NewImage$qqrv,CopyEnhMetaFileW,GetEnhMetaFileHeader,3_2_50CC7D80

                            System Summary

                            barindex
                            Malicious sample detected (through community Yara rule)
                            Source: 5.2.cmd.exe.5d200c8.8.unpack, type: UNPACKEDPEMatched rule: Detects Arechclient2 RAT Author: ditekSHen
                            Source: 5.2.cmd.exe.5d200c8.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects Arechclient2 RAT Author: ditekSHen
                            Source: 11.2.cmd.exe.4fa00c8.7.unpack, type: UNPACKEDPEMatched rule: Detects Arechclient2 RAT Author: ditekSHen
                            Source: 16.2.MSBuild.exe.1300000.0.unpack, type: UNPACKEDPEMatched rule: Detects Arechclient2 RAT Author: ditekSHen
                            Source: 11.2.cmd.exe.4fa00c8.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects Arechclient2 RAT Author: ditekSHen
                            Source: C:\Users\user\AppData\Local\Temp\orpfyhuan, type: DROPPEDMatched rule: Detects Arechclient2 RAT Author: ditekSHen
                            Source: C:\Users\user\AppData\Local\Temp\olu, type: DROPPEDMatched rule: Detects Arechclient2 RAT Author: ditekSHen
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess Stats: CPU usage > 49%
                            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\556eaa.msiJump to behavior
                            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{1564BF08-0ABD-49D6-9023-C98F67A3E8AA}Jump to behavior
                            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI708F.tmpJump to behavior
                            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\556eac.msiJump to behavior
                            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\556eac.msiJump to behavior
                            Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\556eac.msiJump to behavior
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeCode function: 3_2_50CC41003_2_50CC4100
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_011854B89_2_011854B8
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0118188E9_2_0118188E
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0118BA9B9_2_0118BA9B
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01189E789_2_01189E78
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_011854889_2_01185488
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0118B7BA9_2_0118B7BA
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0118B7C89_2_0118B7C8
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_01189E679_2_01189E67
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06D6D2A89_2_06D6D2A8
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06D6C7E89_2_06D6C7E8
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06D69B889_2_06D69B88
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06D671B89_2_06D671B8
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06D6EAD09_2_06D6EAD0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06D6D2A69_2_06D6D2A6
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06D6D6419_2_06D6D641
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06D6C7D89_2_06D6C7D8
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06D687C29_2_06D687C2
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06D687EF9_2_06D687EF
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06D687AD9_2_06D687AD
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06D69B789_2_06D69B78
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06D647169_2_06D64716
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06D624E99_2_06D624E9
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06D688159_2_06D68815
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06D6E8119_2_06D6E811
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06D6E8209_2_06D6E820
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06D6882C9_2_06D6882C
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06D669919_2_06D66991
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06D651A89_2_06D651A8
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06E99EC89_2_06E99EC8
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06E93ED89_2_06E93ED8
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06E936009_2_06E93600
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06E91FC09_2_06E91FC0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06E9D2389_2_06E9D238
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06E94B889_2_06E94B88
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06E913509_2_06E91350
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06E9B0F09_2_06E9B0F0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06E930D89_2_06E930D8
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06E900409_2_06E90040
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06E93EC89_2_06E93EC8
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06E91FB19_2_06E91FB1
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06E994C89_2_06E994C8
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06E935E69_2_06E935E6
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06E930C79_2_06E930C7
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06F100409_2_06F10040
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06F14C809_2_06F14C80
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06F14C6F9_2_06F14C6F
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06F100069_2_06F10006
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06F137009_2_06F13700
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06FE5B409_2_06FE5B40
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06FE799E9_2_06FE799E
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06FEE0D89_2_06FEE0D8
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_06FE2BBC9_2_06FE2BBC
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0789BCF09_2_0789BCF0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0789CC0C9_2_0789CC0C
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_07896CC19_2_07896CC1
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_07896CD09_2_07896CD0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_07897C5B9_2_07897C5B
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_07894C5C9_2_07894C5C
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_07894C6E9_2_07894C6E
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_07897C609_2_07897C60
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0789737F9_2_0789737F
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_0789AAE09_2_0789AAE0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_078962289_2_07896228
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_078929C09_2_078929C0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_078929D09_2_078929D0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_078961FB9_2_078961FB
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_078940209_2_07894020
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_07FAB5D89_2_07FAB5D8
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_07FA57A09_2_07FA57A0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_07FA89909_2_07FA8990
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_07FA83889_2_07FA8388
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_07FA37789_2_07FA3778
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_07FAD3689_2_07FAD368
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_07FAA3589_2_07FAA358
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_07FA41389_2_07FA4138
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_07FAC4B89_2_07FAC4B8
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_07FA78889_2_07FA7888
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_07FA00409_2_07FA0040
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_07FA14389_2_07FA1438
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_07FA941B9_2_07FA941B
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_07FAB5C79_2_07FAB5C7
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_07FAC99F9_2_07FAC99F
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_07FA57909_2_07FA5790
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_07FA47589_2_07FA4758
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_07FA412B9_2_07FA412B
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_07FA70F09_2_07FA70F0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_07FAC4A89_2_07FAC4A8
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_07FA14289_2_07FA1428
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_07FA00069_2_07FA0006
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_07FB93F09_2_07FB93F0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_07FB38B59_2_07FB38B5
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_07FB00409_2_07FB0040
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_07FB93E09_2_07FB93E0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 9_2_07FB001D9_2_07FB001D
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 16_2_030E54B816_2_030E54B8
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 16_2_030E188E16_2_030E188E
                            Source: RoboTaskLite.exe.3.drStatic PE information: Number of sections : 11 > 10
                            Source: RoboTaskLite.exe.2.drStatic PE information: Number of sections : 11 > 10
                            Source: 5.2.cmd.exe.5d200c8.8.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
                            Source: 5.2.cmd.exe.5d200c8.8.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
                            Source: 11.2.cmd.exe.4fa00c8.7.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
                            Source: 16.2.MSBuild.exe.1300000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
                            Source: 11.2.cmd.exe.4fa00c8.7.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
                            Source: C:\Users\user\AppData\Local\Temp\orpfyhuan, type: DROPPEDMatched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
                            Source: C:\Users\user\AppData\Local\Temp\olu, type: DROPPEDMatched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
                            Source: classification engineClassification label: mal100.troj.spyw.evad.winMSI@17/86@0/1
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeCode function: 3_2_50CC30FC GetLastError,FormatMessageW,@System@@UStrFromWArray$qqrr20System@UnicodeStringpbi,@System@Classes@EOutOfResources@,@System@Sysutils@Exception@$bctr$qqrx20System@UnicodeString,@System@@RaiseExcept$qqrv,@System@@UStrClr$qqrpv,3_2_50CC30FC
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeCode function: 3_2_50CC86F4 @Vcl@Graphics@CreateMappedRes$qqruipbpx21System@Uitypes@TColorxit3xi,FindResourceW,LoadResource,LockResource,@Vcl@Graphics@TBitmap@,@Vcl@Graphics@TBitmap@$bctr$qqrv,@Vcl@Graphics@TBitmap@LoadFromResourceID$qqruii,FreeResource,3_2_50CC86F4
                            Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\CML70BD.tmpJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMutant created: NULL
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2664:120:WilError_03
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMutant created: \Sessions\1\BaseNamedObjects\9a6e23f4a0304e2d87e0f3891a263fcd
                            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DFF06BD7D98728D378.TMPJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Windows\SysWOW64\cmd.exeFile read: C:\Users\desktop.iniJump to behavior
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                            Source: PMLQRJIN.msiStatic file information: TRID: Microsoft Windows Installer (60509/1) 88.31%
                            Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\PMLQRJIN.msi"
                            Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
                            Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exe "C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exe"
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeProcess created: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exe C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exe
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                            Source: unknownProcess created: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exe "C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exe"
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                            Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exe "C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exe"Jump to behavior
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeProcess created: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exe C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeJump to behavior
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeJump to behavior
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                            Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: msihnd.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeSection loaded: mpr.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeSection loaded: wininet.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeSection loaded: version.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeSection loaded: shfolder.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeSection loaded: oleacc.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeSection loaded: winhttp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeSection loaded: wsock32.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeSection loaded: oledlg.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeSection loaded: dbghelp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeSection loaded: pla.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeSection loaded: pdh.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeSection loaded: tdh.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeSection loaded: cabinet.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeSection loaded: wevtapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeSection loaded: shdocvw.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeSection loaded: ntmarta.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeSection loaded: mpr.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeSection loaded: wininet.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeSection loaded: version.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeSection loaded: shfolder.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeSection loaded: oledlg.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeSection loaded: oleacc.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeSection loaded: winhttp.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeSection loaded: wsock32.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeSection loaded: dbghelp.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeSection loaded: pla.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeSection loaded: pdh.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeSection loaded: tdh.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeSection loaded: cabinet.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeSection loaded: wevtapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeSection loaded: shdocvw.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winbrand.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: propsys.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: linkinfo.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: ntshrui.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: srvcli.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cscapi.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: bitsproxy.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: netutils.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mscoree.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: version.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mswsock.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: secur32.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wbemcomn.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: amsi.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ntmarta.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dpapi.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: iphlpapi.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dnsapi.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dhcpcsvc6.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dhcpcsvc.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winnsi.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasapi32.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasman.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rtutils.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winhttp.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windowscodecs.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeSection loaded: mpr.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeSection loaded: wininet.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeSection loaded: version.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeSection loaded: shfolder.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeSection loaded: oleacc.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeSection loaded: winhttp.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeSection loaded: wsock32.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeSection loaded: oledlg.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeSection loaded: dbghelp.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeSection loaded: pla.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeSection loaded: pdh.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeSection loaded: tdh.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeSection loaded: cabinet.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeSection loaded: wevtapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeSection loaded: shdocvw.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winbrand.dll
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mscoree.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: version.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                            Source: mjk.5.drLNK file: ..\..\Roaming\fr_patch_test\RoboTaskLite.exe
                            Source: Window RecorderWindow detected: More than 3 window changes detected
                            Source: PMLQRJIN.msiStatic file information: File size 6225920 > 1048576
                            Source: Binary string: wntdll.pdbUGP source: RoboTaskLite.exe, 00000003.00000002.2178210295.000000000971E000.00000004.00000020.00020000.00000000.sdmp, RoboTaskLite.exe, 00000003.00000002.2178805908.0000000009A70000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2463144969.0000000004ECF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2463734385.00000000053A0000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2680218634.0000000004613000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2680599264.0000000004AF0000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: wntdll.pdb source: RoboTaskLite.exe, 00000003.00000002.2178210295.000000000971E000.00000004.00000020.00020000.00000000.sdmp, RoboTaskLite.exe, 00000003.00000002.2178805908.0000000009A70000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2463144969.0000000004ECF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2463734385.00000000053A0000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2680218634.0000000004613000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2680599264.0000000004AF0000.00000004.00001000.00020000.00000000.sdmp
                            Source: orpfyhuan.5.drStatic PE information: real checksum: 0x0 should be: 0xbef8c
                            Source: olu.11.drStatic PE information: real checksum: 0x0 should be: 0xbef8c
                            Source: vcl280.bpl.2.drStatic PE information: real checksum: 0x405dec should be: 0x403876
                            Source: vcl280.bpl.3.drStatic PE information: real checksum: 0x405dec should be: 0x403876
                            Source: RoboTaskLite.exe.2.drStatic PE information: section name: .didata
                            Source: rtl280.bpl.2.drStatic PE information: section name: .didata
                            Source: vcl280.bpl.2.drStatic PE information: section name: .didata
                            Source: RoboTaskLite.exe.3.drStatic PE information: section name: .didata
                            Source: rtl280.bpl.3.drStatic PE information: section name: .didata
                            Source: vcl280.bpl.3.drStatic PE information: section name: .didata
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeCode function: 3_2_50CB89D8 push eax; retn 00FEh3_2_50CB89EC
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeCode function: 3_2_50CB81D8 push eax; retn 00FFh3_2_50CB81EC
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeCode function: 3_2_50CB81E8 push eax; retn 00FFh3_2_50CB81EC
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeCode function: 3_2_50CB89E8 push eax; retn 00FEh3_2_50CB89EC
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeCode function: 3_2_50CB89E0 push eax; retn 00FEh3_2_50CB89EC
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeCode function: 3_2_50CB81E0 push eax; retn 00FFh3_2_50CB81EC
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeCode function: 3_2_50CB81F0 push eax; ret 3_2_50CB81F4
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeCode function: 3_2_50CB89F0 push eax; ret 3_2_50CB89F4
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeCode function: 3_2_50CB8248 push eax; iretd 3_2_50CB8254
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeCode function: 3_2_50CB8A48 push eax; iretd 3_2_50CB8A54
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeCode function: 3_2_50CB8240 push eax; iretd 3_2_50CB8254
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeCode function: 3_2_50CB8A40 push eax; iretd 3_2_50CB8A54
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeCode function: 3_2_50CB8250 push eax; iretd 3_2_50CB8254
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeCode function: 3_2_50CB8A50 push eax; iretd 3_2_50CB8A54
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeCode function: 3_2_50CB8218 push eax; retf 00FFh3_2_50CB822C
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeCode function: 3_2_50CB8A18 push eax; retf 00FEh3_2_50CB8A2C
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeCode function: 3_2_50CB8A28 push eax; retf 00FEh3_2_50CB8A2C
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeCode function: 3_2_50CB8228 push eax; retf 00FFh3_2_50CB822C
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeCode function: 3_2_50CB8A20 push eax; retf 00FEh3_2_50CB8A2C
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeCode function: 3_2_50CB8220 push eax; retf 00FFh3_2_50CB822C
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeCode function: 3_2_50CB8A38 push eax; iretd 3_2_50CB8A54
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeCode function: 3_2_50CB8238 push eax; iretd 3_2_50CB8254
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeCode function: 3_2_50CB8A30 push eax; retf 3_2_50CB8A34
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeCode function: 3_2_50CB8230 push eax; retf 3_2_50CB8234
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeCode function: 3_2_50CC2C68 push ecx; mov dword ptr [esp], ecx3_2_50CC2C6C
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeCode function: 3_2_50CC25A8 push ecx; mov dword ptr [esp], edx3_2_50CC25AA
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeCode function: 3_2_50CC66E8 push ecx; mov dword ptr [esp], edx3_2_50CC66EA
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeCode function: 3_2_50CC26BC push ecx; mov dword ptr [esp], edx3_2_50CC26BE
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeCode function: 3_2_50CB9EBC push 4050CB9Eh; retf 50F3h3_2_50CB9ECE
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeCode function: 3_2_50CC2628 push ecx; mov dword ptr [esp], edx3_2_50CC262A
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeCode function: 3_2_50CCDFC4 push ecx; mov dword ptr [esp], eax3_2_50CCDFC6
                            Source: orpfyhuan.5.drStatic PE information: section name: .text entropy: 6.942807469325693
                            Source: olu.11.drStatic PE information: section name: .text entropy: 6.942807469325693
                            Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\orpfyhuanJump to dropped file
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeFile created: C:\Users\user\AppData\Roaming\fr_patch_test\rtl280.bplJump to dropped file
                            Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Girlfriend\vcl280.bplJump to dropped file
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeFile created: C:\Users\user\AppData\Roaming\fr_patch_test\vcl280.bplJump to dropped file
                            Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeJump to dropped file
                            Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Girlfriend\rtl280.bplJump to dropped file
                            Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\oluJump to dropped file
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeFile created: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeJump to dropped file
                            Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Girlfriend\rtl280.bplJump to dropped file
                            Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Girlfriend\vcl280.bplJump to dropped file
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeFile created: C:\Users\user\AppData\Roaming\fr_patch_test\rtl280.bplJump to dropped file
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeFile created: C:\Users\user\AppData\Roaming\fr_patch_test\vcl280.bplJump to dropped file
                            Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\orpfyhuanJump to dropped file
                            Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\oluJump to dropped file

                            Hooking and other Techniques for Hiding and Protection

                            barindex
                            Found hidden mapped module (file has been removed from disk)
                            Source: C:\Windows\SysWOW64\cmd.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\ORPFYHUAN
                            Source: C:\Windows\SysWOW64\cmd.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\OLU
                            Uses known network protocols on non-standard ports
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62086 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62086
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62092 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62092
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62099 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62099
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62104 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62104
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62111 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62111
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62117 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62117
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62124 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62124
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62130 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62130
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62136 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62136
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62141 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62141
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62148 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62148
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62154 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62154
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62160 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62160
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62167 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62167
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62174 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62174
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62181 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62181
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62189 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62189
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62194 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62194
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62200 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62200
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62201 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62201
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62202 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62202
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62203 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62203
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62204 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62204
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62205 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62205
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62207 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62207
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62208 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62208
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62209 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62209
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62210 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62210
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62211 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62211
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62212 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62212
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62213 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62213
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62214 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62214
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62215 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62215
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62216 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62216
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62218 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62218
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62219 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62219
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62220 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62220
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62221 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62221
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62222 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62222
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62223 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62223
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62224 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62224
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62225 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62225
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62226 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62226
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62227 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62227
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62228 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62228
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62229 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62229
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62230 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62230
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62231 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62231
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62232 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62232
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62233 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62233
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62234 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62234
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62235 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62235
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62236 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62236
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62237 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62237
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62238 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62238
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62239 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62239
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62240 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62240
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62241 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62241
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62242 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62242
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62243 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62243
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62244 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62244
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62245 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62245
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62246 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62246
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62247 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62247
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62248 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62248
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62249 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62249
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62250 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62250
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62251 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62251
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62252 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62252
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62253 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62253
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62254 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62254
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62255 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62255
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62257 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62257
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62258 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62258
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62259 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62259
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62260 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62260
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62261 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62261
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62262 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62262
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62263 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62263
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62264 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62264
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62265 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62265
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62266 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62266
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62268 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62268
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62269 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62269
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62271 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62271
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62272 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62272
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62273 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62273
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62274 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62274
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62276 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62276
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62277 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62277
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62278 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62278
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62279 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62279
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62280 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62280
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62282 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62282
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62284 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62284
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62285 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62285
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62286 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62286
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62287 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62287
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62288 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62288
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62289 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62289
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62290 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62290
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62291 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62291
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62292 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62292
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62293 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62293
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62294 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62294
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62295 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62295
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62296 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62296
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62297 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62297
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62298 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62298
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62299 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62299
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62300 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62300
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62301 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62301
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62302 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62302
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62303 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62303
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62304 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62304
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62305 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62305
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62306 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62306
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62307 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62307
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62308 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62308
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62310 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62310
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62311 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62311
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62312 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62312
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62313 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62313
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62314 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62314
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62315 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62315
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62316 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62316
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62317 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62317
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62318 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62318
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62319 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62319
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62319
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62320 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62320
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62321 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62321
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62322 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62322
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62323 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62323
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62324 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62324
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62325 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62325
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62326 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62326
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62327 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62327
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62328 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62328
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62329 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62329
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62330 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62330
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62331 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62331
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62332 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62332
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62333 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62333
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62334 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62334
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62335 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62335
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62337 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62337
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62338 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62338
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62339 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62339
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62340 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62340
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62341 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62341
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62342 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62342
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62343 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62343
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62344 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62344
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62345 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62345
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62346 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62346
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62347 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62347
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62348 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62348
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62349 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62349
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62350 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62350
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62351 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62351
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62352 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62352
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62353 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62353
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62354 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62354
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62355 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62355
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62355
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62355
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62356 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62356
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62357 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62357
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62358 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62358
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62359 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62359
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62360 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62360
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62361 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62361
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62362 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62362
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62363 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62363
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62364 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62364
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62366 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62366
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62367 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62367
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62368 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62368
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62369 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62369
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62370 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62370
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62371 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62371
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62372 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62372
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62373 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62373
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62374 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62374
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62375 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62375
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62376 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62376
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62377 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62377
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62378 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62378
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62379 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62379
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62380 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62380
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62381 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62381
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62382 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62382
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62383 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62383
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62386 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62386
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62387 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62387
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62388 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62388
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62389 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62389
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62390 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62390
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62391 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62391
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62392 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62392
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62393 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62393
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62394 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62394
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62395 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62395
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62396 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62396
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62397 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62397
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62398 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62398
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62399 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62399
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62400 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62400
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62401 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62401
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62402 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62402
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62403 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62403
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62404 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62404
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62406 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62406
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62407 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62407
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62408 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62408
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62409 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62409
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62410 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62410
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62411 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62411
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62412 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62412
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62413 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62413
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62414 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62414
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62416 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62416
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62417 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62417
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62419 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62419
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62420 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62420
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62421 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62421
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62422 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62422
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62423 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62423
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62424 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62424
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62425 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62425
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62426 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62426
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62427 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62427
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62428 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62428
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62429 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62429
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62430 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62430
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62431 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62431
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62432 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62432
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62433 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62433
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62434 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62434
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62435 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62435
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62436 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62436
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62437 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62437
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62438 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62438
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62439 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62439
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62440 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62440
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62441 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62441
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62442 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62442
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62443 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62444 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62444
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62445 -> 9000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 62445
                            Source: unknownNetwork traffic detected: HTTP traffic on port 62446 -> 9000
                            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                            Malware Analysis System Evasion

                            barindex
                            Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                            Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Switches to a custom stack to bypass stack traces
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeAPI/Special instruction interceptor: Address: 6D037C44
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeAPI/Special instruction interceptor: Address: 6D037C44
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeAPI/Special instruction interceptor: Address: 6D037945
                            Source: C:\Windows\SysWOW64\cmd.exeAPI/Special instruction interceptor: Address: 6D033B54
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 1180000 memory reserve | memory write watchJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 2B60000 memory reserve | memory write watchJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 1200000 memory reserve | memory write watchJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 1690000 memory reserve | memory write watchJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 32B0000 memory reserve | memory write watchJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 52B0000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeCode function: 3_2_50CB9060 sldt word ptr [eax]3_2_50CB9060
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 600000Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindow / User API: threadDelayed 3926Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindow / User API: threadDelayed 5471Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\orpfyhuanJump to dropped file
                            Source: C:\Windows\SysWOW64\cmd.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\oluJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeRegistry key enumerated: More than 147 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5696Thread sleep time: -24903104499507879s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5696Thread sleep time: -180000s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5696Thread sleep time: -59875s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5724Thread sleep time: -37797s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5696Thread sleep time: -59766s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5724Thread sleep time: -30722s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5696Thread sleep time: -59657s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5724Thread sleep time: -40111s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5696Thread sleep time: -59547s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5724Thread sleep time: -57088s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5696Thread sleep time: -59438s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5724Thread sleep time: -44302s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5696Thread sleep time: -59328s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5724Thread sleep time: -35695s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5724Thread sleep time: -38891s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5724Thread sleep time: -57798s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5724Thread sleep time: -38592s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5724Thread sleep time: -35706s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5724Thread sleep time: -59207s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5724Thread sleep time: -59324s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5724Thread sleep time: -39420s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5724Thread sleep time: -30622s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1336Thread sleep time: -30000s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 3840Thread sleep time: -1260000s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5724Thread sleep time: -30777s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5724Thread sleep time: -32473s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5724Thread sleep time: -43946s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5724Thread sleep time: -34816s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5724Thread sleep time: -40736s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5724Thread sleep time: -52857s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5724Thread sleep time: -33220s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 6008Thread sleep time: -3000000s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5724Thread sleep time: -54397s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5724Thread sleep time: -57979s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5724Thread sleep time: -37995s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5724Thread sleep time: -45828s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5724Thread sleep time: -41186s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5724Thread sleep time: -52763s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5724Thread sleep time: -45110s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5724Thread sleep time: -42423s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5724Thread sleep time: -44136s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5724Thread sleep time: -52399s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5724Thread sleep time: -50257s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5724Thread sleep time: -55798s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5724Thread sleep time: -50239s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5724Thread sleep time: -34349s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5724Thread sleep time: -54989s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5724Thread sleep time: -56502s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 6776Thread sleep time: -922337203685477s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 60000Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59875Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 37797Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59766Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 30722Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59657Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 40111Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59547Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 57088Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59438Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 44302Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59328Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 35695Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 38891Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 57798Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 38592Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 35706Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59207Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59324Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 39420Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 30622Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 30000Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 60000Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 30777Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 32473Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 43946Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 34816Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 40736Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 52857Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 33220Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 600000Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 54397Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 57979Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 37995Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 45828Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 41186Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 52763Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 45110Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 42423Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 44136Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 52399Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 50257Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 55798Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 50239Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 34349Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 54989Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 56502Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000002EF0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000002EF0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000002EF0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
                            Source: cmd.exe, 0000000B.00000002.2680407584.00000000049B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: http://www.vmware.com/0
                            Source: MSBuild.exe, 00000009.00000002.4598767940.0000000003CED000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696487552f
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000002EF0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696487552j
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000002EF0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
                            Source: cmd.exe, 0000000B.00000002.2680407584.00000000049B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.1!0
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000002EF0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
                            Source: MSBuild.exe, 00000009.00000002.4598767940.0000000003CED000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000002EF0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696487552t
                            Source: MSBuild.exe, 00000009.00000002.4598767940.0000000003CED000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696487552
                            Source: cmd.exe, 0000000B.00000002.2680407584.00000000049B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.1
                            Source: cmd.exe, 0000000B.00000002.2680407584.00000000049B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.0
                            Source: MSBuild.exe, 00000009.00000002.4598767940.0000000003CED000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
                            Source: MSBuild.exe, 00000009.00000002.4598767940.0000000003CED000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696487552
                            Source: MSBuild.exe, 00000009.00000002.4598767940.0000000003CED000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696487552o
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000002EF0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000002EF0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696487552o
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000002EF0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696487552
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000002EF0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000002EF0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696487552t
                            Source: MSBuild.exe, 00000009.00000002.4598767940.0000000003CED000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696487552
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000002EF0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000002EF0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
                            Source: MSBuild.exe, 00000009.00000002.4598767940.0000000003CED000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696487552
                            Source: MSBuild.exe, 00000009.00000002.4598767940.0000000003CED000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696487552j
                            Source: MSBuild.exe, 00000009.00000002.4598767940.0000000003D48000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696487552
                            Source: MSBuild.exe, 00000009.00000002.4598767940.0000000003CED000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
                            Source: cmd.exe, 0000000B.00000002.2680407584.00000000049B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: noreply@vmware.com0
                            Source: MSBuild.exe, 00000009.00000002.4598767940.0000000003CED000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000002EF0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000002EF0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696487552
                            Source: MSBuild.exe, 00000009.00000002.4598767940.0000000003CED000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000002EF0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
                            Source: MSBuild.exe, 00000009.00000002.4598767940.0000000003CED000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696487552t
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000002EF0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696487552f
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000002EF0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000002EF0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000002EF0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
                            Source: RoboTaskLite.exe, 00000003.00000002.2179554477.0000000050051000.00000020.00000001.01000000.00000004.sdmpBinary or memory string: VirtualMachine
                            Source: MSBuild.exe, 00000009.00000002.4598767940.0000000003CED000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
                            Source: MSBuild.exe, 00000009.00000002.4598767940.0000000003CED000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
                            Source: MSBuild.exe, 00000009.00000002.4598767940.0000000003CED000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
                            Source: MSBuild.exe, 00000009.00000002.4598767940.0000000003CED000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696487552x
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000002EF0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696487552x
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000002EF0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000002EF0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
                            Source: cmd.exe, 0000000B.00000002.2680407584.00000000049B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: http://www.vmware.com/0/
                            Source: MSBuild.exe, 00000009.00000002.4598767940.0000000003CED000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000002EF0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696487552s
                            Source: MSBuild.exe, 00000009.00000002.4584767333.0000000000D1F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                            Source: MSBuild.exe, 00000009.00000002.4598767940.0000000003CED000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
                            Source: MSBuild.exe, 00000009.00000002.4598767940.0000000003CED000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000002EF0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
                            Source: MSBuild.exe, 00000009.00000002.4590212922.00000000030E9000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4590212922.0000000003009000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4590212922.0000000002E51000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000009.00000002.4590212922.0000000002F2E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: a+gZHWRMVWxqhmGkwPDYyjKMCw0Og3WVeEka+xsvn29TtmTfWbTJ0IYJkyXVZTogEvk0Ug/cTvdVBjxCPm0bNBY/sA3VxFhkhdzQsFcLBz6uGXB1DV0nbobJw9jhNYa0gG/En+48ZFhmCFIXmuZoqiopbM5c3YRODtzXlizVX/mAitADqNeW5oaJtWpjpinGWLCK8urG3jKNN0mmupGvcU5HlXybvdFUXWgqEhdpkMfvjkkaEbCSfMYSxkL4HWyoXAB1G5hDlqeMuUnwoUAFmVChtHrzZUujZ1qMtmQuVsgyJgRjoLosLTOWYnCQQNUD+mHRChOMZhQemhTYAQZgYPXrgAlY7arGVNjsQrU1hANJXXgrvFAvKP9iwWKe4wjrnFHs+Z6nrkdzDfsQ7pfwBivJDdeBjyC8ZBrYMHeatMrX4SJ1l2vEDg/GZZwN3qvaQEOk1nsYI0nQhADMY/hZsIxYmq3ilFF3yHgGzY6tEzFmBea/UBzFhAmYb1oqHrA2HYnHoIDc0qDg5jN/iSm+UGwHYbQqqkRJVpdhCsWfEsDQs2YatlmgMvGsygRH9PIZM241n1Wg2QJriGdD15v8AEBGUz5wmlUAhSdeuRka5XGneIZTmGpDHsAMQJpeyqP8xYFGCRUAjTnqs8pnAw7ZfJaRM+v+EFLwrtaPnqkMBbgxavDBYWANPixOUg4B+VzjJUjJYCBsUJclzNAchyM4pexDM02OhsoxyzrVD0C6Arsg91oEjxRVPKLcNQkNKVbxTCUW6soC2egIZoCPA7t4NFXTGOgK4Ztqmq9iAIBoyJ0taxTdWMw6zUbRFVnX0UrMS8+qbjpa49lGwqehC3MjgPLqrkBUFpyDPwpFUfupRlk6QW9NIcWAwPgjCgxdK6okaC1DF0K1ohFZDl5jASmKR3itQzUXpUraHaACX6vQ/9XAsTV4DSBo7dk3QZrlT5uo4dswPOpnsJUzg7nmNYtWoEgESZWcUTH2xOwuFIKgJgfVnHTK+JLmAb/RowJPMKhAsCv3xIKp3A3J0bIrT6Kneikg7dvk+GJmkHFttaJEguSLSv129ueZxPU8u/jjbOh58SbK79gHC6fbyHtiXugGa2piEQXxG+bmG0Cus4t/nq2zXfIR5aooh8B19rBJQYmQ20FEfz4uFqfTRmf/+lM6Ex746uEtS7v0ouFUMm83c8HpZ5PQzRdxuv47EQAZ9PEP/ZL6ecyVbL+8hOSJm6+yF+1A6ySN83i+WdwHy5TP6AGa54yNOQDMt0K/OHXfg+kqThLIfk6QFsLDCjZdpZTGOzjUsCOwZe5C6Gi8Q8TVSedBLpSfsvQj8BDp18kmZ3ex54YP0+Gs0yuOc0oHyahpuklKSN9DNVuBZhWH/uMHS1PAuQ5a2Lju9F/SWeKm7prBc0jVP84iPJxdnHVJ/HDDDbXL54Z89qdU0Vcin6gqmwXrJjGgP4IA8IR19qewIwTnUCQdrTZp1GW0u9j1R6sUgPUrm2c5cvXl9oot3E2Yi+lA6TVxs+wzTv0RyoJlnAb/LVyrQ+JXXkt08JQiqZojt7zmAq6A6TMAI3d99XjZOb1H2Ej05cPkbrRi3jsQ/1cA/+FiEaSdYURoSjyCbui7SR58sFKCEAn3HKH4uwm3eDW6eeqSVnn3vRu5S+ZPUrZgKYs8lgl1/fYieGCfbdnVWn1in27qZ19Yfhv4WKpf3SAPgywfR4sYK3wdc8VGoHmK3TWFL5jmOUHB49Ogy2jYoedRvh3h9D96fGhUBv0WbVKW3Fxq4ViXVL2x9NKNgA+vC8A5zUncE8H2TafulfEOSRqFccYu86ht5uc0nLgpiCrzoulmnAYZLfk4zbvX51WQrYMsc8ORmzRWmqqLFXZVINxxVKaxrpheUhYRfRx54cZnzZZxdMOYT0VhpWbZdIcVFHnb3QBFJEgxwyQpCTte0yQjzn7uCUZsuA+iYIJO4a+Hmq+9ONtmOcMMYl7TbktlwpTMf366yxqm+uPbWY4CHOTnXrwGvPjnt7OfVwg2HHr8jHcJ5uzn/JOx/BvEfztbLR
                            Source: MSBuild.exe, 00000009.00000002.4598767940.0000000003CED000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
                            Source: MSBuild.exe, 00000009.00000002.4598767940.0000000003CED000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000002EF0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696487552
                            Source: MSBuild.exe, 00000009.00000002.4598767940.0000000003CED000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000002EF0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
                            Source: MSBuild.exe, 00000009.00000002.4598767940.0000000003CED000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
                            Source: MSBuild.exe, 00000009.00000002.4598767940.0000000003CED000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
                            Source: MSBuild.exe, 00000009.00000002.4598767940.0000000003CED000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696487552s
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000002EF0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
                            Source: MSBuild.exe, 00000009.00000002.4598767940.0000000003CED000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
                            Source: MSBuild.exe, 00000009.00000002.4598767940.0000000003CED000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696487552t
                            Source: MSBuild.exe, 00000009.00000002.4598767940.0000000003CED000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
                            Source: MSBuild.exe, 00000009.00000002.4598767940.0000000003CED000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
                            Source: MSBuild.exe, 00000009.00000002.4590212922.0000000002EF0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
                            Source: MSBuild.exe, 00000009.00000002.4598767940.0000000003CED000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
                            Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exe "C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exe"Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: page read and write | page guardJump to behavior

                            HIPS / PFW / Operating System Protection Evasion

                            barindex
                            Found direct / indirect Syscall (likely to bypass EDR)
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeNtProtectVirtualMemory: Direct from: 0x6CFC2BADJump to behavior
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeNtProtectVirtualMemory: Direct from: 0x6CFB3892Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeNtQuerySystemInformation: Direct from: 0x50CB71C0Jump to behavior
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeNtProtectVirtualMemory: Direct from: 0x77377B2EJump to behavior
                            Maps a DLL or memory area into another process
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeSection loaded: NULL target: C:\Windows\SysWOW64\cmd.exe protection: read writeJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: NULL target: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe protection: read writeJump to behavior
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeSection loaded: NULL target: C:\Windows\SysWOW64\cmd.exe protection: read writeJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: NULL target: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe protection: read write
                            Writes to foreign memory regions
                            Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 6B5A1000Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 922008Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 6B5A1000
                            Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 1150008
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeJump to behavior
                            Source: C:\Users\user\AppData\Roaming\fr_patch_test\RoboTaskLite.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                            Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                            Stealing of Sensitive Information

                            barindex
                            Yara detected RedLine Stealer
                            Source: Yara matchFile source: 5.2.cmd.exe.5d200c8.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 5.2.cmd.exe.5d200c8.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.cmd.exe.4fa00c8.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.MSBuild.exe.1300000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.cmd.exe.4fa00c8.7.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000010.00000002.2680031617.0000000001302000.00000002.00000001.01000000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.2680862100.0000000004FA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000005.00000002.2464520106.0000000005D20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 1056, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 2620, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 5768, type: MEMORYSTR
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\orpfyhuan, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\olu, type: DROPPED
                            Yara detected SectopRAT
                            Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 5672, type: MEMORYSTR
                            Tries to harvest and steal browser information (history, passwords, etc)
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqliteJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                            Tries to steal Crypto Currency Wallets
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
                            Source: Yara matchFile source: 5.2.cmd.exe.5d200c8.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 5.2.cmd.exe.5d200c8.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.cmd.exe.4fa00c8.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.MSBuild.exe.1300000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.cmd.exe.4fa00c8.7.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000010.00000002.2680031617.0000000001302000.00000002.00000001.01000000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.2680862100.0000000004FA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000005.00000002.2464520106.0000000005D20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 1056, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 5672, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 2620, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 5768, type: MEMORYSTR
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\orpfyhuan, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\olu, type: DROPPED

                            Remote Access Functionality

                            barindex
                            Yara detected RedLine Stealer
                            Source: Yara matchFile source: 5.2.cmd.exe.5d200c8.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 5.2.cmd.exe.5d200c8.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.cmd.exe.4fa00c8.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.MSBuild.exe.1300000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.cmd.exe.4fa00c8.7.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000010.00000002.2680031617.0000000001302000.00000002.00000001.01000000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.2680862100.0000000004FA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000005.00000002.2464520106.0000000005D20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 1056, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 2620, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 5768, type: MEMORYSTR
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\orpfyhuan, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\olu, type: DROPPED
                            Yara detected SectopRAT
                            Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 5672, type: MEMORYSTR
                            Source: C:\Users\user\AppData\Local\Girlfriend\RoboTaskLite.exeCode function: 3_2_50CB8080 @Vcl@Consts@_SInvalidTabIndex,@Vcl@Consts@_SInvalidTabStyle,@Vcl@Consts@_SInvalidBitmap,3_2_50CB8080

                            Mitre Att&ck Matrix

                            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                            Gather Victim Identity InformationAcquire Infrastructure1
                            Replication Through Removable Media                            		221
                            Windows Management Instrumentation                            		11
                            DLL Side-Loading                            		1
                            Abuse Elevation Control Mechanism                            		11
                            Disable or Modify Tools                            		1
                            OS Credential Dumping                            		11
                            Peripheral Device Discovery                            		Remote Services1
                            Archive Collected Data                            		1
                            Ingress Tool Transfer                            		Exfiltration Over Other Network MediumAbuse Accessibility Features
                            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts11
                            DLL Side-Loading                            		1
                            Abuse Elevation Control Mechanism                            		LSASS Memory1
                            File and Directory Discovery                            		Remote Desktop Protocol2
                            Data from Local System                            		22
                            Encrypted Channel                            		Exfiltration Over BluetoothNetwork Denial of Service
                            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)211
                            Process Injection                            		3
                            Obfuscated Files or Information                            		Security Account Manager224
                            System Information Discovery                            		SMB/Windows Admin Shares2
                            Clipboard Data                            		11
                            Non-Standard Port                            		Automated ExfiltrationData Encrypted for Impact
                            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                            Software Packing                            		NTDS421
                            Security Software Discovery                            		Distributed Component Object ModelInput Capture1
                            Non-Application Layer Protocol                            		Traffic DuplicationData Destruction
                            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
                            DLL Side-Loading                            		LSA Secrets11
                            Process Discovery                            		SSHKeylogging2
                            Application Layer Protocol                            		Scheduled TransferData Encrypted for Impact
                            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                            File Deletion                            		Cached Domain Credentials251
                            Virtualization/Sandbox Evasion                            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items21
                            Masquerading                            		DCSync1
                            Application Window Discovery                            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job251
                            Virtualization/Sandbox Evasion                            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt211
                            Process Injection                            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                            Behavior Graph

                            Hide Legend

                            Legend:

                            • Process
                            • Signature
                            • Created File
                            • DNS/IP Info
                            • Is Dropped
                            • Is Windows Process
                            • Number of created Registry Values
                            • Number of created Files
                            • Visual Basic
                            • Delphi
                            • Java
                            • .Net C# or VB.NET
                            • C, C++ or other language
                            • Is malicious
                            • Internet
                            behaviorgraph top1 signatures2 2 Behavior Graph ID: 1624701 Sample: PMLQRJIN.msi Startdate: 26/02/2025 Architecture: WINDOWS Score: 100 61 Suricata IDS alerts for network traffic 2->61 63 Malicious sample detected (through community Yara rule) 2->63 65 Antivirus detection for dropped file 2->65 67 6 other signatures 2->67 9 msiexec.exe 79 39 2->9         started        12 RoboTaskLite.exe 1 2->12         started        15 msiexec.exe 3 2->15         started        process3 file4 51 C:\Users\user\AppData\Local\...\vcl280.bpl, PE32 9->51 dropped 53 C:\Users\user\AppData\Local\...\rtl280.bpl, PE32 9->53 dropped 55 C:\Users\user\AppData\...\RoboTaskLite.exe, PE32 9->55 dropped 17 RoboTaskLite.exe 6 9->17         started        91 Maps a DLL or memory area into another process 12->91 93 Found direct / indirect Syscall (likely to bypass EDR) 12->93 21 cmd.exe 12->21         started        signatures5 process6 file7 41 C:\Users\user\AppData\Roaming\...\vcl280.bpl, PE32 17->41 dropped 43 C:\Users\user\AppData\Roaming\...\rtl280.bpl, PE32 17->43 dropped 45 C:\Users\user\AppData\...\RoboTaskLite.exe, PE32 17->45 dropped 69 Switches to a custom stack to bypass stack traces 17->69 71 Found direct / indirect Syscall (likely to bypass EDR) 17->71 23 RoboTaskLite.exe 1 17->23         started        47 C:\Users\user\AppData\Local\Temp\olu, PE32 21->47 dropped 73 Writes to foreign memory regions 21->73 75 Maps a DLL or memory area into another process 21->75 26 MSBuild.exe 1 21->26         started        28 conhost.exe 21->28         started        signatures8 process9 signatures10 85 Maps a DLL or memory area into another process 23->85 87 Switches to a custom stack to bypass stack traces 23->87 89 Found direct / indirect Syscall (likely to bypass EDR) 23->89 30 cmd.exe 4 23->30         started        process11 file12 57 C:\Users\user\AppData\Local\Temp\orpfyhuan, PE32 30->57 dropped 95 Writes to foreign memory regions 30->95 97 Found hidden mapped module (file has been removed from disk) 30->97 99 Maps a DLL or memory area into another process 30->99 101 Switches to a custom stack to bypass stack traces 30->101 34 MSBuild.exe 15 40 30->34         started        39 conhost.exe 30->39         started        signatures13 process14 dnsIp15 59 92.255.85.23, 15847, 62067, 62086 SOVTEL-ASRU Russian Federation 34->59 49 C:\Users\user\AppData\...\Secure Preferences, JSON 34->49 dropped 77 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 34->77 79 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 34->79 81 Tries to harvest and steal browser information (history, passwords, etc) 34->81 83 Tries to steal Crypto Currency Wallets 34->83 file16 signatures17

                            Screenshots

                            Thumbnails

                            This section contains all screenshots as thumbnails, including those not shown in the slideshow.