Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
AUpdate.exe (3).zip

Overview

General Information

Sample name:AUpdate.exe (3).zip
Analysis ID:1624737
MD5:5a08f70bad9c294ddf25c29e296bf44b
SHA1:03b70e93a9bea9cb0fe209f142dc344dd4b94100
SHA256:8ac67c9e10ab6d7bddcb64f4d9ac4d7d2b14767c090118c0939cad796c2ab22a
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Suricata IDS alerts for network traffic
Yara detected RedLine Stealer
Connects to many ports of the same IP (likely port scanning)
Found direct / indirect Syscall (likely to bypass EDR)
Found hidden mapped module (file has been removed from disk)
Maps a DLL or memory area into another process
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Uses known network protocols on non-standard ports
Writes to foreign memory regions
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Suricata IDS alerts with low severity for network traffic
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64_ra
  • rundll32.exe (PID: 3784 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • AUpdate.exe (PID: 6372 cmdline: "C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exe" MD5: 835B7CD3E19480F02C8D3C348D4722BC)
    • AUpdate.exe (PID: 6396 cmdline: C:\Users\user\AppData\Roaming\updateprotect_v3\AUpdate.exe MD5: 835B7CD3E19480F02C8D3C348D4722BC)
      • cmd.exe (PID: 6420 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 6428 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • MSBuild.exe (PID: 7160 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Roaming\updateprotect_v3\rtl120.bplJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
    C:\Users\user\AppData\Roaming\updateprotect_v3\rtl120.bplJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
      C:\Users\user\AppData\Local\Temp\ltsJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        C:\Users\user\AppData\Local\Temp\ltsJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          C:\Users\user\AppData\Local\Temp\ltsMALWARE_Win_Arechclient2Detects Arechclient2 RATditekSHen
          • 0xb5026:$s14: keybd_event
          • 0xbbf88:$v1_1: grabber@
          • 0xb5be2:$v1_2: <BrowserProfile>k__
          • 0xb666f:$v1_3: <SystemHardwares>k__
          • 0xb672e:$v1_5: <ScannedWallets>k__
          • 0xb67be:$v1_6: <DicrFiles>k__
          • 0xb679a:$v1_7: <MessageClientFiles>k__
          • 0xb6b64:$v1_8: <ScanBrowsers>k__BackingField
          • 0xb6bb6:$v1_8: <ScanWallets>k__BackingField
          • 0xb6bd3:$v1_8: <ScanScreen>k__BackingField
          • 0xb6c0d:$v1_8: <ScanVPN>k__BackingField
          • 0xa8542:$v1_9: displayName[AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}Local Extension Settingshost
          • 0xa7e4e:$v1_10: \sitemanager.xml MB or SELECT * FROM Cookiesconfig
          Click to see the 1 entries

          Memory Dumps

          SourceRuleDescriptionAuthorStrings
          00000008.00000002.1414355644.0000000050001000.00000020.00000001.01000000.00000005.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
            0000000A.00000002.1706747917.0000000005990000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              0000000A.00000002.1706747917.0000000005990000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                00000012.00000002.2479370506.0000000000F02000.00000002.00000001.01000000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  00000012.00000002.2479370506.0000000000F02000.00000002.00000001.01000000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security

                    Sigma Signatures

                    No Sigma rule has matched

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-02-26T14:04:53.846089+010020522481A Network Trojan was detected192.168.2.174994692.255.85.369000TCP
                    2025-02-26T14:04:54.667993+010020522481A Network Trojan was detected192.168.2.174995292.255.85.369000TCP
                    2025-02-26T14:04:55.477411+010020522481A Network Trojan was detected192.168.2.174995892.255.85.369000TCP
                    2025-02-26T14:04:56.290268+010020522481A Network Trojan was detected192.168.2.174996392.255.85.369000TCP
                    2025-02-26T14:04:57.102826+010020522481A Network Trojan was detected192.168.2.174996892.255.85.369000TCP
                    2025-02-26T14:04:57.895717+010020522481A Network Trojan was detected192.168.2.174997292.255.85.369000TCP
                    2025-02-26T14:04:58.816811+010020522481A Network Trojan was detected192.168.2.174997792.255.85.369000TCP
                    2025-02-26T14:04:59.618643+010020522481A Network Trojan was detected192.168.2.174998292.255.85.369000TCP
                    2025-02-26T14:05:00.425996+010020522481A Network Trojan was detected192.168.2.174998992.255.85.369000TCP
                    2025-02-26T14:05:01.228534+010020522481A Network Trojan was detected192.168.2.174999192.255.85.369000TCP
                    2025-02-26T14:05:02.311694+010020522481A Network Trojan was detected192.168.2.174999292.255.85.369000TCP
                    2025-02-26T14:05:03.104439+010020522481A Network Trojan was detected192.168.2.174999392.255.85.369000TCP
                    2025-02-26T14:05:03.899660+010020522481A Network Trojan was detected192.168.2.174999492.255.85.369000TCP
                    2025-02-26T14:05:04.702768+010020522481A Network Trojan was detected192.168.2.174999592.255.85.369000TCP
                    2025-02-26T14:05:05.697900+010020522481A Network Trojan was detected192.168.2.174999692.255.85.369000TCP
                    2025-02-26T14:05:06.488175+010020522481A Network Trojan was detected192.168.2.174999792.255.85.369000TCP
                    2025-02-26T14:05:07.290362+010020522481A Network Trojan was detected192.168.2.174999892.255.85.369000TCP
                    2025-02-26T14:05:08.099006+010020522481A Network Trojan was detected192.168.2.174999992.255.85.369000TCP
                    2025-02-26T14:05:08.923056+010020522481A Network Trojan was detected192.168.2.175000092.255.85.369000TCP
                    2025-02-26T14:05:09.714699+010020522481A Network Trojan was detected192.168.2.175000192.255.85.369000TCP
                    2025-02-26T14:05:10.512594+010020522481A Network Trojan was detected192.168.2.175000292.255.85.369000TCP
                    2025-02-26T14:05:11.328077+010020522481A Network Trojan was detected192.168.2.175000392.255.85.369000TCP
                    2025-02-26T14:05:12.125510+010020522481A Network Trojan was detected192.168.2.175000492.255.85.369000TCP
                    2025-02-26T14:05:12.926107+010020522481A Network Trojan was detected192.168.2.175000592.255.85.369000TCP
                    2025-02-26T14:05:13.733336+010020522481A Network Trojan was detected192.168.2.175000692.255.85.369000TCP
                    2025-02-26T14:05:14.523124+010020522481A Network Trojan was detected192.168.2.175000792.255.85.369000TCP
                    2025-02-26T14:05:15.322328+010020522481A Network Trojan was detected192.168.2.175000892.255.85.369000TCP
                    2025-02-26T14:05:16.223621+010020522481A Network Trojan was detected192.168.2.175000992.255.85.369000TCP
                    2025-02-26T14:05:17.017132+010020522481A Network Trojan was detected192.168.2.175001092.255.85.369000TCP
                    2025-02-26T14:05:17.854922+010020522481A Network Trojan was detected192.168.2.175001192.255.85.369000TCP
                    2025-02-26T14:05:18.673680+010020522481A Network Trojan was detected192.168.2.175001292.255.85.369000TCP
                    2025-02-26T14:05:19.500902+010020522481A Network Trojan was detected192.168.2.175001392.255.85.369000TCP
                    2025-02-26T14:05:20.293445+010020522481A Network Trojan was detected192.168.2.175001492.255.85.369000TCP
                    2025-02-26T14:05:21.096544+010020522481A Network Trojan was detected192.168.2.175001592.255.85.369000TCP
                    2025-02-26T14:05:21.912204+010020522481A Network Trojan was detected192.168.2.175001692.255.85.369000TCP
                    2025-02-26T14:05:22.717678+010020522481A Network Trojan was detected192.168.2.175001792.255.85.369000TCP
                    2025-02-26T14:05:23.559030+010020522481A Network Trojan was detected192.168.2.175001892.255.85.369000TCP
                    2025-02-26T14:05:24.379516+010020522481A Network Trojan was detected192.168.2.175001992.255.85.369000TCP
                    2025-02-26T14:05:25.183133+010020522481A Network Trojan was detected192.168.2.175002092.255.85.369000TCP
                    2025-02-26T14:05:25.992555+010020522481A Network Trojan was detected192.168.2.175002192.255.85.369000TCP
                    2025-02-26T14:05:27.084065+010020522481A Network Trojan was detected192.168.2.175002292.255.85.369000TCP
                    2025-02-26T14:05:27.941873+010020522481A Network Trojan was detected192.168.2.175002392.255.85.369000TCP
                    2025-02-26T14:05:28.734928+010020522481A Network Trojan was detected192.168.2.175002492.255.85.369000TCP
                    2025-02-26T14:05:29.523529+010020522481A Network Trojan was detected192.168.2.175002592.255.85.369000TCP
                    2025-02-26T14:05:30.356145+010020522481A Network Trojan was detected192.168.2.175002692.255.85.369000TCP
                    2025-02-26T14:05:31.170421+010020522481A Network Trojan was detected192.168.2.175002792.255.85.369000TCP
                    2025-02-26T14:05:31.974349+010020522481A Network Trojan was detected192.168.2.175002892.255.85.369000TCP
                    2025-02-26T14:05:32.889903+010020522481A Network Trojan was detected192.168.2.175002992.255.85.369000TCP
                    2025-02-26T14:05:33.715966+010020522481A Network Trojan was detected192.168.2.175003092.255.85.369000TCP
                    2025-02-26T14:05:34.517890+010020522481A Network Trojan was detected192.168.2.175003192.255.85.369000TCP
                    2025-02-26T14:05:35.409761+010020522481A Network Trojan was detected192.168.2.175003292.255.85.369000TCP
                    2025-02-26T14:05:36.204277+010020522481A Network Trojan was detected192.168.2.175003392.255.85.369000TCP
                    2025-02-26T14:05:36.998645+010020522481A Network Trojan was detected192.168.2.175003492.255.85.369000TCP
                    2025-02-26T14:05:37.798459+010020522481A Network Trojan was detected192.168.2.175003592.255.85.369000TCP
                    2025-02-26T14:05:38.593523+010020522481A Network Trojan was detected192.168.2.175003692.255.85.369000TCP
                    2025-02-26T14:05:39.396246+010020522481A Network Trojan was detected192.168.2.175003792.255.85.369000TCP
                    2025-02-26T14:05:40.204169+010020522481A Network Trojan was detected192.168.2.175003892.255.85.369000TCP
                    2025-02-26T14:05:41.016117+010020522481A Network Trojan was detected192.168.2.175003992.255.85.369000TCP
                    2025-02-26T14:05:41.823609+010020522481A Network Trojan was detected192.168.2.175004092.255.85.369000TCP
                    2025-02-26T14:05:42.630391+010020522481A Network Trojan was detected192.168.2.175004192.255.85.369000TCP
                    2025-02-26T14:05:43.488602+010020522481A Network Trojan was detected192.168.2.175004292.255.85.369000TCP
                    2025-02-26T14:05:44.279347+010020522481A Network Trojan was detected192.168.2.175004392.255.85.369000TCP
                    2025-02-26T14:05:45.083740+010020522481A Network Trojan was detected192.168.2.175004492.255.85.369000TCP
                    2025-02-26T14:05:45.882027+010020522481A Network Trojan was detected192.168.2.175004592.255.85.369000TCP
                    2025-02-26T14:05:46.682443+010020522481A Network Trojan was detected192.168.2.175004692.255.85.369000TCP
                    2025-02-26T14:05:47.492514+010020522481A Network Trojan was detected192.168.2.175004792.255.85.369000TCP
                    2025-02-26T14:05:48.293439+010020522481A Network Trojan was detected192.168.2.175004892.255.85.369000TCP
                    2025-02-26T14:05:49.114254+010020522481A Network Trojan was detected192.168.2.175004992.255.85.369000TCP
                    2025-02-26T14:05:49.923777+010020522481A Network Trojan was detected192.168.2.175005092.255.85.369000TCP
                    2025-02-26T14:05:50.798407+010020522481A Network Trojan was detected192.168.2.175005192.255.85.369000TCP
                    2025-02-26T14:05:51.606573+010020522481A Network Trojan was detected192.168.2.175005292.255.85.369000TCP
                    2025-02-26T14:05:52.407102+010020522481A Network Trojan was detected192.168.2.175005392.255.85.369000TCP
                    2025-02-26T14:05:53.191939+010020522481A Network Trojan was detected192.168.2.175005492.255.85.369000TCP
                    2025-02-26T14:05:53.998593+010020522481A Network Trojan was detected192.168.2.175005592.255.85.369000TCP
                    2025-02-26T14:05:54.917827+010020522481A Network Trojan was detected192.168.2.175005692.255.85.369000TCP
                    2025-02-26T14:05:55.718812+010020522481A Network Trojan was detected192.168.2.175005792.255.85.369000TCP
                    2025-02-26T14:05:56.517474+010020522481A Network Trojan was detected192.168.2.175005892.255.85.369000TCP
                    2025-02-26T14:05:57.329217+010020522481A Network Trojan was detected192.168.2.175005992.255.85.369000TCP
                    2025-02-26T14:05:58.132650+010020522481A Network Trojan was detected192.168.2.175006092.255.85.369000TCP
                    2025-02-26T14:05:58.935690+010020522481A Network Trojan was detected192.168.2.175006192.255.85.369000TCP
                    2025-02-26T14:05:59.733820+010020522481A Network Trojan was detected192.168.2.175006292.255.85.369000TCP
                    2025-02-26T14:06:00.541214+010020522481A Network Trojan was detected192.168.2.175006392.255.85.369000TCP
                    2025-02-26T14:06:01.357561+010020522481A Network Trojan was detected192.168.2.175006492.255.85.369000TCP
                    2025-02-26T14:06:02.169141+010020522481A Network Trojan was detected192.168.2.175006592.255.85.369000TCP
                    2025-02-26T14:06:02.961849+010020522481A Network Trojan was detected192.168.2.175006692.255.85.369000TCP
                    2025-02-26T14:06:03.764774+010020522481A Network Trojan was detected192.168.2.175006792.255.85.369000TCP
                    2025-02-26T14:06:04.567464+010020522481A Network Trojan was detected192.168.2.175006892.255.85.369000TCP
                    2025-02-26T14:06:05.370003+010020522481A Network Trojan was detected192.168.2.175006992.255.85.369000TCP
                    2025-02-26T14:06:06.186064+010020522481A Network Trojan was detected192.168.2.175007092.255.85.369000TCP
                    2025-02-26T14:06:06.988457+010020522481A Network Trojan was detected192.168.2.175007192.255.85.369000TCP
                    2025-02-26T14:06:07.840876+010020522481A Network Trojan was detected192.168.2.175007292.255.85.369000TCP
                    2025-02-26T14:06:08.647522+010020522481A Network Trojan was detected192.168.2.175007592.255.85.369000TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-02-26T14:04:55.477411+010028033053Unknown Traffic192.168.2.174995892.255.85.369000TCP
                    2025-02-26T14:05:07.290362+010028033053Unknown Traffic192.168.2.174999892.255.85.369000TCP
                    2025-02-26T14:05:09.714699+010028033053Unknown Traffic192.168.2.175000192.255.85.369000TCP
                    2025-02-26T14:05:13.733336+010028033053Unknown Traffic192.168.2.175000692.255.85.369000TCP
                    2025-02-26T14:05:20.293445+010028033053Unknown Traffic192.168.2.175001492.255.85.369000TCP
                    2025-02-26T14:05:24.379516+010028033053Unknown Traffic192.168.2.175001992.255.85.369000TCP
                    2025-02-26T14:05:53.998593+010028033053Unknown Traffic192.168.2.175005592.255.85.369000TCP
                    2025-02-26T14:05:54.917827+010028033053Unknown Traffic192.168.2.175005692.255.85.369000TCP
                    2025-02-26T14:05:56.517474+010028033053Unknown Traffic192.168.2.175005892.255.85.369000TCP
                    2025-02-26T14:06:01.357561+010028033053Unknown Traffic192.168.2.175006492.255.85.369000TCP
                    2025-02-26T14:06:03.764774+010028033053Unknown Traffic192.168.2.175006792.255.85.369000TCP
                    2025-02-26T14:06:06.988457+010028033053Unknown Traffic192.168.2.175007192.255.85.369000TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus detection for dropped file
                    Source: C:\Users\user\AppData\Local\Temp\ltsAvira: detection malicious, Label: HEUR/AGEN.1307453
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Local\Temp\ltsVirustotal: Detection: 70%Perma Link

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:49946 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:49968 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:49977 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:49989 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:49992 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:49972 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:49958 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:49982 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:49952 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:49963 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:49991 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:49993 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:49994 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:49995 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:49999 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:49996 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:49997 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:49998 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50002 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50003 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50006 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50000 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50004 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50005 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50001 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50007 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50009 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50008 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50012 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50014 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50013 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50016 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50015 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50010 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50011 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50018 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50020 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50017 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50021 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50019 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50022 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50024 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50025 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50026 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50027 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50029 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50028 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50030 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50033 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50034 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50031 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50023 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50032 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50035 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50036 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50039 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50040 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50037 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50038 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50041 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50042 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50043 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50044 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50045 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50046 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50048 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50049 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50047 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50050 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50053 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50055 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50052 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50051 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50057 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50058 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50061 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50063 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50062 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50056 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50060 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50054 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50059 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50065 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50066 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50064 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50068 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50069 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50067 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50071 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50075 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50072 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.17:50070 -> 92.255.85.36:9000
                    Connects to many ports of the same IP (likely port scanning)
                    Source: global trafficTCP traffic: 92.255.85.36 ports 9000,1,4,5,7,8,15847
                    Uses known network protocols on non-standard ports
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49946
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49952
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49958
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49963
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49968
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49972
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49977
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49982
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49989
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49991
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49992
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49992
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49993 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49993
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49994
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49995
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49996
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49997
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49998
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49999
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50001
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50002
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50003
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50004
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50005
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50006
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50007 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50007
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50008
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50009
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50010
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50011
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50012
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50013
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50014
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50015
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50016
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50017
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50018
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50019 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50019
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50020
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50021
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50022
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50023
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50024
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50025
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50026
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50027
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50028
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50029 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50029
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50030 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50030
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50031
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50032
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50033
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50034
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50035
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50036
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50037
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50038
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50039
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50040
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50041 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50041
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50042
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50043
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50044
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50045
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50046
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50047
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50048
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50049
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50050
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50051
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50052 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50052
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50053 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50053
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50054 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50054
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50055 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50055
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50056 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50056
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50057 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50057
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50058
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50059 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50059
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50060 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50060
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50061 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50061
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50062 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50062
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50063 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50063
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50064 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50064
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50065 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50065
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50066 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50066
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50067 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50067
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50068 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50068
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50069 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50069
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50070 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50070
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50071 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50071
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50072 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50072
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50075 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50075
                    Source: global trafficTCP traffic: 192.168.2.17:49930 -> 92.255.85.36:15847
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.17:49958 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.17:49998 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.17:50006 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.17:50001 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.17:50014 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.17:50019 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.17:50055 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.17:50058 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.17:50056 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.17:50064 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.17:50067 -> 92.255.85.36:9000
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.17:50071 -> 92.255.85.36:9000
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: unknownTCP traffic detected without corresponding DNS query: 92.255.85.36
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA HTTP/1.1Host: 92.255.85.36:9000Connection: Keep-Alive
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: C:\Users\user\AppData\Local\Temp\lts, type: DROPPEDMatched rule: Detects Arechclient2 RAT Author: ditekSHen
                    Source: C:\Users\user\AppData\Local\Temp\lts, type: DROPPEDMatched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winZIP@9/13@0/9
                    Source: C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exeFile created: C:\Users\user\AppData\Roaming\updateprotect_v3
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMutant created: NULL
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMutant created: \Sessions\1\BaseNamedObjects\5c8947d1385c4e608aa7a0853c65418d
                    Source: C:\Users\user\AppData\Roaming\updateprotect_v3\AUpdate.exeFile created: C:\Users\user\AppData\Local\Temp\e587f879
                    Source: Yara matchFile source: 00000008.00000002.1414355644.0000000050001000.00000020.00000001.01000000.00000005.sdmp, type: MEMORY
                    Source: Yara matchFile source: C:\Users\user\AppData\Roaming\updateprotect_v3\rtl120.bpl, type: DROPPED
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Windows\SysWOW64\cmd.exeFile read: C:\Users\desktop.ini
                    Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
                    Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                    Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                    Source: unknownProcess created: C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exe "C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exe"
                    Source: C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exeProcess created: C:\Users\user\AppData\Roaming\updateprotect_v3\AUpdate.exe C:\Users\user\AppData\Roaming\updateprotect_v3\AUpdate.exe
                    Source: C:\Users\user\AppData\Roaming\updateprotect_v3\AUpdate.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exeProcess created: C:\Users\user\AppData\Roaming\updateprotect_v3\AUpdate.exe C:\Users\user\AppData\Roaming\updateprotect_v3\AUpdate.exe
                    Source: C:\Users\user\AppData\Roaming\updateprotect_v3\AUpdate.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                    Source: C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exeSection loaded: version.dll
                    Source: C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exeSection loaded: version.dll
                    Source: C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exeSection loaded: mpr.dll
                    Source: C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exeSection loaded: wsock32.dll
                    Source: C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exeSection loaded: oleacc.dll
                    Source: C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exeSection loaded: wsock32.dll
                    Source: C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exeSection loaded: version.dll
                    Source: C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exeSection loaded: msimg32.dll
                    Source: C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exeSection loaded: oledlg.dll
                    Source: C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exeSection loaded: dbghelp.dll
                    Source: C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exeSection loaded: pla.dll
                    Source: C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exeSection loaded: pdh.dll
                    Source: C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exeSection loaded: tdh.dll
                    Source: C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exeSection loaded: cabinet.dll
                    Source: C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exeSection loaded: wevtapi.dll
                    Source: C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exeSection loaded: shdocvw.dll
                    Source: C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exeSection loaded: ntmarta.dll
                    Source: C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exeSection loaded: apphelp.dll
                    Source: C:\Users\user\AppData\Roaming\updateprotect_v3\AUpdate.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\updateprotect_v3\AUpdate.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\updateprotect_v3\AUpdate.exeSection loaded: mpr.dll
                    Source: C:\Users\user\AppData\Roaming\updateprotect_v3\AUpdate.exeSection loaded: wsock32.dll
                    Source: C:\Users\user\AppData\Roaming\updateprotect_v3\AUpdate.exeSection loaded: oleacc.dll
                    Source: C:\Users\user\AppData\Roaming\updateprotect_v3\AUpdate.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\updateprotect_v3\AUpdate.exeSection loaded: wsock32.dll
                    Source: C:\Users\user\AppData\Roaming\updateprotect_v3\AUpdate.exeSection loaded: msimg32.dll
                    Source: C:\Users\user\AppData\Roaming\updateprotect_v3\AUpdate.exeSection loaded: oledlg.dll
                    Source: C:\Users\user\AppData\Roaming\updateprotect_v3\AUpdate.exeSection loaded: dbghelp.dll
                    Source: C:\Users\user\AppData\Roaming\updateprotect_v3\AUpdate.exeSection loaded: pla.dll
                    Source: C:\Users\user\AppData\Roaming\updateprotect_v3\AUpdate.exeSection loaded: pdh.dll
                    Source: C:\Users\user\AppData\Roaming\updateprotect_v3\AUpdate.exeSection loaded: tdh.dll
                    Source: C:\Users\user\AppData\Roaming\updateprotect_v3\AUpdate.exeSection loaded: cabinet.dll
                    Source: C:\Users\user\AppData\Roaming\updateprotect_v3\AUpdate.exeSection loaded: wevtapi.dll
                    Source: C:\Users\user\AppData\Roaming\updateprotect_v3\AUpdate.exeSection loaded: shdocvw.dll
                    Source: C:\Users\user\AppData\Roaming\updateprotect_v3\AUpdate.exeSection loaded: winhttp.dll
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winbrand.dll
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dll
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dll
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: propsys.dll
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: profapi.dll
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: linkinfo.dll
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: ntshrui.dll
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: sspicli.dll
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: srvcli.dll
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cscapi.dll
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: bitsproxy.dll
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: netutils.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mscoree.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: version.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: uxtheme.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wldp.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: profapi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptsp.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rsaenh.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptbase.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mswsock.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: userenv.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: secur32.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sspicli.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: amsi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ntmarta.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dpapi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: iphlpapi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dnsapi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dhcpcsvc6.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dhcpcsvc.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winnsi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasapi32.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasman.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rtutils.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winhttp.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32
                    Source: AUpdate.exe (3).zipStatic file information: File size 3208495 > 1048576
                    Source: C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exeFile created: C:\Users\user\AppData\Roaming\updateprotect_v3\madbasic_.bplJump to dropped file
                    Source: C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exeFile created: C:\Users\user\AppData\Roaming\updateprotect_v3\madexcept_.bplJump to dropped file
                    Source: C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exeFile created: C:\Users\user\AppData\Roaming\updateprotect_v3\rtl120.bplJump to dropped file
                    Source: C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exeFile created: C:\Users\user\AppData\Roaming\updateprotect_v3\maddisAsm_.bplJump to dropped file
                    Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\ltsJump to dropped file
                    Source: C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exeFile created: C:\Users\user\AppData\Roaming\updateprotect_v3\AUpdate.exeJump to dropped file
                    Source: C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exeFile created: C:\Users\user\AppData\Roaming\updateprotect_v3\vcl120.bplJump to dropped file
                    Source: C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exeFile created: C:\Users\user\AppData\Roaming\updateprotect_v3\madbasic_.bplJump to dropped file
                    Source: C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exeFile created: C:\Users\user\AppData\Roaming\updateprotect_v3\maddisAsm_.bplJump to dropped file
                    Source: C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exeFile created: C:\Users\user\AppData\Roaming\updateprotect_v3\madexcept_.bplJump to dropped file
                    Source: C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exeFile created: C:\Users\user\AppData\Roaming\updateprotect_v3\rtl120.bplJump to dropped file
                    Source: C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exeFile created: C:\Users\user\AppData\Roaming\updateprotect_v3\vcl120.bplJump to dropped file
                    Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\ltsJump to dropped file

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Found hidden mapped module (file has been removed from disk)
                    Source: C:\Windows\SysWOW64\cmd.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\LTS
                    Source: C:\Windows\SysWOW64\cmd.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\LTS
                    Source: C:\Windows\SysWOW64\cmd.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\LTS
                    Source: C:\Windows\SysWOW64\cmd.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\LTS
                    Source: C:\Windows\SysWOW64\cmd.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\LTS
                    Source: C:\Windows\SysWOW64\cmd.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\LTS
                    Source: C:\Windows\SysWOW64\cmd.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\LTS
                    Source: C:\Windows\SysWOW64\cmd.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\LTS
                    Source: C:\Windows\SysWOW64\cmd.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\LTS
                    Uses known network protocols on non-standard ports
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49946
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49952
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49958
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49963
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49968
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49972
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49977
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49982
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49989
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49991
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49992
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49992
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49993 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49993
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49994
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49995
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49996
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49997
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49998
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49999
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50001
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50002
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50003
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50004
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50005
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50006
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50007 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50007
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50008
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50009
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50010
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50011
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50012
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50013
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50014
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50015
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50016
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50017
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50018
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50019 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50019
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50020
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50021
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50022
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50023
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50024
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50025
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50026
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50027
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50028
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50029 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50029
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50030 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50030
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50031
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50032
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50033
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50034
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50035
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50036
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50037
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50038
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50039
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50040
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50041 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50041
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50042
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50043
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50044
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50045
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50046
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50047
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50048
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50049
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50050
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50051
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50052 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50052
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50053 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50053
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50054 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50054
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50055 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50055
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50056 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50056
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50057 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50057
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50058
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50059 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50059
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50060 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50060
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50061 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50061
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50062 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50062
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50063 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50063
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50064 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50064
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50065 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50065
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50066 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50066
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50067 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50067
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50068 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50068
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50069 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50069
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50070 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50070
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50071 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50071
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50072 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50072
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50075 -> 9000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50075
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX

                    Malware Analysis System Evasion

                    barindex
                    Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Switches to a custom stack to bypass stack traces
                    Source: C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exeAPI/Special instruction interceptor: Address: 6C6D7C44
                    Source: C:\Users\user\AppData\Roaming\updateprotect_v3\AUpdate.exeAPI/Special instruction interceptor: Address: 6C6D7C44
                    Source: C:\Users\user\AppData\Roaming\updateprotect_v3\AUpdate.exeAPI/Special instruction interceptor: Address: 6C6D7945
                    Source: C:\Windows\SysWOW64\cmd.exeAPI/Special instruction interceptor: Address: 6C6D3B54
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 1650000 memory reserve | memory write watch
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 3020000 memory reserve | memory write watch
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 5020000 memory reserve | memory write watch
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 600000
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindow / User API: threadDelayed 2980
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindow / User API: threadDelayed 9710
                    Source: C:\Windows\SysWOW64\cmd.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ltsJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5840Thread sleep time: -2767011611056431s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5840Thread sleep time: -60000s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7164Thread sleep time: -57618s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5840Thread sleep time: -59888s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5104Thread sleep count: 2980 > 30
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5840Thread sleep time: -59776s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5840Thread sleep time: -59664s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7164Thread sleep time: -43796s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5840Thread sleep time: -59552s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7164Thread sleep time: -37820s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5840Thread sleep time: -59440s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5840Thread sleep time: -59329s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7164Thread sleep time: -35437s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7164Thread sleep time: -46474s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7164Thread sleep time: -42835s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7164Thread sleep time: -39251s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7164Thread sleep time: -49432s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 2984Thread sleep time: -30000s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 3132Thread sleep time: -720000s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7164Thread sleep time: -59729s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7164Thread sleep time: -48074s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5840Thread sleep time: -4611686018427385s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5104Thread sleep count: 9710 > 30
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7164Thread sleep time: -42945s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7164Thread sleep time: -32068s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 2232Thread sleep time: -1800000s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7164Thread sleep time: -37268s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7164Thread sleep time: -40282s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7164Thread sleep time: -42831s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7164Thread sleep time: -36644s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7164Thread sleep time: -44848s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7164Thread sleep time: -52454s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7164Thread sleep time: -45675s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7164Thread sleep time: -55531s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7164Thread sleep time: -40953s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7164Thread sleep time: -33346s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7164Thread sleep time: -45688s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7164Thread sleep time: -51716s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7164Thread sleep time: -41562s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7164Thread sleep time: -51956s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7164Thread sleep time: -51441s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 60000
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 57618
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59888
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59776
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59664
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 43796
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59552
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 37820
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59440
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59329
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 35437
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 46474
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 42835
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 39251
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 49432
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 30000
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 60000
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59729
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 48074
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 42945
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 32068
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 600000
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 37268
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 40282
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 42831
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 36644
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 44848
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 52454
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 45675
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 55531
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 40953
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 33346
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 45688
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 51716
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 41562
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 51956
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 51441
                    Source: C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exeProcess information queried: ProcessInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: page read and write | page guard

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Found direct / indirect Syscall (likely to bypass EDR)
                    Source: C:\Users\user\AppData\Roaming\updateprotect_v3\AUpdate.exeNtQuerySystemInformation: Direct from: 0x772C63E1
                    Source: C:\Users\user\AppData\Roaming\updateprotect_v3\AUpdate.exeNtSetInformationThread: Direct from: 0x59805142
                    Source: C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exeNtProtectVirtualMemory: Direct from: 0x772C7B2E
                    Maps a DLL or memory area into another process
                    Source: C:\Users\user\AppData\Roaming\updateprotect_v3\AUpdate.exeSection loaded: NULL target: C:\Windows\SysWOW64\cmd.exe protection: read write
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: NULL target: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe protection: read write
                    Writes to foreign memory regions
                    Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 6B3C1000
                    Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: DFD008
                    Source: C:\Users\user\AppData\Roaming\updateprotect_v3\AUpdate.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                    Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                    Stealing of Sensitive Information

                    barindex
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: 0000000A.00000002.1706747917.0000000005990000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\lts, type: DROPPED
                    Source: Yara matchFile source: 00000012.00000002.2479370506.0000000000F02000.00000002.00000001.01000000.00000000.sdmp, type: MEMORY
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\cookies.sqlite
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                    Tries to steal Crypto Currency Wallets
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\atomic\
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Binance\
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\
                    Source: Yara matchFile source: 0000000A.00000002.1706747917.0000000005990000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\lts, type: DROPPED
                    Source: Yara matchFile source: 00000012.00000002.2479370506.0000000000F02000.00000002.00000001.01000000.00000000.sdmp, type: MEMORY

                    Remote Access Functionality

                    barindex
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: 0000000A.00000002.1706747917.0000000005990000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\lts, type: DROPPED
                    Source: Yara matchFile source: 00000012.00000002.2479370506.0000000000F02000.00000002.00000001.01000000.00000000.sdmp, type: MEMORY

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts221
                    Windows Management Instrumentation                    		11
                    DLL Side-Loading                    		211
                    Process Injection                    		11
                    Masquerading                    		1
                    OS Credential Dumping                    		42
                    Security Software Discovery                    		Remote Services2
                    Data from Local System                    		2
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                    Abuse Elevation Control Mechanism                    		1
                    Disable or Modify Tools                    		LSASS Memory1
                    Process Discovery                    		Remote Desktop ProtocolData from Removable Media11
                    Non-Standard Port                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)11
                    DLL Side-Loading                    		241
                    Virtualization/Sandbox Evasion                    		Security Account Manager241
                    Virtualization/Sandbox Evasion                    		SMB/Windows Admin SharesData from Network Shared Drive1
                    Ingress Tool Transfer                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook211
                    Process Injection                    		NTDS1
                    Application Window Discovery                    		Distributed Component Object ModelInput Capture1
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    Abuse Elevation Control Mechanism                    		LSA Secrets1
                    File and Directory Discovery                    		SSHKeylogging2
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Rundll32                    		Cached Domain Credentials213
                    System Information Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
                    DLL Side-Loading                    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    No Antivirus matches

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Roaming\updateprotect_v3\AUpdate.exe4%ReversingLabs
                    C:\Users\user\AppData\Roaming\updateprotect_v3\AUpdate.exe1%VirustotalBrowse
                    C:\Users\user\AppData\Roaming\updateprotect_v3\madbasic_.bpl0%ReversingLabs
                    C:\Users\user\AppData\Roaming\updateprotect_v3\madbasic_.bpl3%VirustotalBrowse
                    C:\Users\user\AppData\Roaming\updateprotect_v3\maddisAsm_.bpl3%ReversingLabs
                    C:\Users\user\AppData\Roaming\updateprotect_v3\maddisAsm_.bpl1%VirustotalBrowse
                    C:\Users\user\AppData\Roaming\updateprotect_v3\madexcept_.bpl3%ReversingLabs
                    C:\Users\user\AppData\Roaming\updateprotect_v3\madexcept_.bpl4%VirustotalBrowse
                    C:\Users\user\AppData\Roaming\updateprotect_v3\rtl120.bpl3%ReversingLabs
                    C:\Users\user\AppData\Roaming\updateprotect_v3\rtl120.bpl1%VirustotalBrowse
                    C:\Users\user\AppData\Roaming\updateprotect_v3\vcl120.bpl3%ReversingLabs
                    C:\Users\user\AppData\Roaming\updateprotect_v3\vcl120.bpl1%VirustotalBrowse
                    C:\Users\user\AppData\Local\Temp\lts100%AviraHEUR/AGEN.1307453
                    C:\Users\user\AppData\Local\Temp\lts71%VirustotalBrowse

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://92.255.85.36:9000/wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    No contacted domains info

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://92.255.85.36:9000/wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDAtrue
                    • Avira URL Cloud: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    92.255.85.36
                    		unknownRussian Federation
                    		42097SOVTEL-ASRUtrue

                    General Information

                    Joe Sandbox version:42.0.0 Malachite
                    Analysis ID:1624737
                    Start date and time:2025-02-26 14:03:17 +01:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:defaultwindowsinteractivecookbook.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:22
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • EGA enabled
                    Analysis Mode:stream
                    Analysis stop reason:Timeout
                    Sample name:AUpdate.exe (3).zip
                    Detection:MAL
                    Classification:mal100.troj.spyw.evad.winZIP@9/13@0/9
                    Cookbook Comments:
                    • Found application associated with file extension: .zip

                    Warnings

                    • Exclude process from analysis (whitelisted): dllhost.exe
                    • Excluded IPs from analysis (whitelisted): 4.245.163.56
                    • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, sls.update.microsoft.com, fe3cr.delivery.mp.microsoft.com, glb.sls.prod.dcat.dsp.trafficmanager.net
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                    • VT rate limit hit for: http://92.255.85.36:9000/wbinjget?q=6E405FD3B8CC7CC88F386BC215841DDA

                    Created / dropped Files

                    C:\Users\user\AppData\Local\Temp\e587f879

                    Download File
                    Process:C:\Users\user\AppData\Roaming\updateprotect_v3\AUpdate.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):1505018
                    Entropy (8bit):7.747369148969085
                    Encrypted:false
                    SSDEEP:
                    MD5:10DD1176D2242A6EE0E50E7F274B68EF
                    SHA1:E57B9A60D833304C9AB52325ED24CDEA1A1242D4
                    SHA-256:F585BF5866F6500DD517E7780D54B55F46D6EB71E3C5CF1DD5E8EA1BBFCE5EBB
                    SHA-512:EE58E7CF0595DB33763C2A23A7D11FDE9F2052F4A04B99D9CAC0C8AD22D7598A752FDD7F62E9BEA0ECE0A5F87F4CFD700837ABFF4DD8DA41360C9F4EF715F3FD
                    Malicious:false
                    Reputation:unknown
                    Preview:i&..k&..j&..j&..k&..N&..~&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..OgY..g].OzD..Tf..@}.=Og..Qz.9Rh...D..SU..In..Kz.9Rh..Sy.j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..)I@..R`..Os./^..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..)IJ..G}.#Hz..Hj.j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..Oq@..o[.6k`..Iz..R'./rU..Gd..I{.j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..j&....'.D.9.X...j&..j&..j&..j&..j&..j&..j&..j&..j&..j&..

                    C:\Users\user\AppData\Local\Temp\lts

                    Download File
                    Process:C:\Windows\SysWOW64\cmd.exe
                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                    Category:modified
                    Size (bytes):773632
                    Entropy (8bit):6.932622068468904
                    Encrypted:false
                    SSDEEP:
                    MD5:B31B4CA2C2307C7042D17123A073655A
                    SHA1:2A3B070FE6D5F3DD171112CD549DFFD89F6E7DA3
                    SHA-256:D869DBF1DB938CAF1DC01CAA512125DACF7A866C065F81FC89572CAF26618143
                    SHA-512:4CCB76D83FEA917276655886A11F545BD2CD1A03947AE832527A8BB0EC475BA92CD46DDC4E993EA5FBA6329007AE019F1D95E3F6F494CDE4FBBA7D10198B739B
                    Malicious:true
                    Yara Hits:
                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: C:\Users\user\AppData\Local\Temp\lts, Author: Joe Security
                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\lts, Author: Joe Security
                    • Rule: MALWARE_Win_Arechclient2, Description: Detects Arechclient2 RAT, Source: C:\Users\user\AppData\Local\Temp\lts, Author: ditekSHen
                    Antivirus:
                    • Antivirus: Avira, Detection: 100%
                    • Antivirus: Virustotal, Detection: 71%, Browse
                    Reputation:unknown
                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...jD.V............................^.... ........@.. .......................@..................................................K............................ ....................................................... ............... ..H............text...d.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................@.......H.......,....>...........................................................0............ ....X...%-.&so...sp...}-..... ....X.~(.... ....Y.).... .....7...%.....~'.... ....Y.)....sq...~(.... ....Y.)....or.........%.~s.... ....X .... "...a~s.....dX(.....%.~(.... ....Y.)......~(.... ....Y.)....~0...%-.&~/.........st...%.0...(...+}....*..0........... ....X..{M...*..0............(..... .p..Y. ...@\...\a..Z3.+.~s.... .M..X+2~...... ....^ ...l_.3.+. 4.rc H:;..+.~s.... ...X..#.......@.

                    C:\Users\user\AppData\Local\Temp\tmpCC04.tmp

                    Download File
                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                    Category:dropped
                    Size (bytes):20480
                    Entropy (8bit):0.8475261981921455
                    Encrypted:false
                    SSDEEP:
                    MD5:D6705398A4AC8C7CFAA1D04AA2CC8978
                    SHA1:848E9BD1900B5D8142160642F35D6C4E4A33804F
                    SHA-256:9C65540845E3870A1447EE1EC5B7F62A368BE68434C73CBAFC7D5DDFDBC4CE79
                    SHA-512:6A511D38A67D7033E735C93950233199E6D8BB9D79CA74CADFA54B201CDF36DE23BDBCD3DA4A05EDF378738BF5D97D25A2E599E9904CF8CF5C3FD440BE776347
                    Malicious:false
                    Reputation:unknown
                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmpEAA6.tmp

                    Download File
                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                    Category:dropped
                    Size (bytes):20480
                    Entropy (8bit):0.6732424250451717
                    Encrypted:false
                    SSDEEP:
                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                    Malicious:false
                    Reputation:unknown
                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\uiqnkowx

                    Download File
                    Process:C:\Windows\SysWOW64\cmd.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Feb 26 12:04:19 2025, mtime=Wed Feb 26 12:04:20 2025, atime=Mon Feb 24 17:19:00 2025, length=759040, window=hide
                    Category:dropped
                    Size (bytes):920
                    Entropy (8bit):4.9969040923711745
                    Encrypted:false
                    SSDEEP:
                    MD5:CD561CC9821C1A0E5D52F458EFA11EBB
                    SHA1:424B9586FC4405759623EF856E7B5C11C588CC0B
                    SHA-256:71D5284992AA9146B4F654BF2EAF2A19EA2749A0DECD23A46DEE2CDE6ED2ADAB
                    SHA-512:1C4A67B79D9B17A9FCEC3D98550404EB8298F610A14E8CF38DB88A837AB4F5A0F5DF00B75330D8BBF00C3997F0476D2D39A0F45B6CBBDCE2EF4082B1DAE036F2
                    Malicious:false
                    Reputation:unknown
                    Preview:L..................F.... ....0..N.......N....BV..............................:..DG..Yr?.D..U..k0.&...&......&..9.......N.......N.......t...CFSF..1.....FWtM..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......FWtMZZoh.....Y.....................?@.A.p.p.D.a.t.a...B.V.1.....ZZ.h..Roaming.@......FWtMZZ.h.....Y........................R.o.a.m.i.n.g.....j.1.....ZZ.h..UPDATE~1..R......ZZ.hZZ.h....[.......................).u.p.d.a.t.e.p.r.o.t.e.c.t._.v.3.....b.2.....XZ`. .AUpdate.exe.H......ZZ.hZZ.h....].........................A.U.p.d.a.t.e...e.x.e.......k...............-.......j............Wp......C:\Users\user\AppData\Roaming\updateprotect_v3\AUpdate.exe..*.....\.....\.R.o.a.m.i.n.g.\.u.p.d.a.t.e.p.r.o.t.e.c.t._.v.3.\.A.U.p.d.a.t.e...e.x.e.`.......X.......878411...........hT..CrF.f4... .:..3B..../....%..hT..CrF.f4... .:..3B..../....%.E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                    C:\Users\user\AppData\Roaming\updateprotect_v3\AUpdate.exe

                    Download File
                    Process:C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exe
                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                    Category:dropped
                    Size (bytes):759040
                    Entropy (8bit):6.459881601877314
                    Encrypted:false
                    SSDEEP:
                    MD5:835B7CD3E19480F02C8D3C348D4722BC
                    SHA1:42DAA8E667CAB65BE81C02D163411DC9C72CB340
                    SHA-256:4D6B7A98913BD518C5D86EDE3F5C9818B06DCDD9CD2EC53ADE90EAEDF5BB64B2
                    SHA-512:9002BB180E888F47953CA204461D778804C95913D02A36FEC333E67F18042719DEE1A53B61579AD5A3DD8A313AB8D9365569A0D8871652AAEEF528D8F2504A62
                    Malicious:true
                    Antivirus:
                    • Antivirus: ReversingLabs, Detection: 4%
                    • Antivirus: Virustotal, Detection: 1%, Browse
                    Reputation:unknown
                    Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...M..e.................b..........P\............@.................................-)...........@...........................@...........A...........Z...;..........................................................O..,............................text...42.......4.................. ..`.itext...-...P.......8.............. ..`.data...$............f..............@....bss....h.... ...........................idata.......@......................@....tls.....................................rdata..............................@..@.reloc.............................@..B.rsrc....A.......B..................@..@.....................R..............@..@................................................................................................

                    C:\Users\user\AppData\Roaming\updateprotect_v3\ectoderm.txt

                    Download File
                    Process:C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):63244
                    Entropy (8bit):4.557473607385051
                    Encrypted:false
                    SSDEEP:
                    MD5:1FCFF1382C4CC575102DC75CC1AD4D20
                    SHA1:570999F79A819EE5B41A7618CF9366C016B4A6C8
                    SHA-256:896D4C2ACC4EF9037521CA10B1B92DB59B804FB3130577C56FDFF68FE4F1C0D4
                    SHA-512:399B640900BE063027597EF809748375120A77CAFD9C2DA4E9BE21023D6AEE04BA3CB91C11447C5D4DE5FF8D56CBBFFEC9896050EC5940B5A33135E6B6A4D484
                    Malicious:false
                    Reputation:unknown
                    Preview:...R.^..o.......LW..U.pt[y.M.v.X.\V...c...wUk.p.XD.D..w.s._.KHprdk..iVlUI.AO.Y.....`..lY..\ID.Bk...\Lb.eS..VP.VgtMli..Mp.p....aWKe.wo.]hp...Z_.....c.F....lXT.c...io]...RU..L.KHvet.D......W..vHsL.gE._...pN.....[..U..o...c..f...\NoN.gA[t...a.Zf.i..._e.....l.[U..H.BxAAeKNqt.]v.G.na.J....Gd....r._.R..N\..eZ.......P..LhyhLN..aVFH...s..o....[.XT...BaV...DMJ....pe..x....w]x..W.\.IB..aK`..w...wQ...\ua..`Y..qhZZN....p.s...o.i_...u\d..tGg.s..QHQt..pd..`.fLddr.D..........c...X.P....K[.bXtws.lw`gywX.V..b...s...M.....b\.b..S..L.[.P.nm...m...Q.`..ttf.Jl_s..q.l.TmIY..K.RqD^T.M...D....A..eK...yY.LJVA.y.rdGy..lVO...P.kR\..]VwZ..qmZsi.W..hD..pFi.Y..H[.b.l._.XP.M\.J....`l..s..E.u..ayx..[..Q.e.R...yYC..Zt..TW.Q.Z`a.n.K.[hWB..x.VG.i...T.^...DS.F..Uce.V.`V....R.q]fYI..Ck.........vaR.i.....F..w.k..h..f...OJL.h.Kkv.Pl..Y.qaJ.o.x.X.J.e...X..JDjS.....].Hi..X..Y..bD.....awiubL.jGN.o....e.E.`.M.aQ..ho.Yi.l...Kk.yU.K_..Ow.g\x..`..o........ynP.V....DOW..x..X.VWI...W.n..V.U[y.X..dQ..cq`n..\h.N.......CB.W...G^.xyb.Z.

                    C:\Users\user\AppData\Roaming\updateprotect_v3\madbasic_.bpl

                    Download File
                    Process:C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exe
                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                    Category:dropped
                    Size (bytes):214016
                    Entropy (8bit):6.88876124830787
                    Encrypted:false
                    SSDEEP:
                    MD5:DC6655A38FFDC3C349F13828FC8EC36E
                    SHA1:95DB71EF7BFF8C16CE955C760292BAD9F09BB06D
                    SHA-256:16126FF5DAA3787A159CF4A39AA040B8050EBB66AB90DBB97C503110EF72824A
                    SHA-512:84B85F2AAAD773CBE039022DB3D0C35263343243F0D021D7AA3086904B80DD309E6D2A93613CC774B5DB27335F4D2850151E2BC8F4648B0065F66BD3722C3D69
                    Malicious:true
                    Antivirus:
                    • Antivirus: ReversingLabs, Detection: 0%
                    • Antivirus: Virustotal, Detection: 3%, Browse
                    Reputation:unknown
                    Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...[..V.............................0.......@.....W.................................................................0...d......`(......x................@......................".......................................0............................text...x........................... ..`.itext.......0...................... ..`.data...l&...@...(..................@....bss........p.......@...................idata..`(.......*...@..............@....edata...d...0...f...j..............@..@.rdata.."...........................@..@.reloc..............................@..B.rsrc...x...........................@..@....................................@..@................................................................................................

                    C:\Users\user\AppData\Roaming\updateprotect_v3\maddisAsm_.bpl

                    Download File
                    Process:C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exe
                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                    Category:dropped
                    Size (bytes):62976
                    Entropy (8bit):6.769493849077948
                    Encrypted:false
                    SSDEEP:
                    MD5:84BC072F8EA30746F0982AFBDA3C638F
                    SHA1:F39343933FF3FC7934814D6D3B7B098BC92540A0
                    SHA-256:52019F47F96CA868FA4E747C3B99CBA1B7AA57317BF8EBF9FCBF09AA576FE006
                    SHA-512:6E7648194738E8E49E48C2450EEF1D482473CD4E5C0E83F292AC9174488F3F22A3B6BA96F07E024C2AB96613D9DB1A97084CA0B3973ED5D88502E0D28E120EF5
                    Malicious:true
                    Antivirus:
                    • Antivirus: ReversingLabs, Detection: 3%
                    • Antivirus: Virustotal, Detection: 1%, Browse
                    Reputation:unknown
                    Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...[..V.................z...8......4..............W......................... ......~{..................................&.......d........................@......T...............#....................................................................text...4w.......x.................. ..`.itext..<............|.............. ..`.data................~..............@....bss.....................................idata..d...........................@....edata..&...........................@..@.rdata..#...........................@..@.reloc..T...........................@..B.rsrc...............................@..@............. ......................@..@................................................................................................

                    C:\Users\user\AppData\Roaming\updateprotect_v3\madexcept_.bpl

                    Download File
                    Process:C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exe
                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                    Category:dropped
                    Size (bytes):445440
                    Entropy (8bit):6.72896791470054
                    Encrypted:false
                    SSDEEP:
                    MD5:5831D91ADE096B69279910D8C83743DD
                    SHA1:47E5F159E441B08556B5D670CD3489A5AB55B1E5
                    SHA-256:92D057D5E1B1429B790606DDD8C71C60E9481068D90D25160247124181C57F3A
                    SHA-512:EC6621184B760AD90047FAB0EEEC751E1AD2E8BD45AAD6C441EBFF17FD5A4BDEFA10B2984BC325D87553DEDCA9070785D45499749286524A2E95A09B5C32DE49
                    Malicious:true
                    Antivirus:
                    • Antivirus: ReversingLabs, Detection: 3%
                    • Antivirus: Virustotal, Detection: 4%, Browse
                    Reputation:unknown
                    Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...f..V.................H...@......<c.......p.....Y.....................................................................O......._......D<...............@...P...@...........@..$...................................l...x............................text....C.......D.................. ..`.itext..D....`.......H.............. ..`.data...t....p.......L..............@....bss....H............Z...................idata..._.......`...Z..............@....edata...O.......P..................@..@.rdata..$....@......................@..@.reloc...A...P...B..................@..B.rsrc...D<.......>...N..............@..@.....................R..............@..@................................................................................................

                    C:\Users\user\AppData\Roaming\updateprotect_v3\rtl120.bpl

                    Download File
                    Process:C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exe
                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                    Category:dropped
                    Size (bytes):1111552
                    Entropy (8bit):6.828560472335152
                    Encrypted:false
                    SSDEEP:
                    MD5:630991830AFE0B969BD0995E697AB16E
                    SHA1:FEDA243D83FBA15B23D654513DC1F0D70787BA18
                    SHA-256:B1FCB0339B9EF4860BB1ED1E5BA0E148321BE64696AF64F3B1643D1311028CB3
                    SHA-512:2F2BF30BE615F44E56ECCA972A9FCBE27187045E13C468D039645E5CC6D01F990CDE32B322965F245BC8FCCFD0920F09A0AFA1D4DE0748ED01DD9FFC1BD24692
                    Malicious:true
                    Yara Hits:
                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Roaming\updateprotect_v3\rtl120.bpl, Author: Joe Security
                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Roaming\updateprotect_v3\rtl120.bpl, Author: Joe Security
                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Roaming\updateprotect_v3\rtl120.bpl, Author: Joe Security
                    Antivirus:
                    • Antivirus: ReversingLabs, Detection: 3%
                    • Antivirus: Virustotal, Detection: 1%, Browse
                    Reputation:unknown
                    Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....g.H...........................................P.........................`..................................................X$...p...................@..............................................................x............................text.............................. ..`.itext........... .................. ..`.data...tw.......x..................@....bss.... T...@.......(...................idata..X$.......&...(..............@....edata...............N..............@..@.rdata...............0..............@..@.reloc...............2..............@..B.rsrc........p......................@..@.............`......................@..@................................................................................................

                    C:\Users\user\AppData\Roaming\updateprotect_v3\undercarriage.zip

                    Download File
                    Process:C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):1261641
                    Entropy (8bit):7.954738722027143
                    Encrypted:false
                    SSDEEP:
                    MD5:38AE10A3CD5066CDDF2F33EE3204485B
                    SHA1:87F3EB2132B1FF27AE89A6B7A42E4329865AB989
                    SHA-256:DBACE4DE7D47262D407D34B73E313BE9A6E642C9364E91C5FB1C3032629D74DE
                    SHA-512:8298F6E76723DD9F98FD4559735612DA2E92F57E880606D373490804A6E51D690670FA44F141F1846AE177D453000ADDC99B5030D84069321823ECCE249E20D5
                    Malicious:false
                    Reputation:unknown
                    Preview:.Xr.`..HFDy....i.Y.D.P.t....SL..j`ml.\...U.LNXNy.P.^A...[pT..Svj`..t.T...euau..Z.._P..In...TU..qp.o.mM.[h...v....clp..v..v...S.A`.lcF...h.P.H..lc.q.F.N.kjqs.A.....Ghr.VeV..M.eL.sKc...TDj...Zj...W...S.i.W..E..J.V].KQ..anMH.s..ka.[K.bNS.j....KH..UkCS[m..PK....P.j..WaXZY...h.m...W..Vd\.Xei.kn..Mw`TE..H....S....F...c.....i..PJd.R..Eh.J...`.f...DdZK..LvF.kt..Z.bO.kmWCk.Z.I...X._.y.oYl....K.Y..]KQ..]..eMp^F...V.wcf..LN..s..[.K\.......I...LpM.X...wZ.......Z.Q....ip.Ay...[..v..l..A.srH.q.CcEiW.V..NcH...st...kQ.._L.l......HV..H....u.ce..D.Q.Zy.._oP..H.vu.....y.DmJ.l......s...V.l.MDy..Cc.`buab.q....Im....WJ.Ws.lV.....^R.nV.x...u.w.......ru\.t.^.yd..Inx..ND.W....rRWoPsyVx.m[d[m....GI[.q.\.t.xu.a..k.yZ....JL..D.].m.aX.]s`q^.R.Yio.H.S.W..QmY.pXe.....l..b.P.u...AmL..d...O.K.AWtg..Uh.k._f...d.Oc..pcrP.....e...QyK.q..Sm...[....R.j..NWM.j..x.scmthE._.n]r.c.YW...JawC..._tey..Hpt]E.`...k.\.k.cc.s.`t.F..s..kb..c.....m[qg.e...[.w.fB.w[..D...j.b.t.yHxm\Ns...Fp...cD....Tm..J....e.viW.F..^X..V..R.D.\....JA..H

                    C:\Users\user\AppData\Roaming\updateprotect_v3\vcl120.bpl

                    Download File
                    Process:C:\Users\user\Desktop\AUpdate.exe (3)\AUpdate.exe\AUpdate.exe
                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                    Category:dropped
                    Size (bytes):2012160
                    Entropy (8bit):6.677286319553433
                    Encrypted:false
                    SSDEEP:
                    MD5:849070EBD34CBAEDC525599D6C3F8914
                    SHA1:B0543D13F4D0CB787ABDAAF1D3C9A5AF17C87AFA
                    SHA-256:B6F321A48812DC922B26953020C9A60949EC429A921033CFAF1E9F7D088EE628
                    SHA-512:F2CA685B01BE9D1B77D8D924E0097DDACEE7628CC1AAD8A87D8B18A699558D38A7851E6CFF8BB2B8AE1980824588AF5C3AC75B7B4198B620144DFF61611F3AEB
                    Malicious:true
                    Antivirus:
                    • Antivirus: ReversingLabs, Detection: 3%
                    • Antivirus: Virustotal, Detection: 1%, Browse
                    Reputation:unknown
                    Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....g.H.....................l............... .....P.................................e...............................P...'...`.......................t...@.......^.............."....................................y...............................text...4........................... ..`.itext.............................. ..`.data...\!... ..."..................@....bss....<....P.......*...................idata.......`.......*..............@....edata...'...P...(..................@..@.rdata.."............8..............@..@.reloc...^.......`...:..............@..B.rsrc...............................@..@.....................t..............@..@................................................................................................

                    Static File Info

                    General

                    File type:Zip archive data, at least v2.0 to extract, compression method=deflate
                    Entropy (8bit):7.991363911773576
                    TrID:
                    • ZIP compressed archive (8000/1) 100.00%
                    File name:AUpdate.exe (3).zip
                    File size:3'208'495 bytes
                    MD5:5a08f70bad9c294ddf25c29e296bf44b
                    SHA1:03b70e93a9bea9cb0fe209f142dc344dd4b94100
                    SHA256:8ac67c9e10ab6d7bddcb64f4d9ac4d7d2b14767c090118c0939cad796c2ab22a
                    SHA512:148a3579ed846ee6996e556f7d882e46a536196ac1777b5315c62f7cca7e1f4d08445902b05e8bdb08ddc17c6c760ebc5bc86281a4eaca6cc5cdaa696b6a1512
                    SSDEEP:49152:rCRhLgnzVs0gRKShUHye4VMfDS4rI1FEjgOiiDLUp4Le34gvrneEj:rCRJgnzy0AKShU1FrI1SM6/+4LO1v7j
                    TLSH:4FE5334858D03CA3F66B6EFA4950DE474A6EB047CEDB01D2DEDE49B3A0CB8C84946717
                    File Content Preview:PK........`jXZ................AUpdate.exe/AUpdate.exe...|....O!.P..#..U..h.R...by-...Yfj.P......*2..nu.F.n......;.........^.u.Je[4])/.....[$B.S.1J..Er....$M.^.......{~}..9.9.9......%........+..U|]|.'I.>......./.M*z}AWW.cS.y..G....a...z.y...V.f.ks......6g.

                    File Icon

                    Icon Hash:1c1c1e4e4ececedc