Edit tour

Windows Analysis Report
wya.exe

Overview

General Information

Sample name:	wya.exe
Analysis ID:	1626875
MD5:	22032821947a09f1b495d76570994e2a
SHA1:	6fb8d6218d00f37f93e0849f35bf45871b23d00e
SHA256:	96ba74cc27b44547d23fe1fa550fc59b4f340dbbca8472d9b4698576751bb189
Infos:

Detection

RedLine, SectopRAT

Score:	100
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected RedLine Stealer

Yara detected SectopRAT

Connects to many ports of the same IP (likely port scanning)

Joe Sandbox ML detected suspicious sample

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Tries to harvest and steal browser information (history, passwords, etc)

Uses known network protocols on non-standard ports

AV process strings found (often used to terminate AV products)

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains long sleeps (>= 3 min)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

HTTP GET or POST without a user agent

Internet Provider seen in connection with other malware

Is looking for software installed on the system

May sleep (evasive loops) to hinder dynamic analysis

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64native

wya.exe (PID: 5640 cmdline: "C:\Users\user\Desktop\wya.exe" MD5: 22032821947A09F1B495D76570994E2A)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
RedLine Stealer	RedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://apophis133.medium.com/redline-technical-analysis-report-5034e16ad152 https://asec.ahnlab.com/en/30445/ https://asec.ahnlab.com/en/35981/ https://asec.ahnlab.com/ko/25837/	https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

⊘No configs have been found

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
wya.exe	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
wya.exe	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
wya.exe	MALWARE_Win_Arechclient2	Detects Arechclient2 RAT	ditekSHen	0xb50d6:$s14: keybd_event 0xbc02e:$v1_1: grabber@ 0xb5c92:$v1_2: <BrowserProfile>k__ 0xb671f:$v1_3: <SystemHardwares>k__ 0xb67de:$v1_5: <ScannedWallets>k__ 0xb686e:$v1_6: <DicrFiles>k__ 0xb684a:$v1_7: <MessageClientFiles>k__ 0xb6c14:$v1_8: <ScanBrowsers>k__BackingField 0xb6c66:$v1_8: <ScanWallets>k__BackingField 0xb6c83:$v1_8: <ScanScreen>k__BackingField 0xb6cbd:$v1_8: <ScanVPN>k__BackingField 0xa85f6:$v1_9: displayName[AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}Local Extension Settingshost 0xa7f02:$v1_10: \sitemanager.xml MB or SELECT * FROM Cookiesconfig

Memory Dumps

Source	Rule	Description	Author
00000000.00000000.93328443160.0000000000C72000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000000.93328443160.0000000000C72000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: wya.exe PID: 5640	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: wya.exe PID: 5640	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: wya.exe PID: 5640	JoeSecurity_SectopRAT	Yara detected SectopRAT	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
0.0.wya.exe.c70000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.0.wya.exe.c70000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0.0.wya.exe.c70000.0.unpack	MALWARE_Win_Arechclient2	Detects Arechclient2 RAT	ditekSHen	0xb50d6:$s14: keybd_event 0xbc02e:$v1_1: grabber@ 0xb5c92:$v1_2: <BrowserProfile>k__ 0xb671f:$v1_3: <SystemHardwares>k__ 0xb67de:$v1_5: <ScannedWallets>k__ 0xb686e:$v1_6: <DicrFiles>k__ 0xb684a:$v1_7: <MessageClientFiles>k__ 0xb6c14:$v1_8: <ScanBrowsers>k__BackingField 0xb6c66:$v1_8: <ScanWallets>k__BackingField 0xb6c83:$v1_8: <ScanScreen>k__BackingField 0xb6cbd:$v1_8: <ScanVPN>k__BackingField 0xa85f6:$v1_9: displayName[AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}Local Extension Settingshost 0xa7f02:$v1_10: \sitemanager.xml MB or SELECT * FROM Cookiesconfig

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-01T00:32:37.464902+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49770	92.255.85.23	9000	TCP
2025-03-01T00:32:38.173742+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49771	92.255.85.23	9000	TCP
2025-03-01T00:32:38.845268+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49772	92.255.85.23	9000	TCP
2025-03-01T00:32:39.519298+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49773	92.255.85.23	9000	TCP
2025-03-01T00:32:40.189418+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49774	92.255.85.23	9000	TCP
2025-03-01T00:32:40.853010+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49775	92.255.85.23	9000	TCP
2025-03-01T00:32:41.519684+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49776	92.255.85.23	9000	TCP
2025-03-01T00:32:42.202141+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49777	92.255.85.23	9000	TCP
2025-03-01T00:32:42.862217+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49778	92.255.85.23	9000	TCP
2025-03-01T00:32:43.546008+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49779	92.255.85.23	9000	TCP
2025-03-01T00:32:44.211444+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49780	92.255.85.23	9000	TCP
2025-03-01T00:32:44.898648+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49781	92.255.85.23	9000	TCP
2025-03-01T00:32:45.598128+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49782	92.255.85.23	9000	TCP
2025-03-01T00:32:46.272477+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49783	92.255.85.23	9000	TCP
2025-03-01T00:32:46.945281+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49784	92.255.85.23	9000	TCP
2025-03-01T00:32:47.624190+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49785	92.255.85.23	9000	TCP
2025-03-01T00:32:48.288902+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49786	92.255.85.23	9000	TCP
2025-03-01T00:32:48.967528+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49787	92.255.85.23	9000	TCP
2025-03-01T00:32:49.647248+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49788	92.255.85.23	9000	TCP
2025-03-01T00:32:50.316488+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49789	92.255.85.23	9000	TCP
2025-03-01T00:32:50.989488+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49790	92.255.85.23	9000	TCP
2025-03-01T00:32:51.701338+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49791	92.255.85.23	9000	TCP
2025-03-01T00:32:52.373230+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49792	92.255.85.23	9000	TCP
2025-03-01T00:32:53.050809+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49793	92.255.85.23	9000	TCP
2025-03-01T00:32:53.725850+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49794	92.255.85.23	9000	TCP
2025-03-01T00:32:54.425040+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49795	92.255.85.23	9000	TCP
2025-03-01T00:32:55.107167+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49796	92.255.85.23	9000	TCP
2025-03-01T00:32:55.769126+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49797	92.255.85.23	9000	TCP
2025-03-01T00:32:56.443061+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49798	92.255.85.23	9000	TCP
2025-03-01T00:32:57.152818+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49799	92.255.85.23	9000	TCP
2025-03-01T00:32:57.816118+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49800	92.255.85.23	9000	TCP
2025-03-01T00:32:58.497271+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49801	92.255.85.23	9000	TCP
2025-03-01T00:32:59.169040+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49802	92.255.85.23	9000	TCP
2025-03-01T00:32:59.829679+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49803	92.255.85.23	9000	TCP
2025-03-01T00:33:00.542977+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49804	92.255.85.23	9000	TCP
2025-03-01T00:33:01.202526+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49805	92.255.85.23	9000	TCP
2025-03-01T00:33:01.887850+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49806	92.255.85.23	9000	TCP
2025-03-01T00:33:02.549470+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49807	92.255.85.23	9000	TCP
2025-03-01T00:33:03.221753+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49808	92.255.85.23	9000	TCP
2025-03-01T00:33:03.923935+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49809	92.255.85.23	9000	TCP
2025-03-01T00:33:04.594930+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49810	92.255.85.23	9000	TCP
2025-03-01T00:33:05.276991+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49811	92.255.85.23	9000	TCP
2025-03-01T00:33:05.937572+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49812	92.255.85.23	9000	TCP
2025-03-01T00:33:06.641567+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49813	92.255.85.23	9000	TCP
2025-03-01T00:33:07.316291+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49814	92.255.85.23	9000	TCP
2025-03-01T00:33:08.024734+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49815	92.255.85.23	9000	TCP
2025-03-01T00:33:08.690388+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49816	92.255.85.23	9000	TCP
2025-03-01T00:33:09.361425+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49817	92.255.85.23	9000	TCP
2025-03-01T00:33:10.040494+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49818	92.255.85.23	9000	TCP
2025-03-01T00:33:10.712841+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49819	92.255.85.23	9000	TCP
2025-03-01T00:33:11.376830+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49820	92.255.85.23	9000	TCP
2025-03-01T00:33:12.048442+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49821	92.255.85.23	9000	TCP
2025-03-01T00:33:12.720756+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49822	92.255.85.23	9000	TCP
2025-03-01T00:33:13.401820+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49823	92.255.85.23	9000	TCP
2025-03-01T00:33:14.072388+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49824	92.255.85.23	9000	TCP
2025-03-01T00:33:14.764205+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49825	92.255.85.23	9000	TCP
2025-03-01T00:33:15.432309+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49826	92.255.85.23	9000	TCP
2025-03-01T00:33:16.089044+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49827	92.255.85.23	9000	TCP
2025-03-01T00:33:16.776756+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49828	92.255.85.23	9000	TCP
2025-03-01T00:33:17.460012+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49829	92.255.85.23	9000	TCP
2025-03-01T00:33:18.133852+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49830	92.255.85.23	9000	TCP
2025-03-01T00:33:18.791390+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49831	92.255.85.23	9000	TCP
2025-03-01T00:33:19.475231+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49832	92.255.85.23	9000	TCP
2025-03-01T00:33:20.146345+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49833	92.255.85.23	9000	TCP
2025-03-01T00:33:20.815720+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49834	92.255.85.23	9000	TCP
2025-03-01T00:33:21.524454+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49835	92.255.85.23	9000	TCP
2025-03-01T00:33:22.194564+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49836	92.255.85.23	9000	TCP
2025-03-01T00:33:22.867076+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49837	92.255.85.23	9000	TCP
2025-03-01T00:33:23.525198+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49838	92.255.85.23	9000	TCP
2025-03-01T00:33:24.196499+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49839	92.255.85.23	9000	TCP
2025-03-01T00:33:24.880890+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49840	92.255.85.23	9000	TCP
2025-03-01T00:33:25.546072+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49841	92.255.85.23	9000	TCP
2025-03-01T00:33:26.224741+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49842	92.255.85.23	9000	TCP
2025-03-01T00:33:26.888983+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49843	92.255.85.23	9000	TCP
2025-03-01T00:33:27.570118+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49844	92.255.85.23	9000	TCP
2025-03-01T00:33:28.239641+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49845	92.255.85.23	9000	TCP
2025-03-01T00:33:28.914580+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49846	92.255.85.23	9000	TCP
2025-03-01T00:33:29.599279+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49847	92.255.85.23	9000	TCP
2025-03-01T00:33:30.271878+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49848	92.255.85.23	9000	TCP
2025-03-01T00:33:30.932369+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49849	92.255.85.23	9000	TCP
2025-03-01T00:33:31.601441+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49850	92.255.85.23	9000	TCP
2025-03-01T00:33:32.286346+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49851	92.255.85.23	9000	TCP
2025-03-01T00:33:32.950142+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49852	92.255.85.23	9000	TCP
2025-03-01T00:33:33.627997+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49853	92.255.85.23	9000	TCP
2025-03-01T00:33:34.288672+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49854	92.255.85.23	9000	TCP
2025-03-01T00:33:35.192984+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49856	92.255.85.23	9000	TCP
2025-03-01T00:33:35.864787+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49857	92.255.85.23	9000	TCP
2025-03-01T00:33:36.527385+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49858	92.255.85.23	9000	TCP
2025-03-01T00:33:37.207278+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49859	92.255.85.23	9000	TCP
2025-03-01T00:33:37.880429+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49860	92.255.85.23	9000	TCP
2025-03-01T00:33:38.543928+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49861	92.255.85.23	9000	TCP
2025-03-01T00:33:39.222407+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49862	92.255.85.23	9000	TCP
2025-03-01T00:33:39.900090+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49863	92.255.85.23	9000	TCP
2025-03-01T00:33:40.602775+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49864	92.255.85.23	9000	TCP
2025-03-01T00:33:41.274807+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49865	92.255.85.23	9000	TCP
2025-03-01T00:33:41.945216+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49867	92.255.85.23	9000	TCP
2025-03-01T00:33:42.628165+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49868	92.255.85.23	9000	TCP
2025-03-01T00:33:43.299230+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49869	92.255.85.23	9000	TCP
2025-03-01T00:33:43.961844+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49870	92.255.85.23	9000	TCP
2025-03-01T00:33:44.642098+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49871	92.255.85.23	9000	TCP
2025-03-01T00:33:45.314160+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49872	92.255.85.23	9000	TCP
2025-03-01T00:33:45.976646+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49873	92.255.85.23	9000	TCP
2025-03-01T00:33:46.658684+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49874	92.255.85.23	9000	TCP
2025-03-01T00:33:47.437063+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49876	92.255.85.23	9000	TCP
2025-03-01T00:33:48.102045+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49877	92.255.85.23	9000	TCP
2025-03-01T00:33:48.772879+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49878	92.255.85.23	9000	TCP
2025-03-01T00:33:49.441531+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49879	92.255.85.23	9000	TCP
2025-03-01T00:33:50.235063+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49881	92.255.85.23	9000	TCP
2025-03-01T00:33:50.907206+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49882	92.255.85.23	9000	TCP
2025-03-01T00:33:51.575624+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49883	92.255.85.23	9000	TCP
2025-03-01T00:33:52.257078+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49884	92.255.85.23	9000	TCP
2025-03-01T00:33:52.926860+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49886	92.255.85.23	9000	TCP
2025-03-01T00:33:53.600000+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49887	92.255.85.23	9000	TCP
2025-03-01T00:33:54.272740+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49888	92.255.85.23	9000	TCP
2025-03-01T00:33:54.950910+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49889	92.255.85.23	9000	TCP
2025-03-01T00:33:55.623630+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49890	92.255.85.23	9000	TCP
2025-03-01T00:33:56.289773+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49892	92.255.85.23	9000	TCP
2025-03-01T00:33:56.972102+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49893	92.255.85.23	9000	TCP
2025-03-01T00:33:57.657714+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49895	92.255.85.23	9000	TCP
2025-03-01T00:33:58.546073+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49897	92.255.85.23	9000	TCP
2025-03-01T00:33:59.225112+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49898	92.255.85.23	9000	TCP
2025-03-01T00:34:00.125697+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49901	92.255.85.23	9000	TCP
2025-03-01T00:34:00.831146+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49903	92.255.85.23	9000	TCP
2025-03-01T00:34:01.836360+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49905	92.255.85.23	9000	TCP
2025-03-01T00:34:03.047703+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49908	92.255.85.23	9000	TCP
2025-03-01T00:34:03.830485+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49910	92.255.85.23	9000	TCP
2025-03-01T00:34:04.505159+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49913	92.255.85.23	9000	TCP
2025-03-01T00:34:05.172916+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49914	92.255.85.23	9000	TCP
2025-03-01T00:34:06.286028+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49918	92.255.85.23	9000	TCP
2025-03-01T00:34:06.966008+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49919	92.255.85.23	9000	TCP
2025-03-01T00:34:07.636838+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49920	92.255.85.23	9000	TCP
2025-03-01T00:34:08.301611+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49921	92.255.85.23	9000	TCP
2025-03-01T00:34:08.981368+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49922	92.255.85.23	9000	TCP
2025-03-01T00:34:09.653794+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49924	92.255.85.23	9000	TCP
2025-03-01T00:34:10.311384+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49925	92.255.85.23	9000	TCP
2025-03-01T00:34:10.984701+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49926	92.255.85.23	9000	TCP
2025-03-01T00:34:11.886123+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49929	92.255.85.23	9000	TCP
2025-03-01T00:34:12.548718+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49930	92.255.85.23	9000	TCP
2025-03-01T00:34:13.361939+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49932	92.255.85.23	9000	TCP
2025-03-01T00:34:14.041349+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49933	92.255.85.23	9000	TCP
2025-03-01T00:34:14.713686+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49935	92.255.85.23	9000	TCP
2025-03-01T00:34:15.919014+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49938	92.255.85.23	9000	TCP
2025-03-01T00:34:17.121806+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49942	92.255.85.23	9000	TCP
2025-03-01T00:34:18.135916+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49944	92.255.85.23	9000	TCP
2025-03-01T00:34:19.134487+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49946	92.255.85.23	9000	TCP
2025-03-01T00:34:19.903176+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49948	92.255.85.23	9000	TCP
2025-03-01T00:34:20.588693+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49950	92.255.85.23	9000	TCP
2025-03-01T00:34:21.290213+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49952	92.255.85.23	9000	TCP
2025-03-01T00:34:21.962557+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49954	92.255.85.23	9000	TCP
2025-03-01T00:34:22.625644+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49955	92.255.85.23	9000	TCP
2025-03-01T00:34:23.320545+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49956	92.255.85.23	9000	TCP
2025-03-01T00:34:23.979751+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49957	92.255.85.23	9000	TCP
2025-03-01T00:34:24.642035+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49958	92.255.85.23	9000	TCP
2025-03-01T00:34:25.318913+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49959	92.255.85.23	9000	TCP
2025-03-01T00:34:25.998814+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49960	92.255.85.23	9000	TCP
2025-03-01T00:34:26.680734+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49961	92.255.85.23	9000	TCP
2025-03-01T00:34:27.757392+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49964	92.255.85.23	9000	TCP
2025-03-01T00:34:28.421104+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49965	92.255.85.23	9000	TCP
2025-03-01T00:34:29.317018+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49968	92.255.85.23	9000	TCP
2025-03-01T00:34:29.977986+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49969	92.255.85.23	9000	TCP
2025-03-01T00:34:30.655940+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49971	92.255.85.23	9000	TCP
2025-03-01T00:34:31.343117+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49973	92.255.85.23	9000	TCP
2025-03-01T00:34:32.021033+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49974	92.255.85.23	9000	TCP
2025-03-01T00:34:32.904780+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49976	92.255.85.23	9000	TCP
2025-03-01T00:34:33.682543+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49978	92.255.85.23	9000	TCP
2025-03-01T00:34:34.481042+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49981	92.255.85.23	9000	TCP
2025-03-01T00:34:35.161398+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49982	92.255.85.23	9000	TCP
2025-03-01T00:34:36.249882+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49985	92.255.85.23	9000	TCP
2025-03-01T00:34:36.928914+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49987	92.255.85.23	9000	TCP
2025-03-01T00:34:37.627592+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49988	92.255.85.23	9000	TCP
2025-03-01T00:34:38.295960+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49990	92.255.85.23	9000	TCP
2025-03-01T00:34:39.005137+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49992	92.255.85.23	9000	TCP
2025-03-01T00:34:39.668509+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49993	92.255.85.23	9000	TCP
2025-03-01T00:34:40.669343+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49995	92.255.85.23	9000	TCP
2025-03-01T00:34:41.456768+0100	2052248	1	A Network Trojan was detected	192.168.11.20	49997	92.255.85.23	9000	TCP
2025-03-01T00:34:42.896406+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50000	92.255.85.23	9000	TCP
2025-03-01T00:34:43.785827+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50003	92.255.85.23	9000	TCP
2025-03-01T00:34:44.466741+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50004	92.255.85.23	9000	TCP
2025-03-01T00:34:45.286141+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50006	92.255.85.23	9000	TCP
2025-03-01T00:34:45.948145+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50007	92.255.85.23	9000	TCP
2025-03-01T00:34:46.628074+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50008	92.255.85.23	9000	TCP
2025-03-01T00:34:47.300169+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50009	92.255.85.23	9000	TCP
2025-03-01T00:34:48.361818+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50011	92.255.85.23	9000	TCP
2025-03-01T00:34:49.134676+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50013	92.255.85.23	9000	TCP
2025-03-01T00:34:49.815797+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50014	92.255.85.23	9000	TCP
2025-03-01T00:34:50.486387+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50016	92.255.85.23	9000	TCP
2025-03-01T00:34:51.156340+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50017	92.255.85.23	9000	TCP
2025-03-01T00:34:51.818377+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50018	92.255.85.23	9000	TCP
2025-03-01T00:34:52.750258+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50021	92.255.85.23	9000	TCP
2025-03-01T00:34:53.423830+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50023	92.255.85.23	9000	TCP
2025-03-01T00:34:54.095064+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50025	92.255.85.23	9000	TCP
2025-03-01T00:34:54.762161+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50026	92.255.85.23	9000	TCP
2025-03-01T00:34:55.437927+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50027	92.255.85.23	9000	TCP
2025-03-01T00:34:56.329287+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50029	92.255.85.23	9000	TCP
2025-03-01T00:34:56.992596+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50031	92.255.85.23	9000	TCP
2025-03-01T00:34:57.992834+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50033	92.255.85.23	9000	TCP
2025-03-01T00:34:59.065641+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50036	92.255.85.23	9000	TCP
2025-03-01T00:34:59.725636+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50038	92.255.85.23	9000	TCP
2025-03-01T00:35:00.435444+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50040	92.255.85.23	9000	TCP
2025-03-01T00:35:01.110380+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50042	92.255.85.23	9000	TCP
2025-03-01T00:35:02.000801+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50045	92.255.85.23	9000	TCP
2025-03-01T00:35:02.998920+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50047	92.255.85.23	9000	TCP
2025-03-01T00:35:03.672315+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50048	92.255.85.23	9000	TCP
2025-03-01T00:35:04.372450+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50050	92.255.85.23	9000	TCP
2025-03-01T00:35:05.034927+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50052	92.255.85.23	9000	TCP
2025-03-01T00:35:05.819442+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50054	92.255.85.23	9000	TCP
2025-03-01T00:35:06.896207+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50056	92.255.85.23	9000	TCP
2025-03-01T00:35:07.576546+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50057	92.255.85.23	9000	TCP
2025-03-01T00:35:08.849617+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50061	92.255.85.23	9000	TCP
2025-03-01T00:35:09.738430+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50064	92.255.85.23	9000	TCP
2025-03-01T00:35:10.418379+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50065	92.255.85.23	9000	TCP
2025-03-01T00:35:12.311569+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50070	92.255.85.23	9000	TCP
2025-03-01T00:35:12.972992+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50072	92.255.85.23	9000	TCP
2025-03-01T00:35:13.644169+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50073	92.255.85.23	9000	TCP
2025-03-01T00:35:14.749898+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50075	92.255.85.23	9000	TCP
2025-03-01T00:35:15.734103+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50077	92.255.85.23	9000	TCP
2025-03-01T00:35:16.895027+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50080	92.255.85.23	9000	TCP
2025-03-01T00:35:17.576889+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50082	92.255.85.23	9000	TCP
2025-03-01T00:35:18.247112+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50084	92.255.85.23	9000	TCP
2025-03-01T00:35:19.781567+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50088	92.255.85.23	9000	TCP
2025-03-01T00:35:20.442017+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50089	92.255.85.23	9000	TCP
2025-03-01T00:35:21.417989+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50092	92.255.85.23	9000	TCP
2025-03-01T00:35:22.077125+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50094	92.255.85.23	9000	TCP
2025-03-01T00:35:23.056922+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50097	92.255.85.23	9000	TCP
2025-03-01T00:35:23.717971+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50099	92.255.85.23	9000	TCP
2025-03-01T00:35:24.386459+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50100	92.255.85.23	9000	TCP
2025-03-01T00:35:25.063138+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50101	92.255.85.23	9000	TCP
2025-03-01T00:35:26.384876+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50105	92.255.85.23	9000	TCP
2025-03-01T00:35:27.055269+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50107	92.255.85.23	9000	TCP
2025-03-01T00:35:27.994909+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50110	92.255.85.23	9000	TCP
2025-03-01T00:35:28.666065+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50111	92.255.85.23	9000	TCP
2025-03-01T00:35:29.338845+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50113	92.255.85.23	9000	TCP
2025-03-01T00:35:29.981647+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50115	92.255.85.23	9000	TCP
2025-03-01T00:35:31.422606+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50119	92.255.85.23	9000	TCP
2025-03-01T00:35:32.108435+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50120	92.255.85.23	9000	TCP
2025-03-01T00:35:32.950032+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50122	92.255.85.23	9000	TCP
2025-03-01T00:35:33.885954+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50125	92.255.85.23	9000	TCP
2025-03-01T00:35:34.532271+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50127	92.255.85.23	9000	TCP
2025-03-01T00:35:35.281703+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50128	92.255.85.23	9000	TCP
2025-03-01T00:35:36.320092+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50130	92.255.85.23	9000	TCP
2025-03-01T00:35:36.967653+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50132	92.255.85.23	9000	TCP
2025-03-01T00:35:37.649201+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50133	92.255.85.23	9000	TCP
2025-03-01T00:35:38.302810+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50135	92.255.85.23	9000	TCP
2025-03-01T00:35:39.131549+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50138	92.255.85.23	9000	TCP
2025-03-01T00:35:39.856120+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50140	92.255.85.23	9000	TCP
2025-03-01T00:35:40.507118+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50141	92.255.85.23	9000	TCP
2025-03-01T00:35:41.164967+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50142	92.255.85.23	9000	TCP
2025-03-01T00:35:41.975947+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50145	92.255.85.23	9000	TCP
2025-03-01T00:35:42.631482+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50146	92.255.85.23	9000	TCP
2025-03-01T00:35:43.912979+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50149	92.255.85.23	9000	TCP
2025-03-01T00:35:44.554896+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50150	92.255.85.23	9000	TCP
2025-03-01T00:35:45.281068+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50151	92.255.85.23	9000	TCP
2025-03-01T00:35:46.279870+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50154	92.255.85.23	9000	TCP
2025-03-01T00:35:47.477646+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50157	92.255.85.23	9000	TCP
2025-03-01T00:35:48.121050+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50159	92.255.85.23	9000	TCP
2025-03-01T00:35:48.761760+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50161	92.255.85.23	9000	TCP
2025-03-01T00:35:49.399700+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50162	92.255.85.23	9000	TCP
2025-03-01T00:35:50.053422+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50164	92.255.85.23	9000	TCP
2025-03-01T00:35:50.692024+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50166	92.255.85.23	9000	TCP
2025-03-01T00:35:51.322429+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50168	92.255.85.23	9000	TCP
2025-03-01T00:35:52.039621+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50171	92.255.85.23	9000	TCP
2025-03-01T00:35:52.759548+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50173	92.255.85.23	9000	TCP
2025-03-01T00:35:53.411693+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50175	92.255.85.23	9000	TCP
2025-03-01T00:35:54.040432+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50177	92.255.85.23	9000	TCP
2025-03-01T00:35:54.693136+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50179	92.255.85.23	9000	TCP
2025-03-01T00:35:55.333060+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50180	92.255.85.23	9000	TCP
2025-03-01T00:35:56.207355+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50183	92.255.85.23	9000	TCP
2025-03-01T00:35:56.844518+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50184	92.255.85.23	9000	TCP
2025-03-01T00:35:57.488149+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50185	92.255.85.23	9000	TCP
2025-03-01T00:35:58.355157+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50187	92.255.85.23	9000	TCP
2025-03-01T00:35:58.990406+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50189	92.255.85.23	9000	TCP
2025-03-01T00:35:59.620589+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50190	92.255.85.23	9000	TCP
2025-03-01T00:36:00.338137+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50191	92.255.85.23	9000	TCP
2025-03-01T00:36:00.957939+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50192	92.255.85.23	9000	TCP
2025-03-01T00:36:01.661588+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50194	92.255.85.23	9000	TCP
2025-03-01T00:36:02.533746+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50196	92.255.85.23	9000	TCP
2025-03-01T00:36:03.865103+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50201	92.255.85.23	9000	TCP
2025-03-01T00:36:04.501564+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50203	92.255.85.23	9000	TCP
2025-03-01T00:36:05.137719+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50204	92.255.85.23	9000	TCP
2025-03-01T00:36:05.782338+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50205	92.255.85.23	9000	TCP
2025-03-01T00:36:06.418188+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50206	92.255.85.23	9000	TCP
2025-03-01T00:36:07.035229+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50208	92.255.85.23	9000	TCP
2025-03-01T00:36:08.242659+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50211	92.255.85.23	9000	TCP
2025-03-01T00:36:08.876610+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50212	92.255.85.23	9000	TCP
2025-03-01T00:36:09.509101+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50214	92.255.85.23	9000	TCP
2025-03-01T00:36:10.323799+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50217	92.255.85.23	9000	TCP
2025-03-01T00:36:11.359537+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50221	92.255.85.23	9000	TCP
2025-03-01T00:36:11.998623+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50222	92.255.85.23	9000	TCP
2025-03-01T00:36:12.620912+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50223	92.255.85.23	9000	TCP
2025-03-01T00:36:13.615845+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50225	92.255.85.23	9000	TCP
2025-03-01T00:36:14.255846+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50226	92.255.85.23	9000	TCP
2025-03-01T00:36:14.893270+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50227	92.255.85.23	9000	TCP
2025-03-01T00:36:15.875728+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50229	92.255.85.23	9000	TCP
2025-03-01T00:36:16.518381+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50231	92.255.85.23	9000	TCP
2025-03-01T00:36:17.157563+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50232	92.255.85.23	9000	TCP
2025-03-01T00:36:17.771862+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50233	92.255.85.23	9000	TCP
2025-03-01T00:36:18.537149+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50235	92.255.85.23	9000	TCP
2025-03-01T00:36:19.421869+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50237	92.255.85.23	9000	TCP
2025-03-01T00:36:20.169991+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50239	92.255.85.23	9000	TCP
2025-03-01T00:36:20.787567+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50240	92.255.85.23	9000	TCP
2025-03-01T00:36:21.421553+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50242	92.255.85.23	9000	TCP
2025-03-01T00:36:22.042389+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50243	92.255.85.23	9000	TCP
2025-03-01T00:36:22.671049+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50244	92.255.85.23	9000	TCP
2025-03-01T00:36:23.637920+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50247	92.255.85.23	9000	TCP
2025-03-01T00:36:24.327208+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50249	92.255.85.23	9000	TCP
2025-03-01T00:36:25.286311+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50252	92.255.85.23	9000	TCP
2025-03-01T00:36:26.113847+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50255	92.255.85.23	9000	TCP
2025-03-01T00:36:27.255210+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50258	92.255.85.23	9000	TCP
2025-03-01T00:36:27.865051+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50260	92.255.85.23	9000	TCP
2025-03-01T00:36:28.497512+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50261	92.255.85.23	9000	TCP
2025-03-01T00:36:29.190552+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50263	92.255.85.23	9000	TCP
2025-03-01T00:36:30.117196+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50266	92.255.85.23	9000	TCP
2025-03-01T00:36:30.743279+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50267	92.255.85.23	9000	TCP
2025-03-01T00:36:31.361606+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50268	92.255.85.23	9000	TCP
2025-03-01T00:36:31.978683+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50269	92.255.85.23	9000	TCP
2025-03-01T00:36:32.597356+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50271	92.255.85.23	9000	TCP
2025-03-01T00:36:33.202319+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50272	92.255.85.23	9000	TCP
2025-03-01T00:36:33.824294+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50274	92.255.85.23	9000	TCP
2025-03-01T00:36:34.448163+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50275	92.255.85.23	9000	TCP
2025-03-01T00:36:35.067362+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50277	92.255.85.23	9000	TCP
2025-03-01T00:36:35.958826+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50280	92.255.85.23	9000	TCP
2025-03-01T00:36:36.938485+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50283	92.255.85.23	9000	TCP
2025-03-01T00:36:37.544242+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50284	92.255.85.23	9000	TCP
2025-03-01T00:36:38.342354+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50286	92.255.85.23	9000	TCP
2025-03-01T00:36:38.957175+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50287	92.255.85.23	9000	TCP
2025-03-01T00:36:39.573287+0100	2052248	1	A Network Trojan was detected	192.168.11.20	50288	92.255.85.23	9000	TCP

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-01T00:32:38.845268+0100	2803305	3	Unknown Traffic	192.168.11.20	49772	92.255.85.23	9000	TCP
2025-03-01T00:32:39.519298+0100	2803305	3	Unknown Traffic	192.168.11.20	49773	92.255.85.23	9000	TCP
2025-03-01T00:32:44.898648+0100	2803305	3	Unknown Traffic	192.168.11.20	49781	92.255.85.23	9000	TCP
2025-03-01T00:32:45.598128+0100	2803305	3	Unknown Traffic	192.168.11.20	49782	92.255.85.23	9000	TCP
2025-03-01T00:32:47.624190+0100	2803305	3	Unknown Traffic	192.168.11.20	49785	92.255.85.23	9000	TCP
2025-03-01T00:32:48.288902+0100	2803305	3	Unknown Traffic	192.168.11.20	49786	92.255.85.23	9000	TCP
2025-03-01T00:32:50.316488+0100	2803305	3	Unknown Traffic	192.168.11.20	49789	92.255.85.23	9000	TCP
2025-03-01T00:32:51.701338+0100	2803305	3	Unknown Traffic	192.168.11.20	49791	92.255.85.23	9000	TCP
2025-03-01T00:32:53.725850+0100	2803305	3	Unknown Traffic	192.168.11.20	49794	92.255.85.23	9000	TCP
2025-03-01T00:32:55.107167+0100	2803305	3	Unknown Traffic	192.168.11.20	49796	92.255.85.23	9000	TCP
2025-03-01T00:32:56.443061+0100	2803305	3	Unknown Traffic	192.168.11.20	49798	92.255.85.23	9000	TCP
2025-03-01T00:33:03.221753+0100	2803305	3	Unknown Traffic	192.168.11.20	49808	92.255.85.23	9000	TCP
2025-03-01T00:33:06.641567+0100	2803305	3	Unknown Traffic	192.168.11.20	49813	92.255.85.23	9000	TCP
2025-03-01T00:33:07.316291+0100	2803305	3	Unknown Traffic	192.168.11.20	49814	92.255.85.23	9000	TCP
2025-03-01T00:33:08.024734+0100	2803305	3	Unknown Traffic	192.168.11.20	49815	92.255.85.23	9000	TCP
2025-03-01T00:33:08.690388+0100	2803305	3	Unknown Traffic	192.168.11.20	49816	92.255.85.23	9000	TCP
2025-03-01T00:33:09.361425+0100	2803305	3	Unknown Traffic	192.168.11.20	49817	92.255.85.23	9000	TCP
2025-03-01T00:33:10.040494+0100	2803305	3	Unknown Traffic	192.168.11.20	49818	92.255.85.23	9000	TCP
2025-03-01T00:33:10.712841+0100	2803305	3	Unknown Traffic	192.168.11.20	49819	92.255.85.23	9000	TCP
2025-03-01T00:33:11.376830+0100	2803305	3	Unknown Traffic	192.168.11.20	49820	92.255.85.23	9000	TCP
2025-03-01T00:33:13.401820+0100	2803305	3	Unknown Traffic	192.168.11.20	49823	92.255.85.23	9000	TCP
2025-03-01T00:33:14.764205+0100	2803305	3	Unknown Traffic	192.168.11.20	49825	92.255.85.23	9000	TCP
2025-03-01T00:33:18.133852+0100	2803305	3	Unknown Traffic	192.168.11.20	49830	92.255.85.23	9000	TCP
2025-03-01T00:33:18.791390+0100	2803305	3	Unknown Traffic	192.168.11.20	49831	92.255.85.23	9000	TCP
2025-03-01T00:33:19.475231+0100	2803305	3	Unknown Traffic	192.168.11.20	49832	92.255.85.23	9000	TCP
2025-03-01T00:33:20.146345+0100	2803305	3	Unknown Traffic	192.168.11.20	49833	92.255.85.23	9000	TCP
2025-03-01T00:33:20.815720+0100	2803305	3	Unknown Traffic	192.168.11.20	49834	92.255.85.23	9000	TCP
2025-03-01T00:33:21.524454+0100	2803305	3	Unknown Traffic	192.168.11.20	49835	92.255.85.23	9000	TCP
2025-03-01T00:33:22.194564+0100	2803305	3	Unknown Traffic	192.168.11.20	49836	92.255.85.23	9000	TCP
2025-03-01T00:33:22.867076+0100	2803305	3	Unknown Traffic	192.168.11.20	49837	92.255.85.23	9000	TCP
2025-03-01T00:33:23.525198+0100	2803305	3	Unknown Traffic	192.168.11.20	49838	92.255.85.23	9000	TCP
2025-03-01T00:33:24.196499+0100	2803305	3	Unknown Traffic	192.168.11.20	49839	92.255.85.23	9000	TCP
2025-03-01T00:33:24.880890+0100	2803305	3	Unknown Traffic	192.168.11.20	49840	92.255.85.23	9000	TCP
2025-03-01T00:33:25.546072+0100	2803305	3	Unknown Traffic	192.168.11.20	49841	92.255.85.23	9000	TCP
2025-03-01T00:33:26.888983+0100	2803305	3	Unknown Traffic	192.168.11.20	49843	92.255.85.23	9000	TCP
2025-03-01T00:33:28.239641+0100	2803305	3	Unknown Traffic	192.168.11.20	49845	92.255.85.23	9000	TCP
2025-03-01T00:33:28.914580+0100	2803305	3	Unknown Traffic	192.168.11.20	49846	92.255.85.23	9000	TCP
2025-03-01T00:33:29.599279+0100	2803305	3	Unknown Traffic	192.168.11.20	49847	92.255.85.23	9000	TCP
2025-03-01T00:33:30.271878+0100	2803305	3	Unknown Traffic	192.168.11.20	49848	92.255.85.23	9000	TCP
2025-03-01T00:33:36.527385+0100	2803305	3	Unknown Traffic	192.168.11.20	49858	92.255.85.23	9000	TCP
2025-03-01T00:33:37.207278+0100	2803305	3	Unknown Traffic	192.168.11.20	49859	92.255.85.23	9000	TCP
2025-03-01T00:33:39.222407+0100	2803305	3	Unknown Traffic	192.168.11.20	49862	92.255.85.23	9000	TCP
2025-03-01T00:33:39.900090+0100	2803305	3	Unknown Traffic	192.168.11.20	49863	92.255.85.23	9000	TCP
2025-03-01T00:33:40.602775+0100	2803305	3	Unknown Traffic	192.168.11.20	49864	92.255.85.23	9000	TCP
2025-03-01T00:33:41.274807+0100	2803305	3	Unknown Traffic	192.168.11.20	49865	92.255.85.23	9000	TCP
2025-03-01T00:33:41.945216+0100	2803305	3	Unknown Traffic	192.168.11.20	49867	92.255.85.23	9000	TCP
2025-03-01T00:33:42.628165+0100	2803305	3	Unknown Traffic	192.168.11.20	49868	92.255.85.23	9000	TCP
2025-03-01T00:33:43.299230+0100	2803305	3	Unknown Traffic	192.168.11.20	49869	92.255.85.23	9000	TCP
2025-03-01T00:33:44.642098+0100	2803305	3	Unknown Traffic	192.168.11.20	49871	92.255.85.23	9000	TCP
2025-03-01T00:33:46.658684+0100	2803305	3	Unknown Traffic	192.168.11.20	49874	92.255.85.23	9000	TCP
2025-03-01T00:33:48.102045+0100	2803305	3	Unknown Traffic	192.168.11.20	49877	92.255.85.23	9000	TCP
2025-03-01T00:33:50.235063+0100	2803305	3	Unknown Traffic	192.168.11.20	49881	92.255.85.23	9000	TCP
2025-03-01T00:33:50.907206+0100	2803305	3	Unknown Traffic	192.168.11.20	49882	92.255.85.23	9000	TCP
2025-03-01T00:33:51.575624+0100	2803305	3	Unknown Traffic	192.168.11.20	49883	92.255.85.23	9000	TCP
2025-03-01T00:33:52.257078+0100	2803305	3	Unknown Traffic	192.168.11.20	49884	92.255.85.23	9000	TCP
2025-03-01T00:33:52.926860+0100	2803305	3	Unknown Traffic	192.168.11.20	49886	92.255.85.23	9000	TCP
2025-03-01T00:33:53.600000+0100	2803305	3	Unknown Traffic	192.168.11.20	49887	92.255.85.23	9000	TCP
2025-03-01T00:33:54.272740+0100	2803305	3	Unknown Traffic	192.168.11.20	49888	92.255.85.23	9000	TCP
2025-03-01T00:33:54.950910+0100	2803305	3	Unknown Traffic	192.168.11.20	49889	92.255.85.23	9000	TCP
2025-03-01T00:33:55.623630+0100	2803305	3	Unknown Traffic	192.168.11.20	49890	92.255.85.23	9000	TCP
2025-03-01T00:33:56.289773+0100	2803305	3	Unknown Traffic	192.168.11.20	49892	92.255.85.23	9000	TCP
2025-03-01T00:33:56.972102+0100	2803305	3	Unknown Traffic	192.168.11.20	49893	92.255.85.23	9000	TCP
2025-03-01T00:33:57.657714+0100	2803305	3	Unknown Traffic	192.168.11.20	49895	92.255.85.23	9000	TCP
2025-03-01T00:33:58.546073+0100	2803305	3	Unknown Traffic	192.168.11.20	49897	92.255.85.23	9000	TCP
2025-03-01T00:33:59.225112+0100	2803305	3	Unknown Traffic	192.168.11.20	49898	92.255.85.23	9000	TCP
2025-03-01T00:34:00.125697+0100	2803305	3	Unknown Traffic	192.168.11.20	49901	92.255.85.23	9000	TCP
2025-03-01T00:34:00.831146+0100	2803305	3	Unknown Traffic	192.168.11.20	49903	92.255.85.23	9000	TCP
2025-03-01T00:34:01.836360+0100	2803305	3	Unknown Traffic	192.168.11.20	49905	92.255.85.23	9000	TCP
2025-03-01T00:34:03.047703+0100	2803305	3	Unknown Traffic	192.168.11.20	49908	92.255.85.23	9000	TCP
2025-03-01T00:34:03.830485+0100	2803305	3	Unknown Traffic	192.168.11.20	49910	92.255.85.23	9000	TCP
2025-03-01T00:34:04.505159+0100	2803305	3	Unknown Traffic	192.168.11.20	49913	92.255.85.23	9000	TCP
2025-03-01T00:34:05.172916+0100	2803305	3	Unknown Traffic	192.168.11.20	49914	92.255.85.23	9000	TCP
2025-03-01T00:34:06.286028+0100	2803305	3	Unknown Traffic	192.168.11.20	49918	92.255.85.23	9000	TCP
2025-03-01T00:34:06.966008+0100	2803305	3	Unknown Traffic	192.168.11.20	49919	92.255.85.23	9000	TCP
2025-03-01T00:34:07.636838+0100	2803305	3	Unknown Traffic	192.168.11.20	49920	92.255.85.23	9000	TCP
2025-03-01T00:34:08.301611+0100	2803305	3	Unknown Traffic	192.168.11.20	49921	92.255.85.23	9000	TCP
2025-03-01T00:34:08.981368+0100	2803305	3	Unknown Traffic	192.168.11.20	49922	92.255.85.23	9000	TCP
2025-03-01T00:34:09.653794+0100	2803305	3	Unknown Traffic	192.168.11.20	49924	92.255.85.23	9000	TCP
2025-03-01T00:34:10.311384+0100	2803305	3	Unknown Traffic	192.168.11.20	49925	92.255.85.23	9000	TCP
2025-03-01T00:34:10.984701+0100	2803305	3	Unknown Traffic	192.168.11.20	49926	92.255.85.23	9000	TCP
2025-03-01T00:34:11.886123+0100	2803305	3	Unknown Traffic	192.168.11.20	49929	92.255.85.23	9000	TCP
2025-03-01T00:34:12.548718+0100	2803305	3	Unknown Traffic	192.168.11.20	49930	92.255.85.23	9000	TCP
2025-03-01T00:34:13.361939+0100	2803305	3	Unknown Traffic	192.168.11.20	49932	92.255.85.23	9000	TCP
2025-03-01T00:34:14.041349+0100	2803305	3	Unknown Traffic	192.168.11.20	49933	92.255.85.23	9000	TCP
2025-03-01T00:34:14.713686+0100	2803305	3	Unknown Traffic	192.168.11.20	49935	92.255.85.23	9000	TCP
2025-03-01T00:34:15.919014+0100	2803305	3	Unknown Traffic	192.168.11.20	49938	92.255.85.23	9000	TCP
2025-03-01T00:34:17.121806+0100	2803305	3	Unknown Traffic	192.168.11.20	49942	92.255.85.23	9000	TCP
2025-03-01T00:34:18.135916+0100	2803305	3	Unknown Traffic	192.168.11.20	49944	92.255.85.23	9000	TCP
2025-03-01T00:34:19.134487+0100	2803305	3	Unknown Traffic	192.168.11.20	49946	92.255.85.23	9000	TCP
2025-03-01T00:34:19.903176+0100	2803305	3	Unknown Traffic	192.168.11.20	49948	92.255.85.23	9000	TCP
2025-03-01T00:34:20.588693+0100	2803305	3	Unknown Traffic	192.168.11.20	49950	92.255.85.23	9000	TCP
2025-03-01T00:34:21.290213+0100	2803305	3	Unknown Traffic	192.168.11.20	49952	92.255.85.23	9000	TCP
2025-03-01T00:34:21.962557+0100	2803305	3	Unknown Traffic	192.168.11.20	49954	92.255.85.23	9000	TCP
2025-03-01T00:34:22.625644+0100	2803305	3	Unknown Traffic	192.168.11.20	49955	92.255.85.23	9000	TCP
2025-03-01T00:34:23.320545+0100	2803305	3	Unknown Traffic	192.168.11.20	49956	92.255.85.23	9000	TCP
2025-03-01T00:34:23.979751+0100	2803305	3	Unknown Traffic	192.168.11.20	49957	92.255.85.23	9000	TCP
2025-03-01T00:34:24.642035+0100	2803305	3	Unknown Traffic	192.168.11.20	49958	92.255.85.23	9000	TCP
2025-03-01T00:34:25.318913+0100	2803305	3	Unknown Traffic	192.168.11.20	49959	92.255.85.23	9000	TCP
2025-03-01T00:34:25.998814+0100	2803305	3	Unknown Traffic	192.168.11.20	49960	92.255.85.23	9000	TCP
2025-03-01T00:34:26.680734+0100	2803305	3	Unknown Traffic	192.168.11.20	49961	92.255.85.23	9000	TCP
2025-03-01T00:34:27.757392+0100	2803305	3	Unknown Traffic	192.168.11.20	49964	92.255.85.23	9000	TCP
2025-03-01T00:34:28.421104+0100	2803305	3	Unknown Traffic	192.168.11.20	49965	92.255.85.23	9000	TCP
2025-03-01T00:34:29.317018+0100	2803305	3	Unknown Traffic	192.168.11.20	49968	92.255.85.23	9000	TCP
2025-03-01T00:34:29.977986+0100	2803305	3	Unknown Traffic	192.168.11.20	49969	92.255.85.23	9000	TCP
2025-03-01T00:34:30.655940+0100	2803305	3	Unknown Traffic	192.168.11.20	49971	92.255.85.23	9000	TCP
2025-03-01T00:34:31.343117+0100	2803305	3	Unknown Traffic	192.168.11.20	49973	92.255.85.23	9000	TCP
2025-03-01T00:34:32.021033+0100	2803305	3	Unknown Traffic	192.168.11.20	49974	92.255.85.23	9000	TCP
2025-03-01T00:34:32.904780+0100	2803305	3	Unknown Traffic	192.168.11.20	49976	92.255.85.23	9000	TCP
2025-03-01T00:34:33.682543+0100	2803305	3	Unknown Traffic	192.168.11.20	49978	92.255.85.23	9000	TCP
2025-03-01T00:34:34.481042+0100	2803305	3	Unknown Traffic	192.168.11.20	49981	92.255.85.23	9000	TCP
2025-03-01T00:34:35.161398+0100	2803305	3	Unknown Traffic	192.168.11.20	49982	92.255.85.23	9000	TCP
2025-03-01T00:34:36.249882+0100	2803305	3	Unknown Traffic	192.168.11.20	49985	92.255.85.23	9000	TCP
2025-03-01T00:34:36.928914+0100	2803305	3	Unknown Traffic	192.168.11.20	49987	92.255.85.23	9000	TCP
2025-03-01T00:34:37.627592+0100	2803305	3	Unknown Traffic	192.168.11.20	49988	92.255.85.23	9000	TCP
2025-03-01T00:34:38.295960+0100	2803305	3	Unknown Traffic	192.168.11.20	49990	92.255.85.23	9000	TCP
2025-03-01T00:34:39.005137+0100	2803305	3	Unknown Traffic	192.168.11.20	49992	92.255.85.23	9000	TCP
2025-03-01T00:34:39.668509+0100	2803305	3	Unknown Traffic	192.168.11.20	49993	92.255.85.23	9000	TCP
2025-03-01T00:34:40.669343+0100	2803305	3	Unknown Traffic	192.168.11.20	49995	92.255.85.23	9000	TCP
2025-03-01T00:34:41.456768+0100	2803305	3	Unknown Traffic	192.168.11.20	49997	92.255.85.23	9000	TCP
2025-03-01T00:34:42.896406+0100	2803305	3	Unknown Traffic	192.168.11.20	50000	92.255.85.23	9000	TCP
2025-03-01T00:34:43.785827+0100	2803305	3	Unknown Traffic	192.168.11.20	50003	92.255.85.23	9000	TCP
2025-03-01T00:34:44.466741+0100	2803305	3	Unknown Traffic	192.168.11.20	50004	92.255.85.23	9000	TCP
2025-03-01T00:34:45.286141+0100	2803305	3	Unknown Traffic	192.168.11.20	50006	92.255.85.23	9000	TCP
2025-03-01T00:34:45.948145+0100	2803305	3	Unknown Traffic	192.168.11.20	50007	92.255.85.23	9000	TCP
2025-03-01T00:34:46.628074+0100	2803305	3	Unknown Traffic	192.168.11.20	50008	92.255.85.23	9000	TCP
2025-03-01T00:34:47.300169+0100	2803305	3	Unknown Traffic	192.168.11.20	50009	92.255.85.23	9000	TCP
2025-03-01T00:34:48.361818+0100	2803305	3	Unknown Traffic	192.168.11.20	50011	92.255.85.23	9000	TCP
2025-03-01T00:34:49.134676+0100	2803305	3	Unknown Traffic	192.168.11.20	50013	92.255.85.23	9000	TCP
2025-03-01T00:34:49.815797+0100	2803305	3	Unknown Traffic	192.168.11.20	50014	92.255.85.23	9000	TCP
2025-03-01T00:34:50.486387+0100	2803305	3	Unknown Traffic	192.168.11.20	50016	92.255.85.23	9000	TCP
2025-03-01T00:34:51.156340+0100	2803305	3	Unknown Traffic	192.168.11.20	50017	92.255.85.23	9000	TCP
2025-03-01T00:34:51.818377+0100	2803305	3	Unknown Traffic	192.168.11.20	50018	92.255.85.23	9000	TCP
2025-03-01T00:34:52.750258+0100	2803305	3	Unknown Traffic	192.168.11.20	50021	92.255.85.23	9000	TCP
2025-03-01T00:34:53.423830+0100	2803305	3	Unknown Traffic	192.168.11.20	50023	92.255.85.23	9000	TCP
2025-03-01T00:34:54.095064+0100	2803305	3	Unknown Traffic	192.168.11.20	50025	92.255.85.23	9000	TCP
2025-03-01T00:34:54.762161+0100	2803305	3	Unknown Traffic	192.168.11.20	50026	92.255.85.23	9000	TCP
2025-03-01T00:34:55.437927+0100	2803305	3	Unknown Traffic	192.168.11.20	50027	92.255.85.23	9000	TCP
2025-03-01T00:34:56.329287+0100	2803305	3	Unknown Traffic	192.168.11.20	50029	92.255.85.23	9000	TCP
2025-03-01T00:34:56.992596+0100	2803305	3	Unknown Traffic	192.168.11.20	50031	92.255.85.23	9000	TCP
2025-03-01T00:34:57.992834+0100	2803305	3	Unknown Traffic	192.168.11.20	50033	92.255.85.23	9000	TCP
2025-03-01T00:34:59.065641+0100	2803305	3	Unknown Traffic	192.168.11.20	50036	92.255.85.23	9000	TCP
2025-03-01T00:34:59.725636+0100	2803305	3	Unknown Traffic	192.168.11.20	50038	92.255.85.23	9000	TCP
2025-03-01T00:35:00.435444+0100	2803305	3	Unknown Traffic	192.168.11.20	50040	92.255.85.23	9000	TCP
2025-03-01T00:35:01.110380+0100	2803305	3	Unknown Traffic	192.168.11.20	50042	92.255.85.23	9000	TCP
2025-03-01T00:35:02.000801+0100	2803305	3	Unknown Traffic	192.168.11.20	50045	92.255.85.23	9000	TCP
2025-03-01T00:35:02.998920+0100	2803305	3	Unknown Traffic	192.168.11.20	50047	92.255.85.23	9000	TCP
2025-03-01T00:35:03.672315+0100	2803305	3	Unknown Traffic	192.168.11.20	50048	92.255.85.23	9000	TCP
2025-03-01T00:35:04.372450+0100	2803305	3	Unknown Traffic	192.168.11.20	50050	92.255.85.23	9000	TCP
2025-03-01T00:35:05.034927+0100	2803305	3	Unknown Traffic	192.168.11.20	50052	92.255.85.23	9000	TCP
2025-03-01T00:35:05.819442+0100	2803305	3	Unknown Traffic	192.168.11.20	50054	92.255.85.23	9000	TCP
2025-03-01T00:35:06.896207+0100	2803305	3	Unknown Traffic	192.168.11.20	50056	92.255.85.23	9000	TCP
2025-03-01T00:35:07.576546+0100	2803305	3	Unknown Traffic	192.168.11.20	50057	92.255.85.23	9000	TCP
2025-03-01T00:35:08.849617+0100	2803305	3	Unknown Traffic	192.168.11.20	50061	92.255.85.23	9000	TCP
2025-03-01T00:35:09.738430+0100	2803305	3	Unknown Traffic	192.168.11.20	50064	92.255.85.23	9000	TCP
2025-03-01T00:35:10.418379+0100	2803305	3	Unknown Traffic	192.168.11.20	50065	92.255.85.23	9000	TCP
2025-03-01T00:35:12.972992+0100	2803305	3	Unknown Traffic	192.168.11.20	50072	92.255.85.23	9000	TCP
2025-03-01T00:35:13.644169+0100	2803305	3	Unknown Traffic	192.168.11.20	50073	92.255.85.23	9000	TCP
2025-03-01T00:35:14.749898+0100	2803305	3	Unknown Traffic	192.168.11.20	50075	92.255.85.23	9000	TCP
2025-03-01T00:35:15.734103+0100	2803305	3	Unknown Traffic	192.168.11.20	50077	92.255.85.23	9000	TCP
2025-03-01T00:35:16.895027+0100	2803305	3	Unknown Traffic	192.168.11.20	50080	92.255.85.23	9000	TCP
2025-03-01T00:35:17.576889+0100	2803305	3	Unknown Traffic	192.168.11.20	50082	92.255.85.23	9000	TCP
2025-03-01T00:35:18.247112+0100	2803305	3	Unknown Traffic	192.168.11.20	50084	92.255.85.23	9000	TCP
2025-03-01T00:35:19.781567+0100	2803305	3	Unknown Traffic	192.168.11.20	50088	92.255.85.23	9000	TCP
2025-03-01T00:35:20.442017+0100	2803305	3	Unknown Traffic	192.168.11.20	50089	92.255.85.23	9000	TCP
2025-03-01T00:35:21.417989+0100	2803305	3	Unknown Traffic	192.168.11.20	50092	92.255.85.23	9000	TCP
2025-03-01T00:35:22.077125+0100	2803305	3	Unknown Traffic	192.168.11.20	50094	92.255.85.23	9000	TCP
2025-03-01T00:35:23.056922+0100	2803305	3	Unknown Traffic	192.168.11.20	50097	92.255.85.23	9000	TCP
2025-03-01T00:35:23.717971+0100	2803305	3	Unknown Traffic	192.168.11.20	50099	92.255.85.23	9000	TCP
2025-03-01T00:35:24.386459+0100	2803305	3	Unknown Traffic	192.168.11.20	50100	92.255.85.23	9000	TCP
2025-03-01T00:35:25.063138+0100	2803305	3	Unknown Traffic	192.168.11.20	50101	92.255.85.23	9000	TCP
2025-03-01T00:35:26.384876+0100	2803305	3	Unknown Traffic	192.168.11.20	50105	92.255.85.23	9000	TCP
2025-03-01T00:35:27.055269+0100	2803305	3	Unknown Traffic	192.168.11.20	50107	92.255.85.23	9000	TCP
2025-03-01T00:35:27.994909+0100	2803305	3	Unknown Traffic	192.168.11.20	50110	92.255.85.23	9000	TCP
2025-03-01T00:35:28.666065+0100	2803305	3	Unknown Traffic	192.168.11.20	50111	92.255.85.23	9000	TCP
2025-03-01T00:35:29.338845+0100	2803305	3	Unknown Traffic	192.168.11.20	50113	92.255.85.23	9000	TCP
2025-03-01T00:35:29.981647+0100	2803305	3	Unknown Traffic	192.168.11.20	50115	92.255.85.23	9000	TCP
2025-03-01T00:35:31.422606+0100	2803305	3	Unknown Traffic	192.168.11.20	50119	92.255.85.23	9000	TCP
2025-03-01T00:35:32.108435+0100	2803305	3	Unknown Traffic	192.168.11.20	50120	92.255.85.23	9000	TCP
2025-03-01T00:35:32.950032+0100	2803305	3	Unknown Traffic	192.168.11.20	50122	92.255.85.23	9000	TCP
2025-03-01T00:35:33.885954+0100	2803305	3	Unknown Traffic	192.168.11.20	50125	92.255.85.23	9000	TCP
2025-03-01T00:35:34.532271+0100	2803305	3	Unknown Traffic	192.168.11.20	50127	92.255.85.23	9000	TCP
2025-03-01T00:35:35.281703+0100	2803305	3	Unknown Traffic	192.168.11.20	50128	92.255.85.23	9000	TCP
2025-03-01T00:35:36.320092+0100	2803305	3	Unknown Traffic	192.168.11.20	50130	92.255.85.23	9000	TCP
2025-03-01T00:35:36.967653+0100	2803305	3	Unknown Traffic	192.168.11.20	50132	92.255.85.23	9000	TCP
2025-03-01T00:35:37.649201+0100	2803305	3	Unknown Traffic	192.168.11.20	50133	92.255.85.23	9000	TCP
2025-03-01T00:35:38.302810+0100	2803305	3	Unknown Traffic	192.168.11.20	50135	92.255.85.23	9000	TCP
2025-03-01T00:35:39.131549+0100	2803305	3	Unknown Traffic	192.168.11.20	50138	92.255.85.23	9000	TCP
2025-03-01T00:35:39.856120+0100	2803305	3	Unknown Traffic	192.168.11.20	50140	92.255.85.23	9000	TCP
2025-03-01T00:35:40.507118+0100	2803305	3	Unknown Traffic	192.168.11.20	50141	92.255.85.23	9000	TCP
2025-03-01T00:35:41.164967+0100	2803305	3	Unknown Traffic	192.168.11.20	50142	92.255.85.23	9000	TCP
2025-03-01T00:35:41.975947+0100	2803305	3	Unknown Traffic	192.168.11.20	50145	92.255.85.23	9000	TCP
2025-03-01T00:35:42.631482+0100	2803305	3	Unknown Traffic	192.168.11.20	50146	92.255.85.23	9000	TCP
2025-03-01T00:35:43.912979+0100	2803305	3	Unknown Traffic	192.168.11.20	50149	92.255.85.23	9000	TCP
2025-03-01T00:35:44.554896+0100	2803305	3	Unknown Traffic	192.168.11.20	50150	92.255.85.23	9000	TCP
2025-03-01T00:35:45.281068+0100	2803305	3	Unknown Traffic	192.168.11.20	50151	92.255.85.23	9000	TCP
2025-03-01T00:35:46.279870+0100	2803305	3	Unknown Traffic	192.168.11.20	50154	92.255.85.23	9000	TCP
2025-03-01T00:35:47.477646+0100	2803305	3	Unknown Traffic	192.168.11.20	50157	92.255.85.23	9000	TCP
2025-03-01T00:35:48.121050+0100	2803305	3	Unknown Traffic	192.168.11.20	50159	92.255.85.23	9000	TCP
2025-03-01T00:35:48.761760+0100	2803305	3	Unknown Traffic	192.168.11.20	50161	92.255.85.23	9000	TCP
2025-03-01T00:35:49.399700+0100	2803305	3	Unknown Traffic	192.168.11.20	50162	92.255.85.23	9000	TCP
2025-03-01T00:35:50.053422+0100	2803305	3	Unknown Traffic	192.168.11.20	50164	92.255.85.23	9000	TCP
2025-03-01T00:35:50.692024+0100	2803305	3	Unknown Traffic	192.168.11.20	50166	92.255.85.23	9000	TCP
2025-03-01T00:35:51.322429+0100	2803305	3	Unknown Traffic	192.168.11.20	50168	92.255.85.23	9000	TCP
2025-03-01T00:35:52.039621+0100	2803305	3	Unknown Traffic	192.168.11.20	50171	92.255.85.23	9000	TCP
2025-03-01T00:35:52.759548+0100	2803305	3	Unknown Traffic	192.168.11.20	50173	92.255.85.23	9000	TCP
2025-03-01T00:35:53.411693+0100	2803305	3	Unknown Traffic	192.168.11.20	50175	92.255.85.23	9000	TCP
2025-03-01T00:35:54.040432+0100	2803305	3	Unknown Traffic	192.168.11.20	50177	92.255.85.23	9000	TCP
2025-03-01T00:35:54.693136+0100	2803305	3	Unknown Traffic	192.168.11.20	50179	92.255.85.23	9000	TCP
2025-03-01T00:35:55.333060+0100	2803305	3	Unknown Traffic	192.168.11.20	50180	92.255.85.23	9000	TCP
2025-03-01T00:35:56.207355+0100	2803305	3	Unknown Traffic	192.168.11.20	50183	92.255.85.23	9000	TCP
2025-03-01T00:35:56.844518+0100	2803305	3	Unknown Traffic	192.168.11.20	50184	92.255.85.23	9000	TCP
2025-03-01T00:35:57.488149+0100	2803305	3	Unknown Traffic	192.168.11.20	50185	92.255.85.23	9000	TCP
2025-03-01T00:35:58.355157+0100	2803305	3	Unknown Traffic	192.168.11.20	50187	92.255.85.23	9000	TCP
2025-03-01T00:35:58.990406+0100	2803305	3	Unknown Traffic	192.168.11.20	50189	92.255.85.23	9000	TCP
2025-03-01T00:36:04.501564+0100	2803305	3	Unknown Traffic	192.168.11.20	50203	92.255.85.23	9000	TCP
2025-03-01T00:36:05.137719+0100	2803305	3	Unknown Traffic	192.168.11.20	50204	92.255.85.23	9000	TCP
2025-03-01T00:36:05.782338+0100	2803305	3	Unknown Traffic	192.168.11.20	50205	92.255.85.23	9000	TCP
2025-03-01T00:36:06.418188+0100	2803305	3	Unknown Traffic	192.168.11.20	50206	92.255.85.23	9000	TCP
2025-03-01T00:36:07.035229+0100	2803305	3	Unknown Traffic	192.168.11.20	50208	92.255.85.23	9000	TCP
2025-03-01T00:36:08.242659+0100	2803305	3	Unknown Traffic	192.168.11.20	50211	92.255.85.23	9000	TCP
2025-03-01T00:36:08.876610+0100	2803305	3	Unknown Traffic	192.168.11.20	50212	92.255.85.23	9000	TCP
2025-03-01T00:36:09.509101+0100	2803305	3	Unknown Traffic	192.168.11.20	50214	92.255.85.23	9000	TCP
2025-03-01T00:36:10.323799+0100	2803305	3	Unknown Traffic	192.168.11.20	50217	92.255.85.23	9000	TCP
2025-03-01T00:36:11.359537+0100	2803305	3	Unknown Traffic	192.168.11.20	50221	92.255.85.23	9000	TCP
2025-03-01T00:36:11.998623+0100	2803305	3	Unknown Traffic	192.168.11.20	50222	92.255.85.23	9000	TCP
2025-03-01T00:36:12.620912+0100	2803305	3	Unknown Traffic	192.168.11.20	50223	92.255.85.23	9000	TCP
2025-03-01T00:36:15.875728+0100	2803305	3	Unknown Traffic	192.168.11.20	50229	92.255.85.23	9000	TCP
2025-03-01T00:36:16.518381+0100	2803305	3	Unknown Traffic	192.168.11.20	50231	92.255.85.23	9000	TCP
2025-03-01T00:36:17.157563+0100	2803305	3	Unknown Traffic	192.168.11.20	50232	92.255.85.23	9000	TCP
2025-03-01T00:36:17.771862+0100	2803305	3	Unknown Traffic	192.168.11.20	50233	92.255.85.23	9000	TCP
2025-03-01T00:36:18.537149+0100	2803305	3	Unknown Traffic	192.168.11.20	50235	92.255.85.23	9000	TCP
2025-03-01T00:36:19.421869+0100	2803305	3	Unknown Traffic	192.168.11.20	50237	92.255.85.23	9000	TCP
2025-03-01T00:36:20.169991+0100	2803305	3	Unknown Traffic	192.168.11.20	50239	92.255.85.23	9000	TCP
2025-03-01T00:36:20.787567+0100	2803305	3	Unknown Traffic	192.168.11.20	50240	92.255.85.23	9000	TCP
2025-03-01T00:36:21.421553+0100	2803305	3	Unknown Traffic	192.168.11.20	50242	92.255.85.23	9000	TCP
2025-03-01T00:36:22.042389+0100	2803305	3	Unknown Traffic	192.168.11.20	50243	92.255.85.23	9000	TCP
2025-03-01T00:36:22.671049+0100	2803305	3	Unknown Traffic	192.168.11.20	50244	92.255.85.23	9000	TCP
2025-03-01T00:36:23.637920+0100	2803305	3	Unknown Traffic	192.168.11.20	50247	92.255.85.23	9000	TCP
2025-03-01T00:36:24.327208+0100	2803305	3	Unknown Traffic	192.168.11.20	50249	92.255.85.23	9000	TCP
2025-03-01T00:36:27.865051+0100	2803305	3	Unknown Traffic	192.168.11.20	50260	92.255.85.23	9000	TCP
2025-03-01T00:36:30.117196+0100	2803305	3	Unknown Traffic	192.168.11.20	50266	92.255.85.23	9000	TCP
2025-03-01T00:36:30.743279+0100	2803305	3	Unknown Traffic	192.168.11.20	50267	92.255.85.23	9000	TCP
2025-03-01T00:36:31.361606+0100	2803305	3	Unknown Traffic	192.168.11.20	50268	92.255.85.23	9000	TCP
2025-03-01T00:36:31.978683+0100	2803305	3	Unknown Traffic	192.168.11.20	50269	92.255.85.23	9000	TCP
2025-03-01T00:36:32.597356+0100	2803305	3	Unknown Traffic	192.168.11.20	50271	92.255.85.23	9000	TCP
2025-03-01T00:36:33.202319+0100	2803305	3	Unknown Traffic	192.168.11.20	50272	92.255.85.23	9000	TCP
2025-03-01T00:36:33.824294+0100	2803305	3	Unknown Traffic	192.168.11.20	50274	92.255.85.23	9000	TCP
2025-03-01T00:36:34.448163+0100	2803305	3	Unknown Traffic	192.168.11.20	50275	92.255.85.23	9000	TCP
2025-03-01T00:36:35.067362+0100	2803305	3	Unknown Traffic	192.168.11.20	50277	92.255.85.23	9000	TCP
2025-03-01T00:36:36.938485+0100	2803305	3	Unknown Traffic	192.168.11.20	50283	92.255.85.23	9000	TCP
2025-03-01T00:36:37.544242+0100	2803305	3	Unknown Traffic	192.168.11.20	50284	92.255.85.23	9000	TCP
2025-03-01T00:36:38.342354+0100	2803305	3	Unknown Traffic	192.168.11.20	50286	92.255.85.23	9000	TCP
2025-03-01T00:36:38.957175+0100	2803305	3	Unknown Traffic	192.168.11.20	50287	92.255.85.23	9000	TCP
2025-03-01T00:36:39.573287+0100	2803305	3	Unknown Traffic	192.168.11.20	50288	92.255.85.23	9000	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: wya.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: wya.exe	ReversingLabs: Detection: 76%
Source: wya.exe	Virustotal: Detection: 79%			Perma Link

Joe Sandbox ML detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_06ADF800 CryptUnprotectData,		0_2_06ADF800
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_06ADFEE8 CryptUnprotectData,		0_2_06ADFEE8

Source: wya.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\wya.exe

Code function: 4x nop then jmp 076876ECh

0_2_076870DD

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49795 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49771 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49782 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49772 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49773 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49778 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49789 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49776 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49774 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49808 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49770 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49797 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49790 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49779 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49784 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49780 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49775 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49777 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49837 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49822 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49801 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49814 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49802 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49791 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49785 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49806 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49793 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49825 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49800 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49809 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49812 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49803 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49821 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49798 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49807 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49783 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49781 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49843 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49787 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49829 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49788 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49823 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49813 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49820 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49860 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49804 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49848 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49824 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49833 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49792 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49839 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49799 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49830 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49794 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49850 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49828 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49818 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49815 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49826 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49836 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49819 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49827 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49838 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49810 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49831 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49869 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49832 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49834 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49841 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49876 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49840 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49842 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49863 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49879 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49845 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49849 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49835 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49811 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49873 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49883 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49857 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49844 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49846 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49865 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49861 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49847 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49852 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49816 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49882 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49872 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49858 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49868 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49853 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49854 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49886 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49856 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49884 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49881 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49878 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49862 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49786 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49859 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49887 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49864 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49867 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49871 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49889 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49874 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49796 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49877 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49805 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49817 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49870 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49888 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49893 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49895 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49851 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49898 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49901 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49903 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49905 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49908 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49910 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49890 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49892 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49913 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49914 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49918 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49919 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49920 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49924 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49897 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49922 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49925 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49926 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49930 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49932 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49933 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49935 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49942 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49944 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49946 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49948 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49950 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49952 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49956 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49957 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49958 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49959 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49960 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49961 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49964 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49938 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49954 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49965 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49968 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49969 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49971 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49973 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49976 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49978 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49981 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49985 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49987 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49988 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49921 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49990 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49993 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49995 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50000 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50004 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50006 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50008 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50009 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50011 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50014 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50021 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50018 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50013 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50017 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50027 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50038 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50023 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50040 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50042 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50048 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50050 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50056 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50026 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50047 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50064 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50054 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50072 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50084 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50057 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50082 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50094 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50052 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50099 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50101 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50089 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50088 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50073 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50115 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50125 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50127 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50110 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50065 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50080 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50107 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50145 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50132 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50119 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50070 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50141 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50150 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50151 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50092 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50149 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50142 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50164 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50157 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50105 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50128 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49982 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50154 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50097 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50184 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50180 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50003 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50135 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50189 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50146 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50007 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50175 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50111 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50162 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50196 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50201 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50166 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50033 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50159 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50192 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50016 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50133 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50203 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50177 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50194 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50171 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50204 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50208 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50206 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50025 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50045 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50217 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50138 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50214 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50227 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50221 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50222 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50061 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50225 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50173 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50075 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50191 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50237 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50239 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50120 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50240 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50223 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50100 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50243 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50122 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50244 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50226 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50252 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50258 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50247 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50229 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50249 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50261 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50263 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50267 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50269 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50161 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50242 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50268 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50271 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50185 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50187 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50212 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50272 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49929 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50274 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50233 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50275 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50280 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50283 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49955 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49997 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50029 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50113 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50284 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50286 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50287 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49974 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:49992 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50288 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50036 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50031 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50077 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50140 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50130 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50168 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50211 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50179 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50231 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50183 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50232 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50190 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50205 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50235 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50255 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50260 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50266 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.11.20:50277 -> 92.255.85.23:9000

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 92.255.85.23 ports 9000,1,4,5,7,8,15847

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 49948 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 49959 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 49982 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 49993 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 50029 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 50042 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 50052 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 50064 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 50065 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 50070 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 50072 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 50077 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 50082 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 50084 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 50088 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 50089 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 50092 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 50094 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 50097 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50097
Source: unknown	Network traffic detected: HTTP traffic on port 50099 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50099
Source: unknown	Network traffic detected: HTTP traffic on port 50100 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 50101 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50101
Source: unknown	Network traffic detected: HTTP traffic on port 50105 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 50107 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 50110 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 50111 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 50113 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 50115 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 50119 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 50120 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 50122 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50122
Source: unknown	Network traffic detected: HTTP traffic on port 50125 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50125
Source: unknown	Network traffic detected: HTTP traffic on port 50127 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 50130 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50130
Source: unknown	Network traffic detected: HTTP traffic on port 50132 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50132
Source: unknown	Network traffic detected: HTTP traffic on port 50133 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50133
Source: unknown	Network traffic detected: HTTP traffic on port 50135 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50135
Source: unknown	Network traffic detected: HTTP traffic on port 50138 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50138
Source: unknown	Network traffic detected: HTTP traffic on port 50140 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50140
Source: unknown	Network traffic detected: HTTP traffic on port 50141 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50141
Source: unknown	Network traffic detected: HTTP traffic on port 50142 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50142
Source: unknown	Network traffic detected: HTTP traffic on port 50145 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50145
Source: unknown	Network traffic detected: HTTP traffic on port 50146 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50146
Source: unknown	Network traffic detected: HTTP traffic on port 50149 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50149

Source: global traffic

TCP traffic: 192.168.11.20:49769 -> 92.255.85.23:15847

Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000

Source: Joe Sandbox View

ASN Name: SOVTEL-ASRU SOVTEL-ASRU

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49808 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49782 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49772 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49773 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49789 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49814 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49837 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49781 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49791 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49785 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49825 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49798 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49843 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49823 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49813 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49820 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49848 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49833 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49839 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49830 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49794 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49818 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49815 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49836 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49819 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49838 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49831 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49869 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49841 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49832 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49834 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49840 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49863 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49845 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49835 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49883 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49846 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49865 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49847 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49816 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49882 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49858 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49868 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49886 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49884 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49881 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49862 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49786 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49859 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49887 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49864 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49867 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49871 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49889 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49874 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49796 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49877 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49817 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49888 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49893 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49895 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49898 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49901 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49903 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49905 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49908 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49910 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49890 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49892 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49913 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49914 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49918 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49919 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49920 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49924 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49897 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49922 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49925 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49926 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49930 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49932 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49933 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49935 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49942 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49944 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49946 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49948 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49950 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49952 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49956 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49957 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49958 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49959 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49960 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49961 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49964 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49938 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49954 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49965 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49968 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49969 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49971 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49973 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49976 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49978 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49981 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49985 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49987 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49988 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49921 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49990 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49993 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49995 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50000 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50004 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50006 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50008 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50009 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50011 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50014 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50021 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50018 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50013 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50017 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50027 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50038 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50023 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50040 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50042 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50048 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50050 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50056 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50026 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50047 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50064 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50054 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50072 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50084 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50057 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50082 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50094 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50052 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50099 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50101 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50089 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50088 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50073 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50115 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50125 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50110 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50127 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50065 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50080 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50107 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50145 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50132 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50119 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50141 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50150 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50151 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50092 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50149 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50142 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50164 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50157 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50105 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50128 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49982 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50154 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50097 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50184 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50180 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50003 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50135 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50189 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50146 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50007 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50175 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50111 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50162 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50166 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50033 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50159 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50016 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50133 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50203 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50177 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50171 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50204 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50045 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50208 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50206 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50025 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50217 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50138 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50214 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50221 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50222 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50061 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50173 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50075 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50237 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50239 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50120 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50240 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50223 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50100 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50243 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50122 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50244 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50247 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50249 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50229 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50267 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50269 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50161 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50242 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50268 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50271 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50185 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50187 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50212 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50272 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49929 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50274 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50233 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50275 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50283 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49955 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49997 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50029 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50113 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50284 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50286 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50287 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49974 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49992 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50288 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50036 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50031 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50077 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50140 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50130 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50168 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50211 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50179 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50231 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50183 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50232 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50205 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50235 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50260 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50266 -> 92.255.85.23:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:50277 -> 92.255.85.23:9000

Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.85.23

Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC HTTP/1.1Host: 92.255.85.23:9000

Source: wya.exe, 00000000.00000002.95784800098.0000000003407000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ","type":"MediaFoundationOptIn"},{"name":"OptOut","type":"MediaFoundationOptOut"}],"version":1},"web_notification_override":{"applications":[{"applied_policy":"prompt","domain":"www.reddit.com"},{"applied_policy":"prompt","domain":"www.telegraphindia.com"},{"applied_policy":"prompt","domain":"timesofindia.indiatimes.com"},{"applied_policy":"prompt","domain":"pushengage.com"},{"applied_policy":"prompt","domain":"www.timesnownews.com"},{"applied_policy":"prompt","domain":"www.couponrani.com"},{"applied_policy":"prompt","domain":"www.wholesomeyum.com"},{"applied_policy":"prompt","domain":"www.asklaila.com"},{"applied_policy":"prompt","domain":"www.sammobile.com"},{"applied_policy":"prompt","domain":"www.ecuavisa.com"},{"applied_policy":"prompt","domain":"uz.sputniknews.ru"},{"applied_policy":"prompt","domain":"www.ndtv.com"},{"applied_policy":"prompt","domain":"www.elimparcial.com"},{"applied_policy":"prompt","domain":"www.povarenok.ru"},{"applied_policy":"prompt","domain":"www.estadao.com.br"},{"applied_policy":"prompt","domain":"olxpakistan.os.tc"},{"applied_policy":"prompt","domain":"televisa.com"},{"applied_policy":"prompt","domain":"uol.com.br"},{"applied_policy":"prompt","domain":"www.axisbank.com"},{"applied_policy":"prompt","domain":"mutualfund.adityabirlacapital.com"},{"applied_policy":"prompt","domain":"www.facebook.com"},{"applied_policy":"prompt","domain":"www.instagram.com"},{"applied_policy":"prompt","domain":"www.messenger.com"}],"policies":[{"name":"prompt","reason":"","type":"","value":""}],"version":1}},"fre":{"autoimport_spartan_visible_item_completed":true,"oem_bookmarks_set":true,"should_user_see_fre_banner":"C:\\Users\\user\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default"},"hardware_acceleration_mode_previous":true,"is_dsp_recommended":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"Default":{"migration_attempt":0,"migration_version":4},"last_edgeuwp_pin_migration_on_edge_version":"94.0.992.31","last_edgeuwp_pin_migration_on_os_version":"10 Version 20H2 (Build 19042.1165)","last_edgeuwp_pin_migration_success":false},"network_primary_browser":{"browser_name_enum":1,"last_computed_time":"13276780388565220","network_usage":{"browser_with_highest_network_usage":1,"browsers_usage":{"1":100.0},"ie":0}},"network_time":{"network_time_mapping":{"local":1.691263997088662e+12,"network":1.691260396e+12,"ticks":126914944.0,"uncertainty":1220870.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAAb7qWBj3YRSZSg2yN3JOzDEAAAAAoAAABFAGQAZwBlAAAAEGYAAAABAAAgAAAAcjDYF/dB+Ehkggnbhv5UEmuk4qMrV300v/DxeYPr2kcAAAAADoAAAAACAAAgAAAA4Fc7bPPxg5D3HUrv9FeO3M8NoHE1hRCd1+t1vMyMeGIwAAAA60sl/pIpVYUn/pFhWuHqOweLytcqg8K9+apLINEdcjv+lt8eT+qH7hjP4LZPc65wQAAAABgU4kp6fr9r5p49VZoKZkZbDP1PXsAR/6XYDO+DikEUGEeRYwj0k5LNwmmr0tZ5hKexU3XBg6oVvPcKgnBt6go="},"policy":{"last_statistics_update":"13335737596278882"},"profile":{"info_cache":{"Default":{"active_time":1691263997.009407,"avatar_icon":"chrome://theme/IDR_PROFILE_AVATAR_20",
Source: wya.exe, 00000000.00000002.95784800098.00000000037D1000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95784800098.0000000003639000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95784800098.0000000003833000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ","type":"MediaFoundationOptIn"},{"name":"OptOut","type":"MediaFoundationOptOut"}],"version":1},"web_notification_override":{"applications":[{"applied_policy":"prompt","domain":"www.reddit.com"},{"applied_policy":"prompt","domain":"www.telegraphindia.com"},{"applied_policy":"prompt","domain":"timesofindia.indiatimes.com"},{"applied_policy":"prompt","domain":"pushengage.com"},{"applied_policy":"prompt","domain":"www.timesnownews.com"},{"applied_policy":"prompt","domain":"www.couponrani.com"},{"applied_policy":"prompt","domain":"www.wholesomeyum.com"},{"applied_policy":"prompt","domain":"www.asklaila.com"},{"applied_policy":"prompt","domain":"www.sammobile.com"},{"applied_policy":"prompt","domain":"www.ecuavisa.com"},{"applied_policy":"prompt","domain":"uz.sputniknews.ru"},{"applied_policy":"prompt","domain":"www.ndtv.com"},{"applied_policy":"prompt","domain":"www.elimparcial.com"},{"applied_policy":"prompt","domain":"www.povarenok.ru"},{"applied_policy":"prompt","domain":"www.estadao.com.br"},{"applied_policy":"prompt","domain":"olxpakistan.os.tc"},{"applied_policy":"prompt","domain":"televisa.com"},{"applied_policy":"prompt","domain":"uol.com.br"},{"applied_policy":"prompt","domain":"www.axisbank.com"},{"applied_policy":"prompt","domain":"mutualfund.adityabirlacapital.com"},{"applied_policy":"prompt","domain":"www.facebook.com"},{"applied_policy":"prompt","domain":"www.instagram.com"},{"applied_policy":"prompt","domain":"www.messenger.com"}],"policies":[{"name":"prompt","reason":"","type":"","value":""}],"version":1}},"fre":{"autoimport_spartan_visible_item_completed":true,"oem_bookmarks_set":true,"should_user_see_fre_banner":"C:\\Users\\user\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default"},"hardware_acceleration_mode_previous":true,"is_dsp_recommended":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"Default":{"migration_attempt":0,"migration_version":4},"last_edgeuwp_pin_migration_on_edge_version":"94.0.992.31","last_edgeuwp_pin_migration_on_os_version":"10 Version 20H2 (Build 19042.1165)","last_edgeuwp_pin_migration_success":false},"network_primary_browser":{"browser_name_enum":1,"last_computed_time":"13276780388565220","network_usage":{"browser_with_highest_network_usage":1,"browsers_usage":{"1":100.0},"ie":0}},"network_time":{"network_time_mapping":{"local":1.691263997088662e+12,"network":1.691260396e+12,"ticks":126914944.0,"uncertainty":1220870.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAAb7qWBj3YRSZSg2yN3JOzDEAAAAAoAAABFAGQAZwBlAAAAEGYAAAABAAAgAAAAcjDYF/dB+Ehkggnbhv5UEmuk4qMrV300v/DxeYPr2kcAAAAADoAAAAACAAAgAAAA4Fc7bPPxg5D3HUrv9FeO3M8NoHE1hRCd1+t1vMyMeGIwAAAA60sl/pIpVYUn/pFhWuHqOweLytcqg8K9+apLINEdcjv+lt8eT+qH7hjP4LZPc65wQAAAABgU4kp6fr9r5p49VZoKZkZbDP1PXsAR/6XYDO+DikEUGEeRYwj0k5LNwmmr0tZ5hKexU3XBg6oVvPcKgnBt6go="},"policy":{"last_statistics_update":"13335737596278882"},"profile":{"info_cache":{"Default":{"active_time":1691263997.009407,"avatar_icon":"chrome://theme/IDR_PROFILE_AVATAR_20",
Source: wya.exe, 00000000.00000002.95784800098.00000000037D1000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95784800098.0000000003639000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95784800098.0000000003833000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)

Source: wya.exe, 00000000.00000002.95784800098.0000000003221000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95784800098.00000000032F9000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95784800098.00000000032F5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://92.255.85.23:9000
Source: wya.exe, 00000000.00000002.95784800098.00000000032ED000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95784800098.0000000003221000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95784800098.00000000032F9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://92.255.85.23:9000/wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479AC
Source: wya.exe, 00000000.00000002.95784800098.00000000032ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://92.255.85.23:9000/wbinjget?q=DCD19E1DA2479B3D22ABB9ECA2F479ACP
Source: wya.exe, 00000000.00000002.95784800098.0000000003221000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: wya.exe, 00000000.00000002.95802054386.000000000D234000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95802054386.000000000D207000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: wya.exe, 00000000.00000002.95802054386.000000000D234000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95802054386.000000000D207000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: wya.exe, 00000000.00000002.95796982356.000000000B0E6000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95802054386.000000000D207000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: wya.exe, 00000000.00000002.95802054386.000000000C892000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95795185557.0000000009992000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000B292000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95800673725.000000000BEEB000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95784800098.0000000003639000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000A783000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95795185557.000000000A244000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95784800098.0000000003381000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000A7C2000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95795185557.000000000991A000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95784800098.00000000036C0000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000A7B0000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000B140000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95802054386.000000000C656000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95802054386.000000000C664000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95802054386.000000000C8BD000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95784800098.0000000003748000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000B08C000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95802054386.000000000D234000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95784800098.00000000035F2000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000B0E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: wya.exe, 00000000.00000002.95796982356.000000000B2CD000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95802054386.000000000D3F6000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000B273000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95788549805.0000000004C5B000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95784800098.0000000003634000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95795185557.0000000009937000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95784800098.000000000337C000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95784800098.0000000003743000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000B120000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95795185557.0000000009973000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95784800098.00000000037CC000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95784800098.00000000036BB000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000B0C6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab0
Source: wya.exe, 00000000.00000002.95796982356.000000000B0E6000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95802054386.000000000D207000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: wya.exe, 00000000.00000002.95802054386.000000000D234000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95802054386.000000000D207000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gemini.google.com/app?q=
Source: wya.exe, 00000000.00000002.95784800098.0000000003221000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pastebin.com/raw/UPxYyFp8
Source: wya.exe, 00000000.00000002.95784800098.0000000003221000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
Source: wya.exe, 00000000.00000002.95802054386.000000000C892000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95795185557.0000000009992000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000B292000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000B2CD000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95800673725.000000000BEEB000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95802054386.000000000D3F6000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000B273000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95788549805.0000000004C5B000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95784800098.0000000003634000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000A783000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95795185557.000000000A244000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000A7C2000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95795185557.0000000009937000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95795185557.000000000991A000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000A7B0000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95784800098.000000000337C000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95784800098.0000000003743000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000B140000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000B120000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95795185557.0000000009973000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95802054386.000000000C656000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
Source: wya.exe, 00000000.00000002.95802054386.000000000C892000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95795185557.0000000009992000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000B292000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000B2CD000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95800673725.000000000BEEB000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95802054386.000000000D3F6000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000B273000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95788549805.0000000004C5B000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95784800098.0000000003634000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000A783000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95795185557.000000000A244000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000A7C2000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95795185557.0000000009937000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95795185557.000000000991A000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000A7B0000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95784800098.000000000337C000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95784800098.0000000003743000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000B140000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000B120000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95795185557.0000000009973000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95802054386.000000000C656000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: wya.exe, 00000000.00000002.95802054386.000000000C892000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000A783000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95795185557.000000000A244000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000A7B0000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95802054386.000000000C664000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95802054386.000000000C8BD000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95802054386.000000000D234000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95802054386.000000000D207000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: wya.exe, 00000000.00000002.95802054386.000000000C892000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000A783000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95795185557.000000000A244000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000A7B0000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95802054386.000000000C664000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95802054386.000000000C8BD000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95802054386.000000000D234000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95802054386.000000000D207000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
Source: wya.exe, 00000000.00000002.95795185557.0000000009992000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000B292000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000B2CD000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95800673725.000000000BEEB000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95802054386.000000000D3F6000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000B273000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95788549805.0000000004C5B000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95784800098.0000000003634000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95784800098.0000000003639000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95784800098.0000000003381000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000A7C2000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95795185557.0000000009937000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95795185557.000000000991A000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95784800098.00000000036C0000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95784800098.000000000337C000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95784800098.0000000003743000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000B140000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000B120000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95795185557.0000000009973000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95802054386.000000000C656000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95784800098.0000000003748000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

System Summary

Malicious sample detected (through community Yara rule)

Source: wya.exe, type: SAMPLE	Matched rule: Detects Arechclient2 RAT Author: ditekSHen
Source: 0.0.wya.exe.c70000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Arechclient2 RAT Author: ditekSHen

Source: C:\Users\user\Desktop\wya.exe

Process Stats: CPU usage > 6%

Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_031EB7C8	0_2_031EB7C8
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_031E54B8	0_2_031E54B8
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_031E188E	0_2_031E188E
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_031E9E78	0_2_031E9E78
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_031ED738	0_2_031ED738
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_031E7750	0_2_031E7750
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_031E7740	0_2_031E7740
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_031EB7BB	0_2_031EB7BB
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_031ED6EB	0_2_031ED6EB
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_031E5488	0_2_031E5488
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_031E4B34	0_2_031E4B34
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_031E9E73	0_2_031E9E73
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_05E3E728	0_2_05E3E728
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_05E34F00	0_2_05E34F00
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_06ADDF98	0_2_06ADDF98
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_06AD56E0	0_2_06AD56E0
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_06AD56F0	0_2_06AD56F0
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_06ADA63F	0_2_06ADA63F
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_06ADA650	0_2_06ADA650
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_06AD2770	0_2_06AD2770
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_06AD6CB8	0_2_06AD6CB8
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_06ADCC87	0_2_06ADCC87
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_06ADCC98	0_2_06ADCC98
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_06AD6CC8	0_2_06AD6CC8
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_06ADB43B	0_2_06ADB43B
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_06AD1461	0_2_06AD1461
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_06AD1470	0_2_06AD1470
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_06ADB458	0_2_06ADB458
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_06AD7A30	0_2_06AD7A30
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_06AD1B80	0_2_06AD1B80
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_06ADE380	0_2_06ADE380
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_06ADE36F	0_2_06ADE36F
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_06AD1B70	0_2_06AD1B70
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_06AD6089	0_2_06AD6089
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_06AD0040	0_2_06AD0040
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_06AD0910	0_2_06AD0910
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_06ADA167	0_2_06ADA167
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_06ADA178	0_2_06ADA178
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_073BF740	0_2_073BF740
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_073B5BB8	0_2_073B5BB8
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_073BDA38	0_2_073BDA38
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_073BB6B8	0_2_073BB6B8
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_073B0AB0	0_2_073B0AB0
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_073B8EC8	0_2_073B8EC8
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_073B9988	0_2_073B9988
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_073BC9D8	0_2_073BC9D8
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_073BE408	0_2_073BE408
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_073B3078	0_2_073B3078
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_073BF730	0_2_073BF730
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_073B1F20	0_2_073B1F20
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_073B1F12	0_2_073B1F12
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_073BAF00	0_2_073BAF00
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_073B5BA9	0_2_073B5BA9
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_073B87A0	0_2_073B87A0
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_073B8790	0_2_073B8790
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_073BE3F8	0_2_073BE3F8
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_073B7678	0_2_073B7678
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_073B7667	0_2_073B7667
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_073B8EB8	0_2_073B8EB8
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_073B028A	0_2_073B028A
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_073BAEF0	0_2_073BAEF0
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_073BB1B0	0_2_073BB1B0
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_073B9982	0_2_073B9982
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_073B3069	0_2_073B3069
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_073B54B0	0_2_073B54B0
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_073CCB63	0_2_073CCB63
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_073C7B48	0_2_073C7B48
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_073C4BA8	0_2_073C4BA8
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_073C2520	0_2_073C2520
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_073C6D67	0_2_073C6D67
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_073C6030	0_2_073C6030
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_073C9CAD	0_2_073C9CAD
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_073C50C6	0_2_073C50C6
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_073C5770	0_2_073C5770
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_073C8390	0_2_073C8390
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_073C251A	0_2_073C251A
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_073C0030	0_2_073C0030
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_073C0006	0_2_073C0006
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_076815C8	0_2_076815C8
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_07682170	0_2_07682170
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_07680040	0_2_07680040
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_07687B80	0_2_07687B80
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_07680918	0_2_07680918
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_076815AA	0_2_076815AA
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_07682161	0_2_07682161
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_07680006	0_2_07680006
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_07680909	0_2_07680909
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_08121218	0_2_08121218
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_08120448	0_2_08120448
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_08127678	0_2_08127678
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_073C0040	0_2_073C0040

Source: wya.exe, 00000000.00000000.93328659005.0000000000D30000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenametttrgggrrrt.exe" vs wya.exe
Source: wya.exe, 00000000.00000002.95784800098.0000000003221000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs wya.exe
Source: wya.exe, 00000000.00000002.95782968330.000000000114E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs wya.exe
Source: wya.exe, 00000000.00000002.95793538465.00000000077F9000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameUNKNOWN_FILET vs wya.exe
Source: wya.exe	Binary or memory string: OriginalFilenametttrgggrrrt.exe" vs wya.exe

Source: wya.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: wya.exe, type: SAMPLE	Matched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
Source: 0.0.wya.exe.c70000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/80@0/1

Source: C:\Users\user\Desktop\wya.exe

File created: C:\Users\user\AppData\Local\Yandex

Jump to behavior

Source: C:\Users\user\Desktop\wya.exe	Mutant created: NULL
Source: C:\Users\user\Desktop\wya.exe	Mutant created: \Sessions\1\BaseNamedObjects\7f66e01a92e141d4a55aa3c62fd91510

Source: C:\Users\user\Desktop\wya.exe

File created: C:\Users\user\AppData\Local\Temp\tmp88A4.tmp

Jump to behavior

Source: wya.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: wya.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%

Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\wya.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: wya.exe, 00000000.00000002.95802054386.000000000C89D000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95802054386.000000000C66F000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95802054386.000000000C8C4000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95802054386.000000000D239000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95802054386.000000000D212000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95795185557.000000000A249000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000A78E000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000A7B5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE benefit_merchant_domains (benefit_id VARCHAR NOT NULL, merchant_domain VARCHAR NOT NULL)U;
Source: wya.exe, 00000000.00000002.95800673725.000000000BEE8000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95795185557.0000000009990000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95784800098.000000000373D000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95802054386.000000000D3F0000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000B26D000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95795185557.0000000009918000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95784800098.0000000003377000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000B0C1000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000B11B000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000B13D000.00000004.00000800.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95796982356.000000000A7BA000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "autofill_profile_edge_extended" ( guid VARCHAR PRIMARY KEY, date_of_birth_day VARCHAR, date_of_birth_month VARCHAR, date_of_birth_year VARCHAR, source INTEGER NOT NULL DEFAULT 0, source_id VARCHAR)[;

Source: wya.exe	ReversingLabs: Detection: 76%
Source: wya.exe	Virustotal: Detection: 79%

Source: C:\Users\user\Desktop\wya.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: C:\Users\user\Desktop\wya.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32

Jump to behavior

Source: wya.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_05E3B510 push es; ret	0_2_05E3B520
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_05E3B761 push B806851Dh; retf	0_2_05E3B76D
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_06AD9688 pushfd ; iretd	0_2_06AD96C9
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_06ADD788 pushfd ; iretd	0_2_06ADD795
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_06ADC719 pushfd ; iretd	0_2_06ADC731
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_073CBEC4 push ss; ret	0_2_073CBEC7
Source: C:\Users\user\Desktop\wya.exe	Code function: 0_2_07685382 pushfd ; ret	0_2_07685388

Source: wya.exe

Static PE information: section name: .text entropy: 6.942798527099518

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 49948 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 49959 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 49982 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 49993 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 50029 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 50042 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 50052 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 50064 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 50065 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 50070 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 50072 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 50077 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 50082 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 50084 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 50088 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 50089 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 50092 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 50094 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 50097 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50097
Source: unknown	Network traffic detected: HTTP traffic on port 50099 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50099
Source: unknown	Network traffic detected: HTTP traffic on port 50100 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 50101 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50101
Source: unknown	Network traffic detected: HTTP traffic on port 50105 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 50107 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 50110 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 50111 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 50113 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 50115 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 50119 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 50120 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 50122 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50122
Source: unknown	Network traffic detected: HTTP traffic on port 50125 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50125
Source: unknown	Network traffic detected: HTTP traffic on port 50127 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 50130 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50130
Source: unknown	Network traffic detected: HTTP traffic on port 50132 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50132
Source: unknown	Network traffic detected: HTTP traffic on port 50133 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50133
Source: unknown	Network traffic detected: HTTP traffic on port 50135 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50135
Source: unknown	Network traffic detected: HTTP traffic on port 50138 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50138
Source: unknown	Network traffic detected: HTTP traffic on port 50140 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50140
Source: unknown	Network traffic detected: HTTP traffic on port 50141 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50141
Source: unknown	Network traffic detected: HTTP traffic on port 50142 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50142
Source: unknown	Network traffic detected: HTTP traffic on port 50145 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50145
Source: unknown	Network traffic detected: HTTP traffic on port 50146 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50146
Source: unknown	Network traffic detected: HTTP traffic on port 50149 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50149

Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Source: C:\Users\user\Desktop\wya.exe	Memory allocated: 3030000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Memory allocated: 3220000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Memory allocated: 3030000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\wya.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\wya.exe

Window / User API: threadDelayed 9899

Jump to behavior

Source: C:\Users\user\Desktop\wya.exe

Registry key enumerated: More than 168 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Source: C:\Users\user\Desktop\wya.exe TID: 4628	Thread sleep time: -3689348814741908s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe TID: 4628	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe TID: 3060	Thread sleep time: -53040s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe TID: 4628	Thread sleep time: -59891s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe TID: 3060	Thread sleep time: -36547s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe TID: 3060	Thread sleep time: -45830s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe TID: 4628	Thread sleep time: -59766s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe TID: 3060	Thread sleep time: -31195s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe TID: 3060	Thread sleep time: -55044s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe TID: 3060	Thread sleep time: -50786s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe TID: 3060	Thread sleep time: -42294s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe TID: 3060	Thread sleep time: -33093s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe TID: 3060	Thread sleep time: -50357s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe TID: 3060	Thread sleep time: -54055s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe TID: 3060	Thread sleep time: -45728s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\wya.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Thread delayed: delay time: 53040	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Thread delayed: delay time: 59891	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Thread delayed: delay time: 36547	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Thread delayed: delay time: 45830	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Thread delayed: delay time: 59766	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Thread delayed: delay time: 31195	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Thread delayed: delay time: 55044	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Thread delayed: delay time: 50786	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Thread delayed: delay time: 42294	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Thread delayed: delay time: 33093	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Thread delayed: delay time: 50357	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Thread delayed: delay time: 54055	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Thread delayed: delay time: 45728	Jump to behavior

Source: wya.exe, 00000000.00000002.95782968330.00000000011E1000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllK

Source: C:\Users\user\Desktop\wya.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\wya.exe

Code function: 0_2_06ADBFB0 LdrInitializeThunk,

0_2_06ADBFB0

Source: C:\Users\user\Desktop\wya.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\wya.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\wya.exe	Queries volume information: C:\Users\user\Desktop\wya.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\wya.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: wya.exe, 00000000.00000002.95791669162.00000000067B6000.00000004.00000020.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95791669162.00000000067D9000.00000004.00000020.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95794605706.0000000008910000.00000004.00000020.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95782968330.0000000001238000.00000004.00000020.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95782968330.00000000011E1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: wya.exe, 00000000.00000002.95791669162.00000000067D9000.00000004.00000020.00020000.00000000.sdmp, wya.exe, 00000000.00000002.95794605706.0000000008910000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Defender\MsMpeng.exe

Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\wya.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

Stealing of Sensitive Information

Yara detected RedLine Stealer

Source: Yara match	File source: wya.exe, type: SAMPLE
Source: Yara match	File source: 0.0.wya.exe.c70000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.93328443160.0000000000C72000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: wya.exe PID: 5640, type: MEMORYSTR

Yara detected SectopRAT

Source: Yara match

File source: Process Memory Space: wya.exe PID: 5640, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\wya.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\wya.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior

Source: Yara match	File source: wya.exe, type: SAMPLE
Source: Yara match	File source: 0.0.wya.exe.c70000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.93328443160.0000000000C72000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: wya.exe PID: 5640, type: MEMORYSTR

Remote Access Functionality

Yara detected RedLine Stealer

Source: Yara match	File source: wya.exe, type: SAMPLE
Source: Yara match	File source: 0.0.wya.exe.c70000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.93328443160.0000000000C72000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: wya.exe PID: 5640, type: MEMORYSTR

Yara detected SectopRAT

Source: Yara match

File source: Process Memory Space: wya.exe PID: 5640, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	221 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Masquerading	1 OS Credential Dumping	231 Security Software Discovery	Remote Services	1 Archive Collected Data	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Disable or Modify Tools	LSASS Memory	11 Process Discovery	Remote Desktop Protocol	1 Data from Local System	11 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	241 Virtualization/Sandbox Evasion	Security Account Manager	241 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	3 Obfuscated Files or Information	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	1 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Software Packing	LSA Secrets	123 System Information Discovery	SSH	Keylogging	1 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report wya.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Initial Sample

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Windows Analysis Report
wya.exe