Windows Analysis Report
Blue-Cloner-Signed.exe

Overview

General Information

Sample name:	Blue-Cloner-Signed.exe
Analysis ID:	1639390
MD5:	45c6ea5de0d4568f38c425b8b084ff38
SHA1:	4ea9ea31e99a284940191b46964ee6e1fdfc5569
SHA256:	992cfe9e799108c442281c19748ee8bcb77a3fe8dfb808ae0cbf81d9f590731c
Tags:	Arechclient2exeSectopRATuser-aachum
Infos:

Detection

RedLine

Score:	100
Range:	0 - 100
Confidence:	100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption

Malicious sample detected (through community Yara rule)

Suricata IDS alerts for network traffic

Yara detected RedLine Stealer

Submitted sample is a known malware sample

Allocates memory in foreign processes

Connects to many ports of the same IP (likely port scanning)

Injects a PE file into a foreign processes

Joe Sandbox ML detected suspicious sample

Monitors registry run keys for changes

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Crypto Currency Wallets

Uses known network protocols on non-standard ports

Writes to foreign memory regions

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Is looking for software installed on the system

May sleep (evasive loops) to hinder dynamic analysis

PE / OLE file has an invalid certificate

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

PE file does not import any functions

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: Browser Started with Remote Debugging

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Use Short Name Path in Command Line

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Malware Threat Intel
Provided by

Name	Description	Attribution	Blogpost URLs	Link
RedLine Stealer	RedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://apophis133.medium.com/redline-technical-analysis-report-5034e16ad152 https://asec.ahnlab.com/en/30445/ https://asec.ahnlab.com/en/35981/ https://asec.ahnlab.com/ko/25837/	https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Signatures

AV Detection

Joe Sandbox ML detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 94.9% probability

Uses 32bit PE files

Source: Blue-Cloner-Signed.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: Blue-Cloner-Signed.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: vbc.pdb source: is-0DKEL.tmp.3.dr
Source:	Binary string: D:\dbs\sh\ddvsm\1002_165500_0\cmd\a\out\binaries\amd64ret\bin\amd64\vspkgs\Opt\x05xyg5w.zg2\Output\CompSvcsPkg.pdb source: is-S2L72.tmp.3.dr
Source:	Binary string: /_/artifacts/obj/Microsoft.AspNetCore.Http/Release/net7.0/Microsoft.AspNetCore.Http.pdb source: Microsoft.AspNetCore.Http.dll.4.dr
Source:	Binary string: D:\a\_work\1\s\src\Setup.Download\obj\Release\net45\Microsoft.VisualStudio.Setup.Download.pdb" source: Microsoft.VisualStudio.Setup.Download.dll.4.dr
Source:	Binary string: /_/artifacts/obj/Microsoft.DotNet.DesignTools.Protocol/Release/netcoreapp3.1/Microsoft.DotNet.DesignTools.Protocol.pdb source: is-PGLBN.tmp.3.dr
Source:	Binary string: WindowsBase.pdb source: WindowsBase.dll.4.dr, is-REOGC.tmp.3.dr
Source:	Binary string: /_/artifacts/obj/Microsoft.Build.Tasks.CodeAnalysis/Release/net6.0/Microsoft.Build.Tasks.CodeAnalysis.pdb source: is-0DKEL.tmp.3.dr
Source:	Binary string: Microsoft.VisualStudio.TestPlatform.ObjectModel.ni.pdb source: Microsoft.VisualStudio.TestPlatform.ObjectModel.dll.4.dr
Source:	Binary string: WindowsBase.pdbBSJB source: WindowsBase.dll.4.dr, is-REOGC.tmp.3.dr
Source:	Binary string: UIAutomationClientSideProviders.ni.pdb source: UIAutomationClientSideProviders.dll.4.dr, is-L9AJM.tmp.3.dr
Source:	Binary string: methodName.pdb!RunConfiguration5.NETFramework,Version=v3.55.NETFramework,Version=v4.05.NETFramework,Version=v4.5#UAP,Version=v10.0!ResultsDirectory source: Microsoft.VisualStudio.TestPlatform.ObjectModel.dll.4.dr
Source:	Binary string: Microsoft.VisualStudio.TestPlatform.ObjectModel.pdb source: Microsoft.VisualStudio.TestPlatform.ObjectModel.dll.4.dr
Source:	Binary string: type: yPortableSymbolReader: Failed to load symbols for binary: {0}GCannot find portable .PDB file for source: Microsoft.VisualStudio.TestPlatform.ObjectModel.dll.4.dr
Source:	Binary string: /_/artifacts/obj/Microsoft.AspNetCore.Http/Release/net7.0/Microsoft.AspNetCore.Http.pdbSHA256$ source: Microsoft.AspNetCore.Http.dll.4.dr
Source:	Binary string: /_/artifacts/obj/Microsoft.DotNet.DesignTools.Protocol/Release/netcoreapp3.1/Microsoft.DotNet.DesignTools.Protocol.pdbSHA2564X source: is-PGLBN.tmp.3.dr
Source:	Binary string: Microsoft.Build.Tasks.CodeAnalysis.ni.pdb source: is-0DKEL.tmp.3.dr
Source:	Binary string: Microsoft.AspNetCore.Http.ni.pdb source: Microsoft.AspNetCore.Http.dll.4.dr
Source:	Binary string: /_/artifacts/obj/UIAutomationClientSideProviders/x64/Release/net7.0/UIAutomationClientSideProviders.pdbRSDS source: UIAutomationClientSideProviders.dll.4.dr, is-L9AJM.tmp.3.dr
Source:	Binary string: /_/artifacts/obj/UIAutomationClientSideProviders/x64/Release/net7.0/UIAutomationClientSideProviders.pdb source: UIAutomationClientSideProviders.dll.4.dr, is-L9AJM.tmp.3.dr
Source:	Binary string: c:\zlib-dll\Release\isunzlib.pdb source: Blue-Cloner-Signed.tmp, 00000001.00000003.859820828.00000000022E3000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.1.dr, _isdecmp.dll.3.dr
Source:	Binary string: D:\a\_work\1\s\src\Setup.Download\obj\Release\net45\Microsoft.VisualStudio.Setup.Download.pdb source: Microsoft.VisualStudio.Setup.Download.dll.4.dr

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49694 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49684 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49692 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49714 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49716 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49713 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49683 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49723 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49718 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49697 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49725 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49710 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49687 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49688 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49703 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49720 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49701 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49736 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49708 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49705 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49737 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49728 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49722 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49690 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49709 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49704 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49686 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49742 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49726 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49732 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49717 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49734 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49700 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49721 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49744 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49745 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49750 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49712 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49753 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49752 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49751 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49748 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49758 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49755 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49743 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49759 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49731 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49760 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49763 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49756 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49739 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49764 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49761 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49706 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49767 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49747 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49769 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49774 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49773 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49776 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49777 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49770 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49778 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49779 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49781 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49768 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49772 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49782 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49786 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49788 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49789 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49792 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49793 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49790 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49794 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49796 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49784 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49785 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49798 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49800 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49801 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49803 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49797 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49806 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49808 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49805 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49810 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49815 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49830 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49831 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49834 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49842 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49838 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49841 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49849 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49844 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49855 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49865 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49862 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49866 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49869 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49868 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49879 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49874 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49888 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49887 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49883 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49891 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49892 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49893 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49895 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49896 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49897 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49898 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49889 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49901 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49902 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49904 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49906 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49907 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49909 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49910 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49912 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49914 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49916 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49918 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49919 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49920 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49876 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49882 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49924 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49900 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49905 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49925 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49923 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49928 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49929 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49931 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49932 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49933 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49937 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49938 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49941 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49942 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49944 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49945 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49947 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49948 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49951 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49953 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49954 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49956 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49959 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49957 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49961 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49970 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49975 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49992 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49993 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49994 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49996 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49997 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49999 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50000 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50001 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50002 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50006 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50007 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50009 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50010 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50012 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50013 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50014 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50016 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50017 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50018 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50019 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50015 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50020 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50021 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50022 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50023 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50024 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49950 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50003 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50025 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50026 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50027 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50028 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50029 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50030 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50031 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50032 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50033 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50034 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50036 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50037 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50038 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50039 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50040 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50041 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50042 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50044 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50045 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49913 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50046 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50047 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50048 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49926 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50049 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49935 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49991 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50051 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50052 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50054 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50055 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50056 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50057 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50058 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50059 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50060 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50061 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50062 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50063 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49998 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50064 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50065 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50066 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50068 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50070 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50073 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50072 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50074 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50076 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50078 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50079 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50080 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50081 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50082 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50083 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50084 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50085 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50086 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50087 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50088 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50089 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50090 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50092 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50093 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50095 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50096 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50101 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50091 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50094 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50102 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50103 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50105 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50106 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50107 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50108 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50109 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50110 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50111 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50112 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50114 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50113 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50117 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50118 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50099 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50119 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50050 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50121 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50123 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50124 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50125 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50127 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50128 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50130 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50131 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50132 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50133 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50069 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50071 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50098 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50129 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50120 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50043 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50075 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50097 -> 194.26.29.44:9000

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 194.26.29.44 ports 9000,1,4,5,7,8,15847

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49683 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 49684 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 49686 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49686
Source: unknown	Network traffic detected: HTTP traffic on port 49687 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49687
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49688
Source: unknown	Network traffic detected: HTTP traffic on port 49690 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49690
Source: unknown	Network traffic detected: HTTP traffic on port 49692 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49692
Source: unknown	Network traffic detected: HTTP traffic on port 49694 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49694
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 49937 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 49948 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 49959 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 49993 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 50019 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 50020 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 50029 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 50030 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 50041 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 50042 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 50052 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 50060 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50063 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 50064 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 50065 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 50066 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 50069 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 50070 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 50072 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 50076 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 50078 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 50081 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50081
Source: unknown	Network traffic detected: HTTP traffic on port 50082 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 50084 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 50086 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 50087 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 50088 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 50089 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 50090 -> 9000

Detected TCP or UDP traffic on non-standard ports

Source: global traffic

TCP traffic: 192.168.2.7:49682 -> 194.26.29.44:15847

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 2.22.242.105 2.22.242.105
Source: Joe Sandbox View	IP Address: 2.22.242.11 2.22.242.11
Source: Joe Sandbox View	IP Address: 13.74.129.1 13.74.129.1

Suricata IDS alerts with low severity for network traffic

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49694 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49692 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49714 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49716 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49713 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49723 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49718 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49697 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49725 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49710 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49703 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49687 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49688 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49720 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49701 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49736 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49708 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49728 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49704 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49709 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49705 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49690 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49722 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49737 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49726 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49742 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49734 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49744 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49732 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49717 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49700 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49721 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49745 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49750 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49712 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49753 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49748 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49752 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49751 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49758 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49706 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49755 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49743 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49759 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49731 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49760 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49763 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49756 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49739 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49764 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49761 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49767 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49747 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49769 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49773 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49774 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49776 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49777 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49778 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49770 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49779 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49781 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49768 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49772 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49782 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49786 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49788 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49789 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49792 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49793 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49790 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49794 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49796 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49784 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49785 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49798 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49800 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49801 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49803 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49797 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49806 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49808 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49805 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49810 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49815 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49830 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49831 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49834 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49842 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49838 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49841 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49849 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49844 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49855 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49865 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49862 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49866 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49869 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49868 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49879 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49874 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49888 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49883 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49887 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49891 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49892 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49893 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49895 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49896 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49897 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49898 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49889 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49901 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49902 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49904 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49906 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49907 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49909 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49910 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49912 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49914 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49916 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49918 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49919 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49920 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49876 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49882 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49924 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49900 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49905 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49925 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49923 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49928 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49929 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49931 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49932 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49938 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49942 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49951 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49953 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49959 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49957 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49961 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49970 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49975 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49992 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49993 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49994 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49996 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49997 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49999 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50000 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50001 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50002 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50006 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50007 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50009 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50010 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50012 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50013 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50014 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50016 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50017 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50018 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50019 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50015 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50020 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50021 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50022 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50023 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50024 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50003 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50025 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50026 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50027 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50028 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50029 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50030 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50031 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50032 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50033 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50034 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50036 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50037 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50038 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50039 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50040 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50041 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50042 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50044 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50045 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49913 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50046 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50047 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50048 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49926 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50049 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49935 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49991 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50051 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50052 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50054 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50055 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50056 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50057 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50058 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50060 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50061 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50063 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49998 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50068 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50070 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50072 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50076 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50079 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50093 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50095 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50096 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50091 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50102 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50103 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50105 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50106 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50109 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50113 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50118 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50099 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50050 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50124 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50130 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50131 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50069 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50071 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50098 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50129 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50120 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50043 -> 194.26.29.44:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50097 -> 194.26.29.44:9000

Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.215.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.98.62
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.215.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.98.62
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44
Source: unknown	TCP traffic detected without corresponding DNS query: 194.26.29.44

Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiKo8sBCIWgzQEI9s/OAQiB1s4BCMnczgEIhODOAQii5M4BCK/kzgEI6eTOAQ==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiKo8sBCIWgzQEI9s/OAQiB1s4BCMnczgEIhODOAQii5M4BCK/kzgEI6eTOAQ==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531 HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531 HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/SSR-extension.cb278af4d754dd8a1a58.js HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 1.35sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 100sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 4gAccept: /sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; sptmarket=en-GB\|\|us\|en-us\|en-us\|en\|\|cf=8\|RefA=E315E8C40A034817B4168803AB59B784.RefC=2025-03-15T13:16:24Z; USRLOC=; MUID=31C987FAE151690E01DA924AE0F968D8; MUIDB=31C987FAE151690E01DA924AE0F968D8; _EDGE_S=F=1&SID=2CEE59486DB465403C244CF86C6564B3; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/web-worker.948ffa5ea2d441a35f55.js HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 1.35sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 100sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 4gAccept: /sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; sptmarket=en-GB\|\|us\|en-us\|en-us\|en\|\|cf=8\|RefA=E315E8C40A034817B4168803AB59B784.RefC=2025-03-15T13:16:24Z; USRLOC=; MUID=31C987FAE151690E01DA924AE0F968D8; MUIDB=31C987FAE151690E01DA924AE0F968D8; _EDGE_S=F=1&SID=2CEE59486DB465403C244CF86C6564B3; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ntp.msn.com
Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: sb.scorecardresearch.com
Source: global traffic	DNS traffic detected: DNS query: c.msn.com
Source: global traffic	DNS traffic detected: DNS query: assets.msn.com
Source: global traffic	DNS traffic detected: DNS query: api.msn.com

Source: Microsoft.VisualStudio.Setup.Download.dll.4.dr	String found in binary or memory: http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://micros
Source: is-LMMQQ.tmp.3.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: is-LMMQQ.tmp.3.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: Blue-Cloner-Signed.tmp, 00000001.00000003.859820828.00000000022E3000.00000004.00001000.00020000.00000000.sdmp, Blue-Cloner-Signed.tmp, 00000003.00000003.884108964.0000000002453000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.1.dr, _isdecmp.dll.3.dr	String found in binary or memory: http://crl.certum.pl/cscasha2.crl0q
Source: Blue-Cloner-Signed.tmp, 00000001.00000003.859820828.00000000022E3000.00000004.00001000.00020000.00000000.sdmp, Blue-Cloner-Signed.tmp, 00000003.00000003.884108964.0000000002453000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.1.dr, _isdecmp.dll.3.dr	String found in binary or memory: http://crl.certum.pl/ctnca.crl0k
Source: is-82LNC.tmp.3.dr	String found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
Source: is-82LNC.tmp.3.dr	String found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
Source: is-82LNC.tmp.3.dr	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
Source: is-82LNC.tmp.3.dr	String found in binary or memory: http://crl.globalsign.net/root-r3.crl0
Source: Blue-Cloner-Signed.tmp, 00000001.00000003.859820828.00000000022E3000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.1.dr, _isdecmp.dll.3.dr	String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: is-9Q7I2.tmp.3.dr, is-7V644.tmp.3.dr	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: is-LMMQQ.tmp.3.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: is-LMMQQ.tmp.3.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: is-LMMQQ.tmp.3.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: is-LMMQQ.tmp.3.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: Blue-Cloner-Signed.tmp, 00000001.00000003.859820828.00000000022E3000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.1.dr, _isdecmp.dll.3.dr	String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: Blue-Cloner-Signed.tmp, 00000001.00000003.859820828.00000000022E3000.00000004.00001000.00020000.00000000.sdmp, Blue-Cloner-Signed.tmp, 00000003.00000003.884108964.0000000002453000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.1.dr, _isdecmp.dll.3.dr	String found in binary or memory: http://cscasha2.ocsp-certum.com04
Source: is-S2L72.tmp.3.dr	String found in binary or memory: http://localhostrootServerBindingsSecureBindingshttps://localhost443:http://localhostprimaryfusion.d
Source: is-LMMQQ.tmp.3.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: is-LMMQQ.tmp.3.dr	String found in binary or memory: http://ocsp.digicert.com0O
Source: Blue-Cloner-Signed.tmp, 00000001.00000003.859820828.00000000022E3000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.1.dr, _isdecmp.dll.3.dr	String found in binary or memory: http://ocsp.sectigo.com0
Source: is-9Q7I2.tmp.3.dr, is-7V644.tmp.3.dr	String found in binary or memory: http://ocsp.thawte.com0
Source: is-82LNC.tmp.3.dr	String found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
Source: is-82LNC.tmp.3.dr	String found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
Source: is-82LNC.tmp.3.dr	String found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: Blue-Cloner-Signed.tmp, 00000001.00000003.859820828.00000000022E3000.00000004.00001000.00020000.00000000.sdmp, Blue-Cloner-Signed.tmp, 00000003.00000003.884108964.0000000002453000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.1.dr, _isdecmp.dll.3.dr	String found in binary or memory: http://repository.certum.pl/cscasha2.cer0
Source: Blue-Cloner-Signed.tmp, 00000001.00000003.859820828.00000000022E3000.00000004.00001000.00020000.00000000.sdmp, Blue-Cloner-Signed.tmp, 00000003.00000003.884108964.0000000002453000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.1.dr, _isdecmp.dll.3.dr	String found in binary or memory: http://repository.certum.pl/ctnca.cer09
Source: is-LMMQQ.tmp.3.dr	String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: is-LMMQQ.tmp.3.dr	String found in binary or memory: http://s2.symcb.com0
Source: is-S2L72.tmp.3.dr	String found in binary or memory: http://schemas.xmlsoap.org/disco/http://schemas.xmlsoap.org/wsdl/XMLDocument
Source: is-82LNC.tmp.3.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
Source: is-82LNC.tmp.3.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
Source: Blue-Cloner-Signed.tmp, 00000001.00000003.859820828.00000000022E3000.00000004.00001000.00020000.00000000.sdmp, Blue-Cloner-Signed.tmp, 00000003.00000003.884108964.0000000002453000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.1.dr, _isdecmp.dll.3.dr	String found in binary or memory: http://subca.ocsp-certum.com01
Source: is-LMMQQ.tmp.3.dr	String found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: is-LMMQQ.tmp.3.dr	String found in binary or memory: http://sv.symcb.com/sv.crt0
Source: is-LMMQQ.tmp.3.dr	String found in binary or memory: http://sv.symcd.com0&
Source: is-9Q7I2.tmp.3.dr, is-7V644.tmp.3.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: is-9Q7I2.tmp.3.dr, is-7V644.tmp.3.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: is-9Q7I2.tmp.3.dr, is-7V644.tmp.3.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: WindowsBase.dll.4.dr, is-REOGC.tmp.3.dr	String found in binary or memory: http://uri.etsi.org/01903/v1.2.2#SignedProperties
Source: WindowsBase.dll.4.dr, is-REOGC.tmp.3.dr	String found in binary or memory: http://uri.etsi.org/01903/v1.2.2#bhttp://uri.etsi.org/01903/v1.2.2#SignedProperties
Source: WindowsBase.dll.4.dr, is-REOGC.tmp.3.dr	String found in binary or memory: http://uri.etsi.org/01903/v1.2.2#yHKEY_LOCAL_MACHINE
Source: AutoIt3.exe, 00000004.00000000.882877850.00000000002D5000.00000002.00000001.01000000.0000000E.sdmp, AutoIt3.exe, 00000008.00000000.1016207917.0000000000E25000.00000002.00000001.01000000.00000014.sdmp, AutoIt3.exe, 0000000A.00000000.1098628197.0000000000E25000.00000002.00000001.01000000.00000014.sdmp, is-82LNC.tmp.3.dr	String found in binary or memory: http://www.autoitscript.com/autoit3/X
Source: Blue-Cloner-Signed.tmp, 00000001.00000003.859820828.00000000022E3000.00000004.00001000.00020000.00000000.sdmp, Blue-Cloner-Signed.tmp, 00000003.00000003.884108964.0000000002453000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.1.dr, _isdecmp.dll.3.dr	String found in binary or memory: http://www.certum.pl/CPS0
Source: is-LMMQQ.tmp.3.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: is-LMMQQ.tmp.3.dr	String found in binary or memory: http://www.symauth.com/cps0(
Source: is-LMMQQ.tmp.3.dr	String found in binary or memory: http://www.symauth.com/rpa00
Source: is-9Q7I2.tmp.3.dr, is-7V644.tmp.3.dr	String found in binary or memory: http://www.vmware.com/0
Source: is-LMMQQ.tmp.3.dr	String found in binary or memory: http://www.winzip.com/authenticode.htm0
Source: chrome.exe, 00000006.00000003.976877692.00006CA0000DC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.981705495.00000180330C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/cr/report
Source: is-LMMQQ.tmp.3.dr	String found in binary or memory: https://d.symcb.com/cps0%
Source: is-LMMQQ.tmp.3.dr	String found in binary or memory: https://d.symcb.com/rpa0
Source: Microsoft.AspNetCore.Http.dll.4.dr	String found in binary or memory: https://github.com/dotnet/aspnetcore
Source: Microsoft.AspNetCore.Http.dll.4.dr	String found in binary or memory: https://github.com/dotnet/aspnetcore/tree/57512b49997283599b00a6b67d0ccebaec171daf
Source: is-0DKEL.tmp.3.dr	String found in binary or memory: https://github.com/dotnet/roslyn
Source: UIAutomationClientSideProviders.dll.4.dr, is-L9AJM.tmp.3.dr	String found in binary or memory: https://github.com/dotnet/wpf
Source: UIAutomationClientSideProviders.dll.4.dr, is-L9AJM.tmp.3.dr	String found in binary or memory: https://github.com/dotnet/wpf4
Source: is-PGLBN.tmp.3.dr	String found in binary or memory: https://github.com/microsoft/winforms-designer
Source: Blue-Cloner-Signed.tmp, 00000001.00000003.859820828.00000000022E3000.00000004.00001000.00020000.00000000.sdmp, Blue-Cloner-Signed.tmp, 00000003.00000003.884108964.0000000002453000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.1.dr, _isdecmp.dll.3.dr	String found in binary or memory: https://jrsoftware.org/
Source: Blue-Cloner-Signed.exe	String found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: Blue-Cloner-Signed.tmp, 00000001.00000003.859820828.00000000022E3000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.1.dr, _isdecmp.dll.3.dr	String found in binary or memory: https://jrsoftware.org0
Source: Microsoft.VisualStudio.Setup.Download.dll.4.dr	String found in binary or memory: https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47
Source: Microsoft.VisualStudio.Setup.Download.dll.4.dr	String found in binary or memory: https://login.microsoftonline.comH72f988bf-86f1-41af-91ab-2d7cd011db47
Source: jsc.exe, 00000009.00000002.1086363398.00000000026F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pastebin.com/raw/WQwfZTNB
Source: jsc.exe, 00000009.00000002.1086363398.00000000026F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pastebin.com/raw/WQwfZTNBPO
Source: Blue-Cloner-Signed.tmp, 00000001.00000003.859820828.00000000022E3000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.1.dr, _isdecmp.dll.3.dr	String found in binary or memory: https://sectigo.com/CPS0D
Source: is-82LNC.tmp.3.dr	String found in binary or memory: https://www.autoitscript.com/autoit3/
Source: Blue-Cloner-Signed.tmp, 00000001.00000003.859820828.00000000022E3000.00000004.00001000.00020000.00000000.sdmp, Blue-Cloner-Signed.tmp, 00000003.00000003.884108964.0000000002453000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.1.dr, _isdecmp.dll.3.dr	String found in binary or memory: https://www.certum.pl/CPS0
Source: is-LMMQQ.tmp.3.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: is-82LNC.tmp.3.dr	String found in binary or memory: https://www.globalsign.com/repository/0
Source: is-82LNC.tmp.3.dr	String found in binary or memory: https://www.globalsign.com/repository/06
Source: Blue-Cloner-Signed.exe, 00000000.00000003.853955200.000000007FB30000.00000004.00001000.00020000.00000000.sdmp, Blue-Cloner-Signed.tmp, 00000001.00000000.855177402.0000000000401000.00000020.00000001.01000000.00000004.sdmp	String found in binary or memory: https://www.innosetup.com/
Source: Blue-Cloner-Signed.exe, 00000000.00000003.853955200.000000007FB30000.00000004.00001000.00020000.00000000.sdmp, Blue-Cloner-Signed.tmp, 00000001.00000000.855177402.0000000000401000.00000020.00000001.01000000.00000004.sdmp	String found in binary or memory: https://www.remobjects.com/ps

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49982 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987

System Summary

Malicious sample detected (through community Yara rule)

Source: 9.2.jsc.exe.730000.0.unpack, type: UNPACKEDPE

Matched rule: Detects Arechclient2 RAT Author: ditekSHen

Submitted sample is a known malware sample

Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped file: MD5: 9a7234078559093e06c9d32148ed95a3 Family: TRITON Alias: TEMP.Veles, TRISIS, XENOTIME, HATMAN, TRITON Description: TRITON, named by FireEye, is an attack framework built to interact with Triconex Safety Instrumented System (SIS) controllers. It is one of a limited number of publicly identified malicious software families targeted at industrial control systems (ICS). It could prevent safety mechanisms from executing their intended function, resulting in a physical consequence.When the attacker gained remote access to an SIS engineering workstation, the TRITON attack framework was deployed to reprogram the SIS controllers, to modify application memory on SIS controllers that could lead to a failed validation check. References: https://www.fireeye.com/blog/threat-research/2018/10/triton-attribution-russian-government-owned-lab-most-likely-built-tools.html https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.htmlhttps://dragos.com/adversaries.htmlhttps://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.htmlData Source: https://github.com/RedDrip7/APT_Digital_Weapon
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped file: MD5: 9a7234078559093e06c9d32148ed95a3 Family: TRITON Alias: TEMP.Veles, TRISIS, XENOTIME, HATMAN, TRITON Description: TRITON, named by FireEye, is an attack framework built to interact with Triconex Safety Instrumented System (SIS) controllers. It is one of a limited number of publicly identified malicious software families targeted at industrial control systems (ICS). It could prevent safety mechanisms from executing their intended function, resulting in a physical consequence.When the attacker gained remote access to an SIS engineering workstation, the TRITON attack framework was deployed to reprogram the SIS controllers, to modify application memory on SIS controllers that could lead to a failed validation check. References: https://www.fireeye.com/blog/threat-research/2018/10/triton-attribution-russian-government-owned-lab-most-likely-built-tools.html https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.htmlhttps://dragos.com/adversaries.htmlhttps://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.htmlData Source: https://github.com/RedDrip7/APT_Digital_Weapon
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Dropped file: MD5: 9a7234078559093e06c9d32148ed95a3 Family: TRITON Alias: TEMP.Veles, TRISIS, XENOTIME, HATMAN, TRITON Description: TRITON, named by FireEye, is an attack framework built to interact with Triconex Safety Instrumented System (SIS) controllers. It is one of a limited number of publicly identified malicious software families targeted at industrial control systems (ICS). It could prevent safety mechanisms from executing their intended function, resulting in a physical consequence.When the attacker gained remote access to an SIS engineering workstation, the TRITON attack framework was deployed to reprogram the SIS controllers, to modify application memory on SIS controllers that could lead to a failed validation check. References: https://www.fireeye.com/blog/threat-research/2018/10/triton-attribution-russian-government-owned-lab-most-likely-built-tools.html https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.htmlhttps://dragos.com/adversaries.htmlhttps://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.htmlData Source: https://github.com/RedDrip7/APT_Digital_Weapon

Abnormal high CPU Usage

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe

Process Stats: CPU usage > 49%

Detected potential crypto function

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Code function: 9_2_00AE1050	9_2_00AE1050
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Code function: 9_2_00AE1940	9_2_00AE1940
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Code function: 9_2_00AE7598	9_2_00AE7598
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Code function: 9_2_00AE59AB	9_2_00AE59AB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Code function: 9_2_00AE1931	9_2_00AE1931
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Code function: 9_2_00AE45F8	9_2_00AE45F8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Code function: 9_2_00AE4608	9_2_00AE4608
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Code function: 9_2_00AE1724	9_2_00AE1724
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Code function: 9_2_00AE59C8	9_2_00AE59C8

Dropped file seen in connection with other malware

Source: Joe Sandbox View

Dropped File: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe 1DA298CAB4D537B0B7B5DABF09BFF6A212B9E45731E0CC772F99026005FB9E48

PE / OLE file has an invalid certificate

Source: Blue-Cloner-Signed.exe

Static PE information: invalid certificate

PE file contains executable resources (Code or Archives)

Source: Blue-Cloner-Signed.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: Blue-Cloner-Signed.tmp.2.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows

PE file does not import any functions

Source: is-O9589.tmp.3.dr	Static PE information: No import functions for PE file found
Source: is-0DKEL.tmp.3.dr	Static PE information: No import functions for PE file found
Source: is-N4QCG.tmp.3.dr	Static PE information: No import functions for PE file found
Source: is-QNESL.tmp.3.dr	Static PE information: No import functions for PE file found

Sample file is different than original file name gathered from version info

Source: Blue-Cloner-Signed.exe, 00000000.00000000.853055354.00000000004F8000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFileName vs Blue-Cloner-Signed.exe
Source: Blue-Cloner-Signed.exe, 00000000.00000003.861624486.00000000021CA000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFileName vs Blue-Cloner-Signed.exe
Source: Blue-Cloner-Signed.exe, 00000000.00000003.861624486.0000000002288000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamekernel32j% vs Blue-Cloner-Signed.exe
Source: Blue-Cloner-Signed.exe, 00000000.00000003.853955200.000000007FE33000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFileName vs Blue-Cloner-Signed.exe
Source: Blue-Cloner-Signed.exe, 00000002.00000003.886976077.0000000002268000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamekernel32j% vs Blue-Cloner-Signed.exe
Source: Blue-Cloner-Signed.exe, 00000002.00000003.886976077.00000000021AA000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFileName vs Blue-Cloner-Signed.exe
Source: Blue-Cloner-Signed.exe	Binary or memory string: OriginalFileName vs Blue-Cloner-Signed.exe

Uses 32bit PE files

Source: Blue-Cloner-Signed.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Yara signature match

Source: 9.2.jsc.exe.730000.0.unpack, type: UNPACKEDPE

Matched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT

Source: is-0DKEL.tmp.3.dr, NamedPipeUtil.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: is-0DKEL.tmp.3.dr, NamedPipeUtil.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: is-0DKEL.tmp.3.dr, BuildServerConnection.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: is-0DKEL.tmp.3.dr, BuildServerConnection.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@70/224@18/13

Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp

File created: C:\Users\user\AppData\Local\Programs

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Mutant created: NULL
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Mutant created: \Sessions\1\BaseNamedObjects\80a528d848384796864d9d408fd78d4c

Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exe

File created: C:\Users\user~1\AppData\Local\Temp\is-KJ2AK.tmp

Jump to behavior

Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Jump to behavior

Source: Blue-Cloner-Signed.exe

String found in binary or memory: /LOADINF="filename"

Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exe

File read: C:\Users\user\Desktop\Blue-Cloner-Signed.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Blue-Cloner-Signed.exe "C:\Users\user\Desktop\Blue-Cloner-Signed.exe"
Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exe	Process created: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp "C:\Users\user~1\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp" /SL5="$203E4,16056410,995328,C:\Users\user\Desktop\Blue-Cloner-Signed.exe"
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Process created: C:\Users\user\Desktop\Blue-Cloner-Signed.exe "C:\Users\user\Desktop\Blue-Cloner-Signed.exe" /VERYSILENT
Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exe	Process created: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp "C:\Users\user~1\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp" /SL5="$203F2,16056410,995328,C:\Users\user\Desktop\Blue-Cloner-Signed.exe" /VERYSILENT
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Process created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe "C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe" lionheartedly.a3x
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9502 --profile-directory="Default"
Source: unknown	Process created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe "C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Autoit3.exe" "C:\9e146be9-c76a-4720-bcdb-53011b87bd06\lionheartedly.a3x"
Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"
Source: unknown	Process created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe "C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Autoit3.exe" "C:\9e146be9-c76a-4720-bcdb-53011b87bd06\lionheartedly.a3x"
Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9897 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2188,i,17180470386210367676,4269936662652460596,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2192 /prefetch:3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=8053 --profile-directory="Default"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2588 --field-trial-handle=2080,i,12350679301300759523,9547740877792458895,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=8053 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=2076,i,17998252986563725011,528699901736445202,262144 /prefetch:3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=7905 --profile-directory="Default"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2524 --field-trial-handle=2336,i,5047216504094889522,3815978345748103374,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=7905 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2424 --field-trial-handle=2512,i,1085491752832484117,15979880841371217689,262144 /prefetch:3
Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exe	Process created: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp "C:\Users\user~1\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp" /SL5="$203E4,16056410,995328,C:\Users\user\Desktop\Blue-Cloner-Signed.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Process created: C:\Users\user\Desktop\Blue-Cloner-Signed.exe "C:\Users\user\Desktop\Blue-Cloner-Signed.exe" /VERYSILENT	Jump to behavior
Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exe	Process created: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp "C:\Users\user~1\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp" /SL5="$203F2,16056410,995328,C:\Users\user\Desktop\Blue-Cloner-Signed.exe" /VERYSILENT	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Process created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe "C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe" lionheartedly.a3x	Jump to behavior
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9502 --profile-directory="Default"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9897 --profile-directory="Default"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=8053 --profile-directory="Default"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=7905 --profile-directory="Default"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"	Jump to behavior
Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2188,i,17180470386210367676,4269936662652460596,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2192 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2588 --field-trial-handle=2080,i,12350679301300759523,9547740877792458895,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=2076,i,17998252986563725011,528699901736445202,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2524 --field-trial-handle=2336,i,5047216504094889522,3815978345748103374,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2424 --field-trial-handle=2512,i,1085491752832484117,15979880841371217689,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: websocket.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe	Section loaded: version.dll	Jump to behavior
Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe	Section loaded: wsock32.dll
Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe	Section loaded: version.dll
Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe	Section loaded: winmm.dll
Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe	Section loaded: mpr.dll
Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe	Section loaded: wininet.dll
Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe	Section loaded: iphlpapi.dll
Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe	Section loaded: userenv.dll
Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe	Section loaded: uxtheme.dll
Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe	Section loaded: kernel.appcore.dll
Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe	Section loaded: cryptsp.dll
Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe	Section loaded: rsaenh.dll
Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Section loaded: uxtheme.dll

Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp

Window found: window name: TMainForm

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: Blue-Cloner-Signed.exe

Static file information: File size 19400458 > 1048576

Source: Blue-Cloner-Signed.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: vbc.pdb source: is-0DKEL.tmp.3.dr
Source:	Binary string: D:\dbs\sh\ddvsm\1002_165500_0\cmd\a\out\binaries\amd64ret\bin\amd64\vspkgs\Opt\x05xyg5w.zg2\Output\CompSvcsPkg.pdb source: is-S2L72.tmp.3.dr
Source:	Binary string: /_/artifacts/obj/Microsoft.AspNetCore.Http/Release/net7.0/Microsoft.AspNetCore.Http.pdb source: Microsoft.AspNetCore.Http.dll.4.dr
Source:	Binary string: D:\a\_work\1\s\src\Setup.Download\obj\Release\net45\Microsoft.VisualStudio.Setup.Download.pdb" source: Microsoft.VisualStudio.Setup.Download.dll.4.dr
Source:	Binary string: /_/artifacts/obj/Microsoft.DotNet.DesignTools.Protocol/Release/netcoreapp3.1/Microsoft.DotNet.DesignTools.Protocol.pdb source: is-PGLBN.tmp.3.dr
Source:	Binary string: WindowsBase.pdb source: WindowsBase.dll.4.dr, is-REOGC.tmp.3.dr
Source:	Binary string: /_/artifacts/obj/Microsoft.Build.Tasks.CodeAnalysis/Release/net6.0/Microsoft.Build.Tasks.CodeAnalysis.pdb source: is-0DKEL.tmp.3.dr
Source:	Binary string: Microsoft.VisualStudio.TestPlatform.ObjectModel.ni.pdb source: Microsoft.VisualStudio.TestPlatform.ObjectModel.dll.4.dr
Source:	Binary string: WindowsBase.pdbBSJB source: WindowsBase.dll.4.dr, is-REOGC.tmp.3.dr
Source:	Binary string: UIAutomationClientSideProviders.ni.pdb source: UIAutomationClientSideProviders.dll.4.dr, is-L9AJM.tmp.3.dr
Source:	Binary string: methodName.pdb!RunConfiguration5.NETFramework,Version=v3.55.NETFramework,Version=v4.05.NETFramework,Version=v4.5#UAP,Version=v10.0!ResultsDirectory source: Microsoft.VisualStudio.TestPlatform.ObjectModel.dll.4.dr
Source:	Binary string: Microsoft.VisualStudio.TestPlatform.ObjectModel.pdb source: Microsoft.VisualStudio.TestPlatform.ObjectModel.dll.4.dr
Source:	Binary string: type: yPortableSymbolReader: Failed to load symbols for binary: {0}GCannot find portable .PDB file for source: Microsoft.VisualStudio.TestPlatform.ObjectModel.dll.4.dr
Source:	Binary string: /_/artifacts/obj/Microsoft.AspNetCore.Http/Release/net7.0/Microsoft.AspNetCore.Http.pdbSHA256$ source: Microsoft.AspNetCore.Http.dll.4.dr
Source:	Binary string: /_/artifacts/obj/Microsoft.DotNet.DesignTools.Protocol/Release/netcoreapp3.1/Microsoft.DotNet.DesignTools.Protocol.pdbSHA2564X source: is-PGLBN.tmp.3.dr
Source:	Binary string: Microsoft.Build.Tasks.CodeAnalysis.ni.pdb source: is-0DKEL.tmp.3.dr
Source:	Binary string: Microsoft.AspNetCore.Http.ni.pdb source: Microsoft.AspNetCore.Http.dll.4.dr
Source:	Binary string: /_/artifacts/obj/UIAutomationClientSideProviders/x64/Release/net7.0/UIAutomationClientSideProviders.pdbRSDS source: UIAutomationClientSideProviders.dll.4.dr, is-L9AJM.tmp.3.dr
Source:	Binary string: /_/artifacts/obj/UIAutomationClientSideProviders/x64/Release/net7.0/UIAutomationClientSideProviders.pdb source: UIAutomationClientSideProviders.dll.4.dr, is-L9AJM.tmp.3.dr
Source:	Binary string: c:\zlib-dll\Release\isunzlib.pdb source: Blue-Cloner-Signed.tmp, 00000001.00000003.859820828.00000000022E3000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.1.dr, _isdecmp.dll.3.dr
Source:	Binary string: D:\a\_work\1\s\src\Setup.Download\obj\Release\net45\Microsoft.VisualStudio.Setup.Download.pdb source: Microsoft.VisualStudio.Setup.Download.dll.4.dr

Binary contains a suspicious time stamp

Source: is-N4QCG.tmp.3.dr

Static PE information: 0xEED4070D [Thu Dec 20 20:14:05 2096 UTC]

PE file contains sections with non-standard names

Source: Blue-Cloner-Signed.exe	Static PE information: section name: .didata
Source: Blue-Cloner-Signed.tmp.0.dr	Static PE information: section name: .didata
Source: Blue-Cloner-Signed.tmp.2.dr	Static PE information: section name: .didata

Uses code obfuscation techniques (call, push, ret)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe

Code function: 9_2_00AE41AB pushfd ; ret

9_2_00AE41E6

Drops PE files

Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-Q86LU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-V2HAC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\Atlassian.Bitbucket.UI.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-0DKEL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	File created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Microsoft.AspNetCore.Http.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	File created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Microsoft.VisualStudio.Services.CodeReview.WebApi.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-9Q7I2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\Microsoft.VisualStudio.Setup.Download.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-67O6P.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\kvno.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	File created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\EppManifest.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	File created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Microsoft.DotNet.DesignTools.Protocol.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\ahost.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\gettext.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	File created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\MSB1FREN.DLL	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	File created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\MXF_SDK_XMLBuilder_1.3.39_vs10.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	File created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\perf_intervals.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exe	File created: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-S2L72.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-MV4I3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	File created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Microsoft.VisualStudio.TestPlatform.ObjectModel.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\perf_intervals.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\Microsoft.ExtendedReflection.Reasoning.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\jp2ssv.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	File created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\boost_python-vc90-mt-gd-1_47.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\kdestroy.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\Microsoft.AspNetCore.Http.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Local\Temp\is-14NCV.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	File created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Microsoft.TestPlatform.VsTestConsole.TranslationLayer.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-G5EHS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-FATKD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-J998I.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\git-upload-pack.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-F4AFB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-QM56C.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	File created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\CompSvcsPkg.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\Microsoft.DotNet.DesignTools.Protocol.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	File created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\UIAutomationClientSideProviders.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-L9AJM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Local\Temp\is-14NCV.tmp\_isetup\_iscrypt.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\scalar.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\Microsoft.TestPlatform.VsTestConsole.TranslationLayer.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	File created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\WRLiloPlugin.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-GOG00.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	File created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\jp2ssv.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	File created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Microsoft.ExtendedReflection.Reasoning.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\CompSvcsPkg.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	File created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\gnsdk_musicid.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-5CO57.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-7V644.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exe	File created: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-7P6L7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	File created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\7zxa64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-7RJUF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AdobeXMPFiles.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\MXF_SDK_XMLBuilder_1.3.39_vs10.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\gnsdk_musicid.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-9I5HK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-QNESL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Local\Temp\is-HLUPI.tmp\_isetup\_iscrypt.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Local\Temp\is-HLUPI.tmp\_isetup\_isdecmp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-I90HQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-SEJ7F.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\Microsoft.VisualStudio.Services.CodeReview.WebApi.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-PGLBN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-REOGC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Local\Temp\is-14NCV.tmp\_isetup\_isdecmp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\WindowsBase.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\Microsoft.Build.Tasks.CodeAnalysis.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\boost_python-vc90-mt-gd-1_47.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\WzWXFln64.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\kpasswd.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-LMMQQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	File created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\WindowsBase.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\7zxa64.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\p11-kit.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\UIAutomationClientSideProviders.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\MSB1FREN.DLL (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-1ETL8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\WhoUses.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	File created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\CryptoPP530Fips32.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\git-askpass.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	File created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Microsoft.Build.Tasks.CodeAnalysis.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Local\Temp\is-HLUPI.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\CryptoPP530Fips32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	File created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Microsoft.VisualStudio.Setup.Download.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-AM20K.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\EppManifest.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-F1F38.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-7PBMM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-O9589.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\kinit.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-M1I32.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	File created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\WzWXFln64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-1Q7FG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	File created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AdobeXMPFiles.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\psl.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\WRLiloPlugin.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\Microsoft.VisualStudio.TestPlatform.ObjectModel.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\bzip2.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-N4QCG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-82LNC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-F170C.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	File created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\kcpytkt.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-GFSB8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\x86_64-w64-mingw32-agrep.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-K5Q6M.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\lzmadec.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-BS67M.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-2T9KN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-SRMF3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	File created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-16T1P.tmp	Jump to dropped file

Boot Survival

Monitors registry run keys for changes

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce lionheartedly	Jump to behavior
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce lionheartedly	Jump to behavior
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce lionheartedly	Jump to behavior
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce lionheartedly	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49683 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 49684 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 49686 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49686
Source: unknown	Network traffic detected: HTTP traffic on port 49687 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49687
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49688
Source: unknown	Network traffic detected: HTTP traffic on port 49690 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49690
Source: unknown	Network traffic detected: HTTP traffic on port 49692 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49692
Source: unknown	Network traffic detected: HTTP traffic on port 49694 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49694
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 49937 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 49948 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 49959 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 49993 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 50019 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 50020 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 50029 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 50030 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 50041 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 50042 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 50052 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 50060 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50063 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 50064 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 50065 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 50066 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 50069 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 50070 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 50072 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 50076 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 50078 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 50081 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50081
Source: unknown	Network traffic detected: HTTP traffic on port 50082 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 50084 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 50086 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 50087 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 50088 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 50089 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 50090 -> 9000

Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Memory allocated: 3190000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Memory allocated: 3370000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Memory allocated: 5370000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Memory allocated: AC0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Memory allocated: 26F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Memory allocated: 46F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Memory allocated: 10F0000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Memory allocated: 2A30000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Memory allocated: 4A30000 memory reserve \| memory write watch

Contains long sleeps (>= 3 min)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 922337203685477

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Window / User API: threadDelayed 4497			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Window / User API: threadDelayed 4986			Jump to behavior

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-Q86LU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-V2HAC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\Atlassian.Bitbucket.UI.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-0DKEL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Dropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Microsoft.AspNetCore.Http.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Dropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Microsoft.VisualStudio.Services.CodeReview.WebApi.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-9Q7I2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\Microsoft.VisualStudio.Setup.Download.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Dropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\EppManifest.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\kvno.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-67O6P.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Dropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Microsoft.DotNet.DesignTools.Protocol.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\ahost.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\gettext.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Dropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\MSB1FREN.DLL	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Dropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\MXF_SDK_XMLBuilder_1.3.39_vs10.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Dropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\perf_intervals.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-S2L72.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-MV4I3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Dropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Microsoft.VisualStudio.TestPlatform.ObjectModel.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\perf_intervals.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\Microsoft.ExtendedReflection.Reasoning.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\jp2ssv.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Dropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\boost_python-vc90-mt-gd-1_47.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\kdestroy.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\Microsoft.AspNetCore.Http.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-14NCV.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Dropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Microsoft.TestPlatform.VsTestConsole.TranslationLayer.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-G5EHS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-FATKD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-J998I.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\git-upload-pack.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-F4AFB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-QM56C.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Dropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\CompSvcsPkg.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\Microsoft.DotNet.DesignTools.Protocol.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Dropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\UIAutomationClientSideProviders.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-L9AJM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\scalar.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-14NCV.tmp\_isetup\_iscrypt.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\Microsoft.TestPlatform.VsTestConsole.TranslationLayer.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Dropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\WRLiloPlugin.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-GOG00.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Dropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\jp2ssv.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Dropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Microsoft.ExtendedReflection.Reasoning.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\CompSvcsPkg.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Dropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\gnsdk_musicid.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-7V644.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-5CO57.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-7P6L7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Dropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\7zxa64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-7RJUF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AdobeXMPFiles.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\MXF_SDK_XMLBuilder_1.3.39_vs10.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\gnsdk_musicid.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-9I5HK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-QNESL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-HLUPI.tmp\_isetup\_iscrypt.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-HLUPI.tmp\_isetup\_isdecmp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-I90HQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-SEJ7F.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\Microsoft.VisualStudio.Services.CodeReview.WebApi.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-PGLBN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-REOGC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-14NCV.tmp\_isetup\_isdecmp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\WindowsBase.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\Microsoft.Build.Tasks.CodeAnalysis.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\boost_python-vc90-mt-gd-1_47.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\WzWXFln64.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\kpasswd.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-LMMQQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Dropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\WindowsBase.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\7zxa64.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\p11-kit.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\UIAutomationClientSideProviders.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\MSB1FREN.DLL (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-1ETL8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\WhoUses.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Dropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\CryptoPP530Fips32.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\git-askpass.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Dropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Microsoft.Build.Tasks.CodeAnalysis.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-HLUPI.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\CryptoPP530Fips32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Dropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Microsoft.VisualStudio.Setup.Download.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-AM20K.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\EppManifest.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-F1F38.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-7PBMM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-O9589.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\kinit.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Dropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\WzWXFln64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-M1I32.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-1Q7FG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Dropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AdobeXMPFiles.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\psl.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\WRLiloPlugin.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\Microsoft.VisualStudio.TestPlatform.ObjectModel.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\bzip2.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-N4QCG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-F170C.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\kcpytkt.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-GFSB8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\x86_64-w64-mingw32-agrep.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-K5Q6M.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\lzmadec.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-BS67M.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-2T9KN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-SRMF3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-16T1P.tmp	Jump to dropped file

Is looking for software installed on the system

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe

Registry key enumerated: More than 200 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7076	Thread sleep time: -31359464925306218s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7076	Thread sleep time: -300000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024	Thread sleep time: -48280s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7076	Thread sleep time: -59866s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024	Thread sleep time: -55596s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7076	Thread sleep time: -59609s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7076	Thread sleep time: -59442s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7076	Thread sleep time: -59327s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7076	Thread sleep time: -59156s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024	Thread sleep time: -53947s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7076	Thread sleep time: -58991s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024	Thread sleep time: -48791s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024	Thread sleep time: -45653s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024	Thread sleep time: -52239s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024	Thread sleep time: -48304s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024	Thread sleep time: -32800s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024	Thread sleep time: -44829s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024	Thread sleep time: -46889s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024	Thread sleep time: -58347s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024	Thread sleep time: -53297s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024	Thread sleep time: -38024s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024	Thread sleep time: -58290s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024	Thread sleep time: -48609s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024	Thread sleep time: -59549s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024	Thread sleep time: -43297s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024	Thread sleep time: -54268s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 5484	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 5428	Thread sleep time: -540000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024	Thread sleep time: -53742s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024	Thread sleep time: -33071s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 5464	Thread sleep time: -1800000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024	Thread sleep time: -53594s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024	Thread sleep time: -48933s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024	Thread sleep time: -41175s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024	Thread sleep time: -53646s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024	Thread sleep time: -59408s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024	Thread sleep time: -30927s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024	Thread sleep time: -35036s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024	Thread sleep time: -42355s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024	Thread sleep time: -58364s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024	Thread sleep time: -50767s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024	Thread sleep time: -57181s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6552	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6700	Thread sleep time: -922337203685477s >= -30000s

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 48280	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 59866	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 55596	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 59609	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 59442	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 59327	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 59156	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 53947	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 58991	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 48791	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 45653	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 52239	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 48304	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 32800	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 44829	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 46889	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 58347	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 53297	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 38024	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 58290	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 48609	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 59549	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 43297	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 54268	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 53742	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 33071	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 53594	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 48933	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 41175	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 53646	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 59408	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 30927	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 35036	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 42355	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 58364	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 50767	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 57181	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Thread delayed: delay time: 922337203685477

Source: Web Data.25.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
Source: Web Data.25.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
Source: is-7V644.tmp.3.dr	Binary or memory string: http://www.vmware.com/0
Source: Web Data.25.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696492231}
Source: Web Data.25.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696492231d
Source: Web Data.25.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696492231
Source: Web Data.25.dr	Binary or memory string: outlook.office.comVMware20,11696492231s
Source: Web Data.25.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
Source: Web Data.25.dr	Binary or memory string: AMC password management pageVMware20,11696492231
Source: Web Data.25.dr	Binary or memory string: interactivebrokers.comVMware20,11696492231
Source: Web Data.25.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696492231x
Source: is-7V644.tmp.3.dr	Binary or memory string: VMware, Inc.0
Source: Web Data.25.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
Source: Web Data.25.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
Source: Web Data.25.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696492231
Source: Web Data.25.dr	Binary or memory string: outlook.office365.comVMware20,11696492231t
Source: Web Data.25.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
Source: Web Data.25.dr	Binary or memory string: discord.comVMware20,11696492231f
Source: is-7V644.tmp.3.dr	Binary or memory string: VMware, Inc.1>0<
Source: Web Data.25.dr	Binary or memory string: global block list test formVMware20,11696492231
Source: Blue-Cloner-Signed.tmp, 00000001.00000002.861052831.00000000008CE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: Web Data.25.dr	Binary or memory string: dev.azure.comVMware20,11696492231j
Source: Web Data.25.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696492231}
Source: Web Data.25.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
Source: Web Data.25.dr	Binary or memory string: bankofamerica.comVMware20,11696492231x
Source: Web Data.25.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696492231h
Source: Web Data.25.dr	Binary or memory string: tasks.office.comVMware20,11696492231o
Source: Web Data.25.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696492231u
Source: Web Data.25.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231
Source: chrome.exe, 00000006.00000002.981915577.0000018035EB0000.00000002.00000001.01000000.00000013.sdmp	Binary or memory string: xVMcI
Source: Web Data.25.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
Source: Web Data.25.dr	Binary or memory string: ms.portal.azure.comVMware20,11696492231
Source: Web Data.25.dr	Binary or memory string: turbotax.intuit.comVMware20,11696492231t
Source: Web Data.25.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696492231\|UE
Source: Web Data.25.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696492231x
Source: Web Data.25.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696492231]

Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp

Process information queried: ProcessInformation

Jump to behavior

Enables debug privileges

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Allocates memory in foreign processes

Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: 1360000 protect: page execute and read and write	Jump to behavior
Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: 730000 protect: page execute and read and write	Jump to behavior
Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: B00000 protect: page execute and read and write

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: 1360000 value starts with: 4D5A	Jump to behavior
Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: 730000 value starts with: 4D5A	Jump to behavior
Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: B00000 value starts with: 4D5A

Writes to foreign memory regions

Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: 1360000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: 1143000	Jump to behavior
Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: 730000	Jump to behavior
Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: 5F2000	Jump to behavior
Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: B00000
Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: 914000

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp	Process created: C:\Users\user\Desktop\Blue-Cloner-Signed.exe "C:\Users\user\Desktop\Blue-Cloner-Signed.exe" /VERYSILENT	Jump to behavior
Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9502 --profile-directory="Default"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9897 --profile-directory="Default"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=8053 --profile-directory="Default"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=7905 --profile-directory="Default"	Jump to behavior
Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"	Jump to behavior
Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"

Source: AutoIt3.exe, 00000004.00000000.882792487.00000000002C1000.00000002.00000001.01000000.0000000E.sdmp, AutoIt3.exe, 00000008.00000000.1016134576.0000000000E11000.00000002.00000001.01000000.00000014.sdmp, AutoIt3.exe, 0000000A.00000000.1098549657.0000000000E11000.00000002.00000001.01000000.00000014.sdmp	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: UIAutomationClientSideProviders.dll.4.dr, is-L9AJM.tmp.3.dr	Binary or memory string: _hwndProgman
Source: UIAutomationClientSideProviders.dll.4.dr, is-L9AJM.tmp.3.dr	Binary or memory string: Shell_TrayWnd
Source: UIAutomationClientSideProviders.dll.4.dr, is-L9AJM.tmp.3.dr	Binary or memory string: Progman
Source: UIAutomationClientSideProviders.dll.4.dr, is-L9AJM.tmp.3.dr	Binary or memory string: IsProgmanWindow

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation

Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

Stealing of Sensitive Information

Yara detected RedLine Stealer

Source: Yara match	File source: 9.2.jsc.exe.730000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000002.1084269642.0000000000732000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: jsc.exe PID: 6688, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	File opened: C:\Users\user\AppData\Roaming\atomic\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	File opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\	Jump to behavior

Yara detected Credential Stealer

Source: Yara match	File source: 9.2.jsc.exe.730000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000002.1084269642.0000000000732000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: jsc.exe PID: 6688, type: MEMORYSTR

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9502 --profile-directory="Default"

Yara detected RedLine Stealer

Source: Yara match	File source: 9.2.jsc.exe.730000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000002.1084269642.0000000000732000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: jsc.exe PID: 6688, type: MEMORYSTR

Windows Analysis Report
Blue-Cloner-Signed.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel
Provided by

Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Windows Analysis Report Blue-Cloner-Signed.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel Provided by

Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Windows Analysis Report
Blue-Cloner-Signed.exe

Malware Threat Intel
Provided by