Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Blue-Cloner-Signed.exe

Overview

General Information

Sample name:Blue-Cloner-Signed.exe
Analysis ID:1639390
MD5:45c6ea5de0d4568f38c425b8b084ff38
SHA1:4ea9ea31e99a284940191b46964ee6e1fdfc5569
SHA256:992cfe9e799108c442281c19748ee8bcb77a3fe8dfb808ae0cbf81d9f590731c
Tags:Arechclient2exeSectopRATuser-aachum
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Confidence:100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption
Malicious sample detected (through community Yara rule)
Suricata IDS alerts for network traffic
Yara detected RedLine Stealer
Submitted sample is a known malware sample
Allocates memory in foreign processes
Connects to many ports of the same IP (likely port scanning)
Injects a PE file into a foreign processes
Joe Sandbox ML detected suspicious sample
Monitors registry run keys for changes
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Uses known network protocols on non-standard ports
Writes to foreign memory regions
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Is looking for software installed on the system
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Browser Started with Remote Debugging
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Use Short Name Path in Command Line
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Blue-Cloner-Signed.exe (PID: 6556 cmdline: "C:\Users\user\Desktop\Blue-Cloner-Signed.exe" MD5: 45C6EA5DE0D4568F38C425B8B084FF38)
    • Blue-Cloner-Signed.tmp (PID: 6600 cmdline: "C:\Users\user~1\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp" /SL5="$203E4,16056410,995328,C:\Users\user\Desktop\Blue-Cloner-Signed.exe" MD5: 84063CC579AECBA0E8C44ABEBBCF7415)
      • Blue-Cloner-Signed.exe (PID: 6700 cmdline: "C:\Users\user\Desktop\Blue-Cloner-Signed.exe" /VERYSILENT MD5: 45C6EA5DE0D4568F38C425B8B084FF38)
        • Blue-Cloner-Signed.tmp (PID: 6764 cmdline: "C:\Users\user~1\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp" /SL5="$203F2,16056410,995328,C:\Users\user\Desktop\Blue-Cloner-Signed.exe" /VERYSILENT MD5: 84063CC579AECBA0E8C44ABEBBCF7415)
          • AutoIt3.exe (PID: 6868 cmdline: "C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe" lionheartedly.a3x MD5: 3F58A517F1F4796225137E7659AD2ADB)
            • jsc.exe (PID: 7020 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe" MD5: 94C8E57A80DFCA2482DEDB87B93D4FD9)
              • chrome.exe (PID: 5440 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9502 --profile-directory="Default" MD5: E81F54E6C1129887AEA47E7D092680BF)
              • chrome.exe (PID: 6032 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9897 --profile-directory="Default" MD5: E81F54E6C1129887AEA47E7D092680BF)
                • chrome.exe (PID: 4140 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2188,i,17180470386210367676,4269936662652460596,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2192 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
              • msedge.exe (PID: 2868 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=8053 --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)
                • msedge.exe (PID: 6164 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2588 --field-trial-handle=2080,i,12350679301300759523,9547740877792458895,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
              • msedge.exe (PID: 764 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=7905 --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)
                • msedge.exe (PID: 5720 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2524 --field-trial-handle=2336,i,5047216504094889522,3815978345748103374,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • AutoIt3.exe (PID: 4508 cmdline: "C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Autoit3.exe" "C:\9e146be9-c76a-4720-bcdb-53011b87bd06\lionheartedly.a3x" MD5: 3F58A517F1F4796225137E7659AD2ADB)
    • jsc.exe (PID: 6688 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe" MD5: 94C8E57A80DFCA2482DEDB87B93D4FD9)
  • AutoIt3.exe (PID: 6844 cmdline: "C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Autoit3.exe" "C:\9e146be9-c76a-4720-bcdb-53011b87bd06\lionheartedly.a3x" MD5: 3F58A517F1F4796225137E7659AD2ADB)
    • jsc.exe (PID: 6760 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe" MD5: 94C8E57A80DFCA2482DEDB87B93D4FD9)
  • msedge.exe (PID: 6220 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=8053 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 5380 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=2076,i,17998252986563725011,528699901736445202,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • msedge.exe (PID: 528 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=7905 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 4988 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2424 --field-trial-handle=2512,i,1085491752832484117,15979880841371217689,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000009.00000002.1084269642.0000000000732000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000009.00000002.1084269642.0000000000732000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
      Process Memory Space: jsc.exe PID: 6688JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        Process Memory Space: jsc.exe PID: 6688JoeSecurity_RedLineYara detected RedLine StealerJoe Security

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          9.2.jsc.exe.730000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            9.2.jsc.exe.730000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              9.2.jsc.exe.730000.0.unpackMALWARE_Win_Arechclient2Detects Arechclient2 RATditekSHen
              • 0xc582f:$s14: keybd_event
              • 0xccad8:$v1_1: grabber@
              • 0xc6396:$v1_2: <BrowserProfile>k__
              • 0xc6e15:$v1_3: <SystemHardwares>k__
              • 0xc6ed4:$v1_5: <ScannedWallets>k__
              • 0xc6f64:$v1_6: <DicrFiles>k__
              • 0xc6f40:$v1_7: <MessageClientFiles>k__
              • 0xc730a:$v1_8: <ScanBrowsers>k__BackingField
              • 0xc735c:$v1_8: <ScanWallets>k__BackingField
              • 0xc7379:$v1_8: <ScanScreen>k__BackingField
              • 0xc73b3:$v1_8: <ScanVPN>k__BackingField
              • 0xb8322:$v1_9: displayName[AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}Local Extension Settingshost
              • 0xb7c2e:$v1_10: \sitemanager.xml MB or SELECT * FROM Cookiesconfig

              Sigma Signatures

              System Summary

              barindex
              Sigma detected: Browser Started with Remote Debugging
              Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9502 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9502 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe", ParentImage: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe, ParentProcessId: 7020, ParentProcessName: jsc.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9502 --profile-directory="Default", ProcessId: 5440, ProcessName: chrome.exe
              Sigma detected: CurrentVersion Autorun Keys Modification
              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Autoit3.exe" "C:\9e146be9-c76a-4720-bcdb-53011b87bd06\lionheartedly.a3x", EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe, ProcessId: 6868, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lionheartedly
              Sigma detected: Use Short Name Path in Command Line
              Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: "C:\Users\user~1\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp" /SL5="$203E4,16056410,995328,C:\Users\user\Desktop\Blue-Cloner-Signed.exe" , CommandLine: "C:\Users\user~1\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp" /SL5="$203E4,16056410,995328,C:\Users\user\Desktop\Blue-Cloner-Signed.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp, NewProcessName: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp, OriginalFileName: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp, ParentCommandLine: "C:\Users\user\Desktop\Blue-Cloner-Signed.exe", ParentImage: C:\Users\user\Desktop\Blue-Cloner-Signed.exe, ParentProcessId: 6556, ParentProcessName: Blue-Cloner-Signed.exe, ProcessCommandLine: "C:\Users\user~1\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp" /SL5="$203E4,16056410,995328,C:\Users\user\Desktop\Blue-Cloner-Signed.exe" , ProcessId: 6600, ProcessName: Blue-Cloner-Signed.tmp

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-03-15T14:14:15.401873+010020522481A Network Trojan was detected192.168.2.749683194.26.29.449000TCP
              2025-03-15T14:14:15.620795+010020522481A Network Trojan was detected192.168.2.749684194.26.29.449000TCP
              2025-03-15T14:14:16.408988+010020522481A Network Trojan was detected192.168.2.749686194.26.29.449000TCP
              2025-03-15T14:14:17.209083+010020522481A Network Trojan was detected192.168.2.749687194.26.29.449000TCP
              2025-03-15T14:14:18.013847+010020522481A Network Trojan was detected192.168.2.749688194.26.29.449000TCP
              2025-03-15T14:14:18.875265+010020522481A Network Trojan was detected192.168.2.749690194.26.29.449000TCP
              2025-03-15T14:14:19.696896+010020522481A Network Trojan was detected192.168.2.749692194.26.29.449000TCP
              2025-03-15T14:14:20.494700+010020522481A Network Trojan was detected192.168.2.749694194.26.29.449000TCP
              2025-03-15T14:14:21.288594+010020522481A Network Trojan was detected192.168.2.749697194.26.29.449000TCP
              2025-03-15T14:14:22.102805+010020522481A Network Trojan was detected192.168.2.749700194.26.29.449000TCP
              2025-03-15T14:14:22.935147+010020522481A Network Trojan was detected192.168.2.749701194.26.29.449000TCP
              2025-03-15T14:14:23.723466+010020522481A Network Trojan was detected192.168.2.749703194.26.29.449000TCP
              2025-03-15T14:14:24.507600+010020522481A Network Trojan was detected192.168.2.749704194.26.29.449000TCP
              2025-03-15T14:14:25.306298+010020522481A Network Trojan was detected192.168.2.749705194.26.29.449000TCP
              2025-03-15T14:14:26.095637+010020522481A Network Trojan was detected192.168.2.749706194.26.29.449000TCP
              2025-03-15T14:14:26.918784+010020522481A Network Trojan was detected192.168.2.749708194.26.29.449000TCP
              2025-03-15T14:14:27.711127+010020522481A Network Trojan was detected192.168.2.749709194.26.29.449000TCP
              2025-03-15T14:14:28.521007+010020522481A Network Trojan was detected192.168.2.749710194.26.29.449000TCP
              2025-03-15T14:14:29.301332+010020522481A Network Trojan was detected192.168.2.749712194.26.29.449000TCP
              2025-03-15T14:14:30.109860+010020522481A Network Trojan was detected192.168.2.749713194.26.29.449000TCP
              2025-03-15T14:14:30.915159+010020522481A Network Trojan was detected192.168.2.749714194.26.29.449000TCP
              2025-03-15T14:14:31.723514+010020522481A Network Trojan was detected192.168.2.749716194.26.29.449000TCP
              2025-03-15T14:14:32.513455+010020522481A Network Trojan was detected192.168.2.749717194.26.29.449000TCP
              2025-03-15T14:14:33.343159+010020522481A Network Trojan was detected192.168.2.749718194.26.29.449000TCP
              2025-03-15T14:14:34.136676+010020522481A Network Trojan was detected192.168.2.749720194.26.29.449000TCP
              2025-03-15T14:14:34.927894+010020522481A Network Trojan was detected192.168.2.749721194.26.29.449000TCP
              2025-03-15T14:14:35.731674+010020522481A Network Trojan was detected192.168.2.749722194.26.29.449000TCP
              2025-03-15T14:14:36.516614+010020522481A Network Trojan was detected192.168.2.749723194.26.29.449000TCP
              2025-03-15T14:14:37.300054+010020522481A Network Trojan was detected192.168.2.749725194.26.29.449000TCP
              2025-03-15T14:14:38.086544+010020522481A Network Trojan was detected192.168.2.749726194.26.29.449000TCP
              2025-03-15T14:14:38.895636+010020522481A Network Trojan was detected192.168.2.749728194.26.29.449000TCP
              2025-03-15T14:14:39.672849+010020522481A Network Trojan was detected192.168.2.749731194.26.29.449000TCP
              2025-03-15T14:14:40.475145+010020522481A Network Trojan was detected192.168.2.749732194.26.29.449000TCP
              2025-03-15T14:14:41.275147+010020522481A Network Trojan was detected192.168.2.749734194.26.29.449000TCP
              2025-03-15T14:14:42.065021+010020522481A Network Trojan was detected192.168.2.749736194.26.29.449000TCP
              2025-03-15T14:14:42.853952+010020522481A Network Trojan was detected192.168.2.749737194.26.29.449000TCP
              2025-03-15T14:14:43.639700+010020522481A Network Trojan was detected192.168.2.749739194.26.29.449000TCP
              2025-03-15T14:14:44.424205+010020522481A Network Trojan was detected192.168.2.749742194.26.29.449000TCP
              2025-03-15T14:14:45.238931+010020522481A Network Trojan was detected192.168.2.749743194.26.29.449000TCP
              2025-03-15T14:14:46.036853+010020522481A Network Trojan was detected192.168.2.749744194.26.29.449000TCP
              2025-03-15T14:14:46.851059+010020522481A Network Trojan was detected192.168.2.749745194.26.29.449000TCP
              2025-03-15T14:14:47.645935+010020522481A Network Trojan was detected192.168.2.749747194.26.29.449000TCP
              2025-03-15T14:14:48.481240+010020522481A Network Trojan was detected192.168.2.749748194.26.29.449000TCP
              2025-03-15T14:14:49.286238+010020522481A Network Trojan was detected192.168.2.749750194.26.29.449000TCP
              2025-03-15T14:14:50.137941+010020522481A Network Trojan was detected192.168.2.749751194.26.29.449000TCP
              2025-03-15T14:14:50.935136+010020522481A Network Trojan was detected192.168.2.749752194.26.29.449000TCP
              2025-03-15T14:14:51.722421+010020522481A Network Trojan was detected192.168.2.749753194.26.29.449000TCP
              2025-03-15T14:14:52.530107+010020522481A Network Trojan was detected192.168.2.749755194.26.29.449000TCP
              2025-03-15T14:14:53.351005+010020522481A Network Trojan was detected192.168.2.749756194.26.29.449000TCP
              2025-03-15T14:14:54.171383+010020522481A Network Trojan was detected192.168.2.749758194.26.29.449000TCP
              2025-03-15T14:14:54.953133+010020522481A Network Trojan was detected192.168.2.749759194.26.29.449000TCP
              2025-03-15T14:14:55.744701+010020522481A Network Trojan was detected192.168.2.749760194.26.29.449000TCP
              2025-03-15T14:14:56.616152+010020522481A Network Trojan was detected192.168.2.749761194.26.29.449000TCP
              2025-03-15T14:14:57.412918+010020522481A Network Trojan was detected192.168.2.749763194.26.29.449000TCP
              2025-03-15T14:14:58.231870+010020522481A Network Trojan was detected192.168.2.749764194.26.29.449000TCP
              2025-03-15T14:14:59.015525+010020522481A Network Trojan was detected192.168.2.749767194.26.29.449000TCP
              2025-03-15T14:14:59.834923+010020522481A Network Trojan was detected192.168.2.749768194.26.29.449000TCP
              2025-03-15T14:15:00.625613+010020522481A Network Trojan was detected192.168.2.749769194.26.29.449000TCP
              2025-03-15T14:15:01.406717+010020522481A Network Trojan was detected192.168.2.749770194.26.29.449000TCP
              2025-03-15T14:15:02.211899+010020522481A Network Trojan was detected192.168.2.749772194.26.29.449000TCP
              2025-03-15T14:15:03.032667+010020522481A Network Trojan was detected192.168.2.749773194.26.29.449000TCP
              2025-03-15T14:15:03.825833+010020522481A Network Trojan was detected192.168.2.749774194.26.29.449000TCP
              2025-03-15T14:15:04.636793+010020522481A Network Trojan was detected192.168.2.749776194.26.29.449000TCP
              2025-03-15T14:15:05.431103+010020522481A Network Trojan was detected192.168.2.749777194.26.29.449000TCP
              2025-03-15T14:15:06.219092+010020522481A Network Trojan was detected192.168.2.749778194.26.29.449000TCP
              2025-03-15T14:15:07.001925+010020522481A Network Trojan was detected192.168.2.749779194.26.29.449000TCP
              2025-03-15T14:15:07.805520+010020522481A Network Trojan was detected192.168.2.749781194.26.29.449000TCP
              2025-03-15T14:15:09.439293+010020522481A Network Trojan was detected192.168.2.749782194.26.29.449000TCP
              2025-03-15T14:15:10.219471+010020522481A Network Trojan was detected192.168.2.749784194.26.29.449000TCP
              2025-03-15T14:15:11.001286+010020522481A Network Trojan was detected192.168.2.749785194.26.29.449000TCP
              2025-03-15T14:15:11.802449+010020522481A Network Trojan was detected192.168.2.749786194.26.29.449000TCP
              2025-03-15T14:15:12.586115+010020522481A Network Trojan was detected192.168.2.749788194.26.29.449000TCP
              2025-03-15T14:15:13.376055+010020522481A Network Trojan was detected192.168.2.749789194.26.29.449000TCP
              2025-03-15T14:15:14.177535+010020522481A Network Trojan was detected192.168.2.749790194.26.29.449000TCP
              2025-03-15T14:15:14.954224+010020522481A Network Trojan was detected192.168.2.749792194.26.29.449000TCP
              2025-03-15T14:15:15.743607+010020522481A Network Trojan was detected192.168.2.749793194.26.29.449000TCP
              2025-03-15T14:15:16.533486+010020522481A Network Trojan was detected192.168.2.749794194.26.29.449000TCP
              2025-03-15T14:15:17.358698+010020522481A Network Trojan was detected192.168.2.749796194.26.29.449000TCP
              2025-03-15T14:15:18.152872+010020522481A Network Trojan was detected192.168.2.749797194.26.29.449000TCP
              2025-03-15T14:15:18.942289+010020522481A Network Trojan was detected192.168.2.749798194.26.29.449000TCP
              2025-03-15T14:15:19.858657+010020522481A Network Trojan was detected192.168.2.749800194.26.29.449000TCP
              2025-03-15T14:15:21.730990+010020522481A Network Trojan was detected192.168.2.749801194.26.29.449000TCP
              2025-03-15T14:15:22.536962+010020522481A Network Trojan was detected192.168.2.749803194.26.29.449000TCP
              2025-03-15T14:15:23.364570+010020522481A Network Trojan was detected192.168.2.749805194.26.29.449000TCP
              2025-03-15T14:15:24.142128+010020522481A Network Trojan was detected192.168.2.749806194.26.29.449000TCP
              2025-03-15T14:15:24.369794+010020522481A Network Trojan was detected192.168.2.749808194.26.29.449000TCP
              2025-03-15T14:15:25.186860+010020522481A Network Trojan was detected192.168.2.749810194.26.29.449000TCP
              2025-03-15T14:15:26.742168+010020522481A Network Trojan was detected192.168.2.749815194.26.29.449000TCP
              2025-03-15T14:15:27.548797+010020522481A Network Trojan was detected192.168.2.749830194.26.29.449000TCP
              2025-03-15T14:15:28.341686+010020522481A Network Trojan was detected192.168.2.749831194.26.29.449000TCP
              2025-03-15T14:15:29.152748+010020522481A Network Trojan was detected192.168.2.749834194.26.29.449000TCP
              2025-03-15T14:15:30.023985+010020522481A Network Trojan was detected192.168.2.749838194.26.29.449000TCP
              2025-03-15T14:15:30.817048+010020522481A Network Trojan was detected192.168.2.749841194.26.29.449000TCP
              2025-03-15T14:15:31.621703+010020522481A Network Trojan was detected192.168.2.749842194.26.29.449000TCP
              2025-03-15T14:15:32.303153+010020522481A Network Trojan was detected192.168.2.749844194.26.29.449000TCP
              2025-03-15T14:15:33.361651+010020522481A Network Trojan was detected192.168.2.749849194.26.29.449000TCP
              2025-03-15T14:15:34.149201+010020522481A Network Trojan was detected192.168.2.749855194.26.29.449000TCP
              2025-03-15T14:15:34.932481+010020522481A Network Trojan was detected192.168.2.749862194.26.29.449000TCP
              2025-03-15T14:15:35.739558+010020522481A Network Trojan was detected192.168.2.749865194.26.29.449000TCP
              2025-03-15T14:15:36.527539+010020522481A Network Trojan was detected192.168.2.749866194.26.29.449000TCP
              2025-03-15T14:15:37.300956+010020522481A Network Trojan was detected192.168.2.749868194.26.29.449000TCP
              2025-03-15T14:15:38.092615+010020522481A Network Trojan was detected192.168.2.749869194.26.29.449000TCP
              2025-03-15T14:15:38.911496+010020522481A Network Trojan was detected192.168.2.749874194.26.29.449000TCP
              2025-03-15T14:15:39.694742+010020522481A Network Trojan was detected192.168.2.749876194.26.29.449000TCP
              2025-03-15T14:15:40.494007+010020522481A Network Trojan was detected192.168.2.749879194.26.29.449000TCP
              2025-03-15T14:15:41.329992+010020522481A Network Trojan was detected192.168.2.749882194.26.29.449000TCP
              2025-03-15T14:15:42.553144+010020522481A Network Trojan was detected192.168.2.749883194.26.29.449000TCP
              2025-03-15T14:15:43.348886+010020522481A Network Trojan was detected192.168.2.749887194.26.29.449000TCP
              2025-03-15T14:15:44.169312+010020522481A Network Trojan was detected192.168.2.749888194.26.29.449000TCP
              2025-03-15T14:15:45.000925+010020522481A Network Trojan was detected192.168.2.749889194.26.29.449000TCP
              2025-03-15T14:15:45.839753+010020522481A Network Trojan was detected192.168.2.749891194.26.29.449000TCP
              2025-03-15T14:15:46.641249+010020522481A Network Trojan was detected192.168.2.749892194.26.29.449000TCP
              2025-03-15T14:15:47.519686+010020522481A Network Trojan was detected192.168.2.749893194.26.29.449000TCP
              2025-03-15T14:15:48.338157+010020522481A Network Trojan was detected192.168.2.749895194.26.29.449000TCP
              2025-03-15T14:15:49.144964+010020522481A Network Trojan was detected192.168.2.749896194.26.29.449000TCP
              2025-03-15T14:15:49.936413+010020522481A Network Trojan was detected192.168.2.749897194.26.29.449000TCP
              2025-03-15T14:15:50.785558+010020522481A Network Trojan was detected192.168.2.749898194.26.29.449000TCP
              2025-03-15T14:15:51.570275+010020522481A Network Trojan was detected192.168.2.749900194.26.29.449000TCP
              2025-03-15T14:15:52.351645+010020522481A Network Trojan was detected192.168.2.749901194.26.29.449000TCP
              2025-03-15T14:15:53.153459+010020522481A Network Trojan was detected192.168.2.749902194.26.29.449000TCP
              2025-03-15T14:15:53.962347+010020522481A Network Trojan was detected192.168.2.749904194.26.29.449000TCP
              2025-03-15T14:15:54.774657+010020522481A Network Trojan was detected192.168.2.749905194.26.29.449000TCP
              2025-03-15T14:15:55.759256+010020522481A Network Trojan was detected192.168.2.749906194.26.29.449000TCP
              2025-03-15T14:15:56.538356+010020522481A Network Trojan was detected192.168.2.749907194.26.29.449000TCP
              2025-03-15T14:15:57.334974+010020522481A Network Trojan was detected192.168.2.749909194.26.29.449000TCP
              2025-03-15T14:15:58.277331+010020522481A Network Trojan was detected192.168.2.749910194.26.29.449000TCP
              2025-03-15T14:15:59.089155+010020522481A Network Trojan was detected192.168.2.749912194.26.29.449000TCP
              2025-03-15T14:15:59.887411+010020522481A Network Trojan was detected192.168.2.749913194.26.29.449000TCP
              2025-03-15T14:16:00.677766+010020522481A Network Trojan was detected192.168.2.749914194.26.29.449000TCP
              2025-03-15T14:16:01.467417+010020522481A Network Trojan was detected192.168.2.749916194.26.29.449000TCP
              2025-03-15T14:16:02.269573+010020522481A Network Trojan was detected192.168.2.749918194.26.29.449000TCP
              2025-03-15T14:16:03.114635+010020522481A Network Trojan was detected192.168.2.749919194.26.29.449000TCP
              2025-03-15T14:16:03.915203+010020522481A Network Trojan was detected192.168.2.749920194.26.29.449000TCP
              2025-03-15T14:16:04.700817+010020522481A Network Trojan was detected192.168.2.749923194.26.29.449000TCP
              2025-03-15T14:16:05.530595+010020522481A Network Trojan was detected192.168.2.749924194.26.29.449000TCP
              2025-03-15T14:16:06.325092+010020522481A Network Trojan was detected192.168.2.749925194.26.29.449000TCP
              2025-03-15T14:16:07.155363+010020522481A Network Trojan was detected192.168.2.749926194.26.29.449000TCP
              2025-03-15T14:16:07.969242+010020522481A Network Trojan was detected192.168.2.749928194.26.29.449000TCP
              2025-03-15T14:16:08.786507+010020522481A Network Trojan was detected192.168.2.749929194.26.29.449000TCP
              2025-03-15T14:16:09.635824+010020522481A Network Trojan was detected192.168.2.749931194.26.29.449000TCP
              2025-03-15T14:16:10.427856+010020522481A Network Trojan was detected192.168.2.749932194.26.29.449000TCP
              2025-03-15T14:16:11.287818+010020522481A Network Trojan was detected192.168.2.749933194.26.29.449000TCP
              2025-03-15T14:16:12.076759+010020522481A Network Trojan was detected192.168.2.749935194.26.29.449000TCP
              2025-03-15T14:16:12.883567+010020522481A Network Trojan was detected192.168.2.749937194.26.29.449000TCP
              2025-03-15T14:16:13.668408+010020522481A Network Trojan was detected192.168.2.749938194.26.29.449000TCP
              2025-03-15T14:16:14.470953+010020522481A Network Trojan was detected192.168.2.749941194.26.29.449000TCP
              2025-03-15T14:16:15.270679+010020522481A Network Trojan was detected192.168.2.749942194.26.29.449000TCP
              2025-03-15T14:16:16.095815+010020522481A Network Trojan was detected192.168.2.749944194.26.29.449000TCP
              2025-03-15T14:16:16.893718+010020522481A Network Trojan was detected192.168.2.749945194.26.29.449000TCP
              2025-03-15T14:16:17.681203+010020522481A Network Trojan was detected192.168.2.749947194.26.29.449000TCP
              2025-03-15T14:16:18.467028+010020522481A Network Trojan was detected192.168.2.749948194.26.29.449000TCP
              2025-03-15T14:16:19.264352+010020522481A Network Trojan was detected192.168.2.749950194.26.29.449000TCP
              2025-03-15T14:16:20.054691+010020522481A Network Trojan was detected192.168.2.749951194.26.29.449000TCP
              2025-03-15T14:16:20.849830+010020522481A Network Trojan was detected192.168.2.749953194.26.29.449000TCP
              2025-03-15T14:16:21.274263+010020522481A Network Trojan was detected192.168.2.749954194.26.29.449000TCP
              2025-03-15T14:16:22.089816+010020522481A Network Trojan was detected192.168.2.749956194.26.29.449000TCP
              2025-03-15T14:16:23.234497+010020522481A Network Trojan was detected192.168.2.749957194.26.29.449000TCP
              2025-03-15T14:16:23.636384+010020522481A Network Trojan was detected192.168.2.749959194.26.29.449000TCP
              2025-03-15T14:16:24.648108+010020522481A Network Trojan was detected192.168.2.749961194.26.29.449000TCP
              2025-03-15T14:16:25.494702+010020522481A Network Trojan was detected192.168.2.749970194.26.29.449000TCP
              2025-03-15T14:16:26.423155+010020522481A Network Trojan was detected192.168.2.749975194.26.29.449000TCP
              2025-03-15T14:16:27.243734+010020522481A Network Trojan was detected192.168.2.749991194.26.29.449000TCP
              2025-03-15T14:16:28.034250+010020522481A Network Trojan was detected192.168.2.749992194.26.29.449000TCP
              2025-03-15T14:16:29.108116+010020522481A Network Trojan was detected192.168.2.749993194.26.29.449000TCP
              2025-03-15T14:16:29.893822+010020522481A Network Trojan was detected192.168.2.749994194.26.29.449000TCP
              2025-03-15T14:16:30.688517+010020522481A Network Trojan was detected192.168.2.749996194.26.29.449000TCP
              2025-03-15T14:16:31.501623+010020522481A Network Trojan was detected192.168.2.749997194.26.29.449000TCP
              2025-03-15T14:16:32.302258+010020522481A Network Trojan was detected192.168.2.749998194.26.29.449000TCP
              2025-03-15T14:16:33.093208+010020522481A Network Trojan was detected192.168.2.749999194.26.29.449000TCP
              2025-03-15T14:16:33.891990+010020522481A Network Trojan was detected192.168.2.750000194.26.29.449000TCP
              2025-03-15T14:16:34.692244+010020522481A Network Trojan was detected192.168.2.750001194.26.29.449000TCP
              2025-03-15T14:16:35.487883+010020522481A Network Trojan was detected192.168.2.750002194.26.29.449000TCP
              2025-03-15T14:16:36.311111+010020522481A Network Trojan was detected192.168.2.750003194.26.29.449000TCP
              2025-03-15T14:16:37.106589+010020522481A Network Trojan was detected192.168.2.750006194.26.29.449000TCP
              2025-03-15T14:16:37.883394+010020522481A Network Trojan was detected192.168.2.750007194.26.29.449000TCP
              2025-03-15T14:16:38.686634+010020522481A Network Trojan was detected192.168.2.750009194.26.29.449000TCP
              2025-03-15T14:16:39.485315+010020522481A Network Trojan was detected192.168.2.750010194.26.29.449000TCP
              2025-03-15T14:16:40.385932+010020522481A Network Trojan was detected192.168.2.750012194.26.29.449000TCP
              2025-03-15T14:16:41.166708+010020522481A Network Trojan was detected192.168.2.750013194.26.29.449000TCP
              2025-03-15T14:16:41.976697+010020522481A Network Trojan was detected192.168.2.750014194.26.29.449000TCP
              2025-03-15T14:16:42.761576+010020522481A Network Trojan was detected192.168.2.750015194.26.29.449000TCP
              2025-03-15T14:16:43.545434+010020522481A Network Trojan was detected192.168.2.750016194.26.29.449000TCP
              2025-03-15T14:16:44.332631+010020522481A Network Trojan was detected192.168.2.750017194.26.29.449000TCP
              2025-03-15T14:16:45.124359+010020522481A Network Trojan was detected192.168.2.750018194.26.29.449000TCP
              2025-03-15T14:16:45.926029+010020522481A Network Trojan was detected192.168.2.750019194.26.29.449000TCP
              2025-03-15T14:16:46.744781+010020522481A Network Trojan was detected192.168.2.750020194.26.29.449000TCP
              2025-03-15T14:16:47.546572+010020522481A Network Trojan was detected192.168.2.750021194.26.29.449000TCP
              2025-03-15T14:16:48.362653+010020522481A Network Trojan was detected192.168.2.750022194.26.29.449000TCP
              2025-03-15T14:16:49.155618+010020522481A Network Trojan was detected192.168.2.750023194.26.29.449000TCP
              2025-03-15T14:16:49.969640+010020522481A Network Trojan was detected192.168.2.750024194.26.29.449000TCP
              2025-03-15T14:16:50.780003+010020522481A Network Trojan was detected192.168.2.750025194.26.29.449000TCP
              2025-03-15T14:16:51.639540+010020522481A Network Trojan was detected192.168.2.750026194.26.29.449000TCP
              2025-03-15T14:16:52.430120+010020522481A Network Trojan was detected192.168.2.750027194.26.29.449000TCP
              2025-03-15T14:16:53.244051+010020522481A Network Trojan was detected192.168.2.750028194.26.29.449000TCP
              2025-03-15T14:16:54.039671+010020522481A Network Trojan was detected192.168.2.750029194.26.29.449000TCP
              2025-03-15T14:16:54.838454+010020522481A Network Trojan was detected192.168.2.750030194.26.29.449000TCP
              2025-03-15T14:16:55.650407+010020522481A Network Trojan was detected192.168.2.750031194.26.29.449000TCP
              2025-03-15T14:16:56.442982+010020522481A Network Trojan was detected192.168.2.750032194.26.29.449000TCP
              2025-03-15T14:16:57.229407+010020522481A Network Trojan was detected192.168.2.750033194.26.29.449000TCP
              2025-03-15T14:16:58.020519+010020522481A Network Trojan was detected192.168.2.750034194.26.29.449000TCP
              2025-03-15T14:16:58.871077+010020522481A Network Trojan was detected192.168.2.750036194.26.29.449000TCP
              2025-03-15T14:16:59.681823+010020522481A Network Trojan was detected192.168.2.750037194.26.29.449000TCP
              2025-03-15T14:17:00.473545+010020522481A Network Trojan was detected192.168.2.750038194.26.29.449000TCP
              2025-03-15T14:17:01.271386+010020522481A Network Trojan was detected192.168.2.750039194.26.29.449000TCP
              2025-03-15T14:17:02.365048+010020522481A Network Trojan was detected192.168.2.750040194.26.29.449000TCP
              2025-03-15T14:17:03.162998+010020522481A Network Trojan was detected192.168.2.750041194.26.29.449000TCP
              2025-03-15T14:17:03.961894+010020522481A Network Trojan was detected192.168.2.750042194.26.29.449000TCP
              2025-03-15T14:17:04.773887+010020522481A Network Trojan was detected192.168.2.750043194.26.29.449000TCP
              2025-03-15T14:17:05.580391+010020522481A Network Trojan was detected192.168.2.750044194.26.29.449000TCP
              2025-03-15T14:17:06.382296+010020522481A Network Trojan was detected192.168.2.750045194.26.29.449000TCP
              2025-03-15T14:17:07.177767+010020522481A Network Trojan was detected192.168.2.750046194.26.29.449000TCP
              2025-03-15T14:17:07.988056+010020522481A Network Trojan was detected192.168.2.750047194.26.29.449000TCP
              2025-03-15T14:17:08.786053+010020522481A Network Trojan was detected192.168.2.750048194.26.29.449000TCP
              2025-03-15T14:17:09.724836+010020522481A Network Trojan was detected192.168.2.750049194.26.29.449000TCP
              2025-03-15T14:17:10.534605+010020522481A Network Trojan was detected192.168.2.750050194.26.29.449000TCP
              2025-03-15T14:17:11.436055+010020522481A Network Trojan was detected192.168.2.750051194.26.29.449000TCP
              2025-03-15T14:17:12.473951+010020522481A Network Trojan was detected192.168.2.750052194.26.29.449000TCP
              2025-03-15T14:17:13.270232+010020522481A Network Trojan was detected192.168.2.750054194.26.29.449000TCP
              2025-03-15T14:17:14.085050+010020522481A Network Trojan was detected192.168.2.750055194.26.29.449000TCP
              2025-03-15T14:17:14.879530+010020522481A Network Trojan was detected192.168.2.750056194.26.29.449000TCP
              2025-03-15T14:17:15.678062+010020522481A Network Trojan was detected192.168.2.750057194.26.29.449000TCP
              2025-03-15T14:17:16.472721+010020522481A Network Trojan was detected192.168.2.750058194.26.29.449000TCP
              2025-03-15T14:17:17.273280+010020522481A Network Trojan was detected192.168.2.750059194.26.29.449000TCP
              2025-03-15T14:17:18.066561+010020522481A Network Trojan was detected192.168.2.750060194.26.29.449000TCP
              2025-03-15T14:17:18.853205+010020522481A Network Trojan was detected192.168.2.750061194.26.29.449000TCP
              2025-03-15T14:17:19.655034+010020522481A Network Trojan was detected192.168.2.750062194.26.29.449000TCP
              2025-03-15T14:17:20.455642+010020522481A Network Trojan was detected192.168.2.750063194.26.29.449000TCP
              2025-03-15T14:17:21.304796+010020522481A Network Trojan was detected192.168.2.750064194.26.29.449000TCP
              2025-03-15T14:17:22.093604+010020522481A Network Trojan was detected192.168.2.750065194.26.29.449000TCP
              2025-03-15T14:17:22.909263+010020522481A Network Trojan was detected192.168.2.750066194.26.29.449000TCP
              2025-03-15T14:17:23.742278+010020522481A Network Trojan was detected192.168.2.750068194.26.29.449000TCP
              2025-03-15T14:17:24.534042+010020522481A Network Trojan was detected192.168.2.750069194.26.29.449000TCP
              2025-03-15T14:17:25.323082+010020522481A Network Trojan was detected192.168.2.750070194.26.29.449000TCP
              2025-03-15T14:17:26.105474+010020522481A Network Trojan was detected192.168.2.750071194.26.29.449000TCP
              2025-03-15T14:17:26.909248+010020522481A Network Trojan was detected192.168.2.750072194.26.29.449000TCP
              2025-03-15T14:17:27.726967+010020522481A Network Trojan was detected192.168.2.750073194.26.29.449000TCP
              2025-03-15T14:17:28.511198+010020522481A Network Trojan was detected192.168.2.750074194.26.29.449000TCP
              2025-03-15T14:17:29.298179+010020522481A Network Trojan was detected192.168.2.750075194.26.29.449000TCP
              2025-03-15T14:17:30.133518+010020522481A Network Trojan was detected192.168.2.750076194.26.29.449000TCP
              2025-03-15T14:17:30.936565+010020522481A Network Trojan was detected192.168.2.750078194.26.29.449000TCP
              2025-03-15T14:17:31.741957+010020522481A Network Trojan was detected192.168.2.750079194.26.29.449000TCP
              2025-03-15T14:17:32.548278+010020522481A Network Trojan was detected192.168.2.750080194.26.29.449000TCP
              2025-03-15T14:17:33.345551+010020522481A Network Trojan was detected192.168.2.750081194.26.29.449000TCP
              2025-03-15T14:17:34.154402+010020522481A Network Trojan was detected192.168.2.750082194.26.29.449000TCP
              2025-03-15T14:17:34.947505+010020522481A Network Trojan was detected192.168.2.750083194.26.29.449000TCP
              2025-03-15T14:17:35.741038+010020522481A Network Trojan was detected192.168.2.750084194.26.29.449000TCP
              2025-03-15T14:17:36.545468+010020522481A Network Trojan was detected192.168.2.750085194.26.29.449000TCP
              2025-03-15T14:17:37.325626+010020522481A Network Trojan was detected192.168.2.750086194.26.29.449000TCP
              2025-03-15T14:17:38.114204+010020522481A Network Trojan was detected192.168.2.750087194.26.29.449000TCP
              2025-03-15T14:17:38.929720+010020522481A Network Trojan was detected192.168.2.750088194.26.29.449000TCP
              2025-03-15T14:17:39.718039+010020522481A Network Trojan was detected192.168.2.750089194.26.29.449000TCP
              2025-03-15T14:17:40.504630+010020522481A Network Trojan was detected192.168.2.750090194.26.29.449000TCP
              2025-03-15T14:17:41.292931+010020522481A Network Trojan was detected192.168.2.750091194.26.29.449000TCP
              2025-03-15T14:17:42.076946+010020522481A Network Trojan was detected192.168.2.750092194.26.29.449000TCP
              2025-03-15T14:17:42.876454+010020522481A Network Trojan was detected192.168.2.750093194.26.29.449000TCP
              2025-03-15T14:17:43.679492+010020522481A Network Trojan was detected192.168.2.750094194.26.29.449000TCP
              2025-03-15T14:17:44.478586+010020522481A Network Trojan was detected192.168.2.750095194.26.29.449000TCP
              2025-03-15T14:17:45.281013+010020522481A Network Trojan was detected192.168.2.750096194.26.29.449000TCP
              2025-03-15T14:17:46.069069+010020522481A Network Trojan was detected192.168.2.750097194.26.29.449000TCP
              2025-03-15T14:17:46.861510+010020522481A Network Trojan was detected192.168.2.750098194.26.29.449000TCP
              2025-03-15T14:17:47.649898+010020522481A Network Trojan was detected192.168.2.750099194.26.29.449000TCP
              2025-03-15T14:17:48.455389+010020522481A Network Trojan was detected192.168.2.750101194.26.29.449000TCP
              2025-03-15T14:17:49.253408+010020522481A Network Trojan was detected192.168.2.750102194.26.29.449000TCP
              2025-03-15T14:17:50.075407+010020522481A Network Trojan was detected192.168.2.750103194.26.29.449000TCP
              2025-03-15T14:17:50.860717+010020522481A Network Trojan was detected192.168.2.750105194.26.29.449000TCP
              2025-03-15T14:17:51.697524+010020522481A Network Trojan was detected192.168.2.750106194.26.29.449000TCP
              2025-03-15T14:17:52.491414+010020522481A Network Trojan was detected192.168.2.750107194.26.29.449000TCP
              2025-03-15T14:17:53.314825+010020522481A Network Trojan was detected192.168.2.750108194.26.29.449000TCP
              2025-03-15T14:17:54.115182+010020522481A Network Trojan was detected192.168.2.750109194.26.29.449000TCP
              2025-03-15T14:17:55.109867+010020522481A Network Trojan was detected192.168.2.750110194.26.29.449000TCP
              2025-03-15T14:17:55.887980+010020522481A Network Trojan was detected192.168.2.750111194.26.29.449000TCP
              2025-03-15T14:17:56.688578+010020522481A Network Trojan was detected192.168.2.750112194.26.29.449000TCP
              2025-03-15T14:17:57.507672+010020522481A Network Trojan was detected192.168.2.750113194.26.29.449000TCP
              2025-03-15T14:17:58.483237+010020522481A Network Trojan was detected192.168.2.750114194.26.29.449000TCP
              2025-03-15T14:17:59.277119+010020522481A Network Trojan was detected192.168.2.750117194.26.29.449000TCP
              2025-03-15T14:18:00.099501+010020522481A Network Trojan was detected192.168.2.750118194.26.29.449000TCP
              2025-03-15T14:18:00.885772+010020522481A Network Trojan was detected192.168.2.750119194.26.29.449000TCP
              2025-03-15T14:18:01.748352+010020522481A Network Trojan was detected192.168.2.750120194.26.29.449000TCP
              2025-03-15T14:18:02.571430+010020522481A Network Trojan was detected192.168.2.750121194.26.29.449000TCP
              2025-03-15T14:18:03.486648+010020522481A Network Trojan was detected192.168.2.750123194.26.29.449000TCP
              2025-03-15T14:18:04.304453+010020522481A Network Trojan was detected192.168.2.750124194.26.29.449000TCP
              2025-03-15T14:18:05.104908+010020522481A Network Trojan was detected192.168.2.750125194.26.29.449000TCP
              2025-03-15T14:18:05.903612+010020522481A Network Trojan was detected192.168.2.750127194.26.29.449000TCP
              2025-03-15T14:18:06.735551+010020522481A Network Trojan was detected192.168.2.750128194.26.29.449000TCP
              2025-03-15T14:18:07.641691+010020522481A Network Trojan was detected192.168.2.750129194.26.29.449000TCP
              2025-03-15T14:18:08.624058+010020522481A Network Trojan was detected192.168.2.750130194.26.29.449000TCP
              2025-03-15T14:18:09.431528+010020522481A Network Trojan was detected192.168.2.750131194.26.29.449000TCP
              2025-03-15T14:18:10.232078+010020522481A Network Trojan was detected192.168.2.750132194.26.29.449000TCP
              2025-03-15T14:18:11.014229+010020522481A Network Trojan was detected192.168.2.750133194.26.29.449000TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-03-15T14:14:17.209083+010028033053Unknown Traffic192.168.2.749687194.26.29.449000TCP
              2025-03-15T14:14:18.013847+010028033053Unknown Traffic192.168.2.749688194.26.29.449000TCP
              2025-03-15T14:14:18.875265+010028033053Unknown Traffic192.168.2.749690194.26.29.449000TCP
              2025-03-15T14:14:19.696896+010028033053Unknown Traffic192.168.2.749692194.26.29.449000TCP
              2025-03-15T14:14:20.494700+010028033053Unknown Traffic192.168.2.749694194.26.29.449000TCP
              2025-03-15T14:14:21.288594+010028033053Unknown Traffic192.168.2.749697194.26.29.449000TCP
              2025-03-15T14:14:22.102805+010028033053Unknown Traffic192.168.2.749700194.26.29.449000TCP
              2025-03-15T14:14:22.935147+010028033053Unknown Traffic192.168.2.749701194.26.29.449000TCP
              2025-03-15T14:14:23.723466+010028033053Unknown Traffic192.168.2.749703194.26.29.449000TCP
              2025-03-15T14:14:24.507600+010028033053Unknown Traffic192.168.2.749704194.26.29.449000TCP
              2025-03-15T14:14:25.306298+010028033053Unknown Traffic192.168.2.749705194.26.29.449000TCP
              2025-03-15T14:14:26.095637+010028033053Unknown Traffic192.168.2.749706194.26.29.449000TCP
              2025-03-15T14:14:26.918784+010028033053Unknown Traffic192.168.2.749708194.26.29.449000TCP
              2025-03-15T14:14:27.711127+010028033053Unknown Traffic192.168.2.749709194.26.29.449000TCP
              2025-03-15T14:14:28.521007+010028033053Unknown Traffic192.168.2.749710194.26.29.449000TCP
              2025-03-15T14:14:29.301332+010028033053Unknown Traffic192.168.2.749712194.26.29.449000TCP
              2025-03-15T14:14:30.109860+010028033053Unknown Traffic192.168.2.749713194.26.29.449000TCP
              2025-03-15T14:14:30.915159+010028033053Unknown Traffic192.168.2.749714194.26.29.449000TCP
              2025-03-15T14:14:31.723514+010028033053Unknown Traffic192.168.2.749716194.26.29.449000TCP
              2025-03-15T14:14:32.513455+010028033053Unknown Traffic192.168.2.749717194.26.29.449000TCP
              2025-03-15T14:14:33.343159+010028033053Unknown Traffic192.168.2.749718194.26.29.449000TCP
              2025-03-15T14:14:34.136676+010028033053Unknown Traffic192.168.2.749720194.26.29.449000TCP
              2025-03-15T14:14:34.927894+010028033053Unknown Traffic192.168.2.749721194.26.29.449000TCP
              2025-03-15T14:14:35.731674+010028033053Unknown Traffic192.168.2.749722194.26.29.449000TCP
              2025-03-15T14:14:36.516614+010028033053Unknown Traffic192.168.2.749723194.26.29.449000TCP
              2025-03-15T14:14:37.300054+010028033053Unknown Traffic192.168.2.749725194.26.29.449000TCP
              2025-03-15T14:14:38.086544+010028033053Unknown Traffic192.168.2.749726194.26.29.449000TCP
              2025-03-15T14:14:38.895636+010028033053Unknown Traffic192.168.2.749728194.26.29.449000TCP
              2025-03-15T14:14:39.672849+010028033053Unknown Traffic192.168.2.749731194.26.29.449000TCP
              2025-03-15T14:14:40.475145+010028033053Unknown Traffic192.168.2.749732194.26.29.449000TCP
              2025-03-15T14:14:41.275147+010028033053Unknown Traffic192.168.2.749734194.26.29.449000TCP
              2025-03-15T14:14:42.065021+010028033053Unknown Traffic192.168.2.749736194.26.29.449000TCP
              2025-03-15T14:14:42.853952+010028033053Unknown Traffic192.168.2.749737194.26.29.449000TCP
              2025-03-15T14:14:43.639700+010028033053Unknown Traffic192.168.2.749739194.26.29.449000TCP
              2025-03-15T14:14:44.424205+010028033053Unknown Traffic192.168.2.749742194.26.29.449000TCP
              2025-03-15T14:14:45.238931+010028033053Unknown Traffic192.168.2.749743194.26.29.449000TCP
              2025-03-15T14:14:46.036853+010028033053Unknown Traffic192.168.2.749744194.26.29.449000TCP
              2025-03-15T14:14:46.851059+010028033053Unknown Traffic192.168.2.749745194.26.29.449000TCP
              2025-03-15T14:14:47.645935+010028033053Unknown Traffic192.168.2.749747194.26.29.449000TCP
              2025-03-15T14:14:48.481240+010028033053Unknown Traffic192.168.2.749748194.26.29.449000TCP
              2025-03-15T14:14:49.286238+010028033053Unknown Traffic192.168.2.749750194.26.29.449000TCP
              2025-03-15T14:14:50.137941+010028033053Unknown Traffic192.168.2.749751194.26.29.449000TCP
              2025-03-15T14:14:50.935136+010028033053Unknown Traffic192.168.2.749752194.26.29.449000TCP
              2025-03-15T14:14:51.722421+010028033053Unknown Traffic192.168.2.749753194.26.29.449000TCP
              2025-03-15T14:14:52.530107+010028033053Unknown Traffic192.168.2.749755194.26.29.449000TCP
              2025-03-15T14:14:53.351005+010028033053Unknown Traffic192.168.2.749756194.26.29.449000TCP
              2025-03-15T14:14:54.171383+010028033053Unknown Traffic192.168.2.749758194.26.29.449000TCP
              2025-03-15T14:14:54.953133+010028033053Unknown Traffic192.168.2.749759194.26.29.449000TCP
              2025-03-15T14:14:55.744701+010028033053Unknown Traffic192.168.2.749760194.26.29.449000TCP
              2025-03-15T14:14:56.616152+010028033053Unknown Traffic192.168.2.749761194.26.29.449000TCP
              2025-03-15T14:14:57.412918+010028033053Unknown Traffic192.168.2.749763194.26.29.449000TCP
              2025-03-15T14:14:58.231870+010028033053Unknown Traffic192.168.2.749764194.26.29.449000TCP
              2025-03-15T14:14:59.015525+010028033053Unknown Traffic192.168.2.749767194.26.29.449000TCP
              2025-03-15T14:14:59.834923+010028033053Unknown Traffic192.168.2.749768194.26.29.449000TCP
              2025-03-15T14:15:00.625613+010028033053Unknown Traffic192.168.2.749769194.26.29.449000TCP
              2025-03-15T14:15:01.406717+010028033053Unknown Traffic192.168.2.749770194.26.29.449000TCP
              2025-03-15T14:15:02.211899+010028033053Unknown Traffic192.168.2.749772194.26.29.449000TCP
              2025-03-15T14:15:03.032667+010028033053Unknown Traffic192.168.2.749773194.26.29.449000TCP
              2025-03-15T14:15:03.825833+010028033053Unknown Traffic192.168.2.749774194.26.29.449000TCP
              2025-03-15T14:15:04.636793+010028033053Unknown Traffic192.168.2.749776194.26.29.449000TCP
              2025-03-15T14:15:05.431103+010028033053Unknown Traffic192.168.2.749777194.26.29.449000TCP
              2025-03-15T14:15:06.219092+010028033053Unknown Traffic192.168.2.749778194.26.29.449000TCP
              2025-03-15T14:15:07.001925+010028033053Unknown Traffic192.168.2.749779194.26.29.449000TCP
              2025-03-15T14:15:07.805520+010028033053Unknown Traffic192.168.2.749781194.26.29.449000TCP
              2025-03-15T14:15:09.439293+010028033053Unknown Traffic192.168.2.749782194.26.29.449000TCP
              2025-03-15T14:15:10.219471+010028033053Unknown Traffic192.168.2.749784194.26.29.449000TCP
              2025-03-15T14:15:11.001286+010028033053Unknown Traffic192.168.2.749785194.26.29.449000TCP
              2025-03-15T14:15:11.802449+010028033053Unknown Traffic192.168.2.749786194.26.29.449000TCP
              2025-03-15T14:15:12.586115+010028033053Unknown Traffic192.168.2.749788194.26.29.449000TCP
              2025-03-15T14:15:13.376055+010028033053Unknown Traffic192.168.2.749789194.26.29.449000TCP
              2025-03-15T14:15:14.177535+010028033053Unknown Traffic192.168.2.749790194.26.29.449000TCP
              2025-03-15T14:15:14.954224+010028033053Unknown Traffic192.168.2.749792194.26.29.449000TCP
              2025-03-15T14:15:15.743607+010028033053Unknown Traffic192.168.2.749793194.26.29.449000TCP
              2025-03-15T14:15:16.533486+010028033053Unknown Traffic192.168.2.749794194.26.29.449000TCP
              2025-03-15T14:15:17.358698+010028033053Unknown Traffic192.168.2.749796194.26.29.449000TCP
              2025-03-15T14:15:18.152872+010028033053Unknown Traffic192.168.2.749797194.26.29.449000TCP
              2025-03-15T14:15:18.942289+010028033053Unknown Traffic192.168.2.749798194.26.29.449000TCP
              2025-03-15T14:15:19.858657+010028033053Unknown Traffic192.168.2.749800194.26.29.449000TCP
              2025-03-15T14:15:21.730990+010028033053Unknown Traffic192.168.2.749801194.26.29.449000TCP
              2025-03-15T14:15:22.536962+010028033053Unknown Traffic192.168.2.749803194.26.29.449000TCP
              2025-03-15T14:15:23.364570+010028033053Unknown Traffic192.168.2.749805194.26.29.449000TCP
              2025-03-15T14:15:24.142128+010028033053Unknown Traffic192.168.2.749806194.26.29.449000TCP
              2025-03-15T14:15:24.369794+010028033053Unknown Traffic192.168.2.749808194.26.29.449000TCP
              2025-03-15T14:15:25.186860+010028033053Unknown Traffic192.168.2.749810194.26.29.449000TCP
              2025-03-15T14:15:26.742168+010028033053Unknown Traffic192.168.2.749815194.26.29.449000TCP
              2025-03-15T14:15:27.548797+010028033053Unknown Traffic192.168.2.749830194.26.29.449000TCP
              2025-03-15T14:15:28.341686+010028033053Unknown Traffic192.168.2.749831194.26.29.449000TCP
              2025-03-15T14:15:29.152748+010028033053Unknown Traffic192.168.2.749834194.26.29.449000TCP
              2025-03-15T14:15:30.023985+010028033053Unknown Traffic192.168.2.749838194.26.29.449000TCP
              2025-03-15T14:15:30.817048+010028033053Unknown Traffic192.168.2.749841194.26.29.449000TCP
              2025-03-15T14:15:31.621703+010028033053Unknown Traffic192.168.2.749842194.26.29.449000TCP
              2025-03-15T14:15:32.303153+010028033053Unknown Traffic192.168.2.749844194.26.29.449000TCP
              2025-03-15T14:15:33.361651+010028033053Unknown Traffic192.168.2.749849194.26.29.449000TCP
              2025-03-15T14:15:34.149201+010028033053Unknown Traffic192.168.2.749855194.26.29.449000TCP
              2025-03-15T14:15:34.932481+010028033053Unknown Traffic192.168.2.749862194.26.29.449000TCP
              2025-03-15T14:15:35.739558+010028033053Unknown Traffic192.168.2.749865194.26.29.449000TCP
              2025-03-15T14:15:36.527539+010028033053Unknown Traffic192.168.2.749866194.26.29.449000TCP
              2025-03-15T14:15:37.300956+010028033053Unknown Traffic192.168.2.749868194.26.29.449000TCP
              2025-03-15T14:15:38.092615+010028033053Unknown Traffic192.168.2.749869194.26.29.449000TCP
              2025-03-15T14:15:38.911496+010028033053Unknown Traffic192.168.2.749874194.26.29.449000TCP
              2025-03-15T14:15:39.694742+010028033053Unknown Traffic192.168.2.749876194.26.29.449000TCP
              2025-03-15T14:15:40.494007+010028033053Unknown Traffic192.168.2.749879194.26.29.449000TCP
              2025-03-15T14:15:41.329992+010028033053Unknown Traffic192.168.2.749882194.26.29.449000TCP
              2025-03-15T14:15:42.553144+010028033053Unknown Traffic192.168.2.749883194.26.29.449000TCP
              2025-03-15T14:15:43.348886+010028033053Unknown Traffic192.168.2.749887194.26.29.449000TCP
              2025-03-15T14:15:44.169312+010028033053Unknown Traffic192.168.2.749888194.26.29.449000TCP
              2025-03-15T14:15:45.000925+010028033053Unknown Traffic192.168.2.749889194.26.29.449000TCP
              2025-03-15T14:15:45.839753+010028033053Unknown Traffic192.168.2.749891194.26.29.449000TCP
              2025-03-15T14:15:46.641249+010028033053Unknown Traffic192.168.2.749892194.26.29.449000TCP
              2025-03-15T14:15:47.519686+010028033053Unknown Traffic192.168.2.749893194.26.29.449000TCP
              2025-03-15T14:15:48.338157+010028033053Unknown Traffic192.168.2.749895194.26.29.449000TCP
              2025-03-15T14:15:49.144964+010028033053Unknown Traffic192.168.2.749896194.26.29.449000TCP
              2025-03-15T14:15:49.936413+010028033053Unknown Traffic192.168.2.749897194.26.29.449000TCP
              2025-03-15T14:15:50.785558+010028033053Unknown Traffic192.168.2.749898194.26.29.449000TCP
              2025-03-15T14:15:51.570275+010028033053Unknown Traffic192.168.2.749900194.26.29.449000TCP
              2025-03-15T14:15:52.351645+010028033053Unknown Traffic192.168.2.749901194.26.29.449000TCP
              2025-03-15T14:15:53.153459+010028033053Unknown Traffic192.168.2.749902194.26.29.449000TCP
              2025-03-15T14:15:53.962347+010028033053Unknown Traffic192.168.2.749904194.26.29.449000TCP
              2025-03-15T14:15:54.774657+010028033053Unknown Traffic192.168.2.749905194.26.29.449000TCP
              2025-03-15T14:15:55.759256+010028033053Unknown Traffic192.168.2.749906194.26.29.449000TCP
              2025-03-15T14:15:56.538356+010028033053Unknown Traffic192.168.2.749907194.26.29.449000TCP
              2025-03-15T14:15:57.334974+010028033053Unknown Traffic192.168.2.749909194.26.29.449000TCP
              2025-03-15T14:15:58.277331+010028033053Unknown Traffic192.168.2.749910194.26.29.449000TCP
              2025-03-15T14:15:59.089155+010028033053Unknown Traffic192.168.2.749912194.26.29.449000TCP
              2025-03-15T14:15:59.887411+010028033053Unknown Traffic192.168.2.749913194.26.29.449000TCP
              2025-03-15T14:16:00.677766+010028033053Unknown Traffic192.168.2.749914194.26.29.449000TCP
              2025-03-15T14:16:01.467417+010028033053Unknown Traffic192.168.2.749916194.26.29.449000TCP
              2025-03-15T14:16:02.269573+010028033053Unknown Traffic192.168.2.749918194.26.29.449000TCP
              2025-03-15T14:16:03.114635+010028033053Unknown Traffic192.168.2.749919194.26.29.449000TCP
              2025-03-15T14:16:03.915203+010028033053Unknown Traffic192.168.2.749920194.26.29.449000TCP
              2025-03-15T14:16:04.700817+010028033053Unknown Traffic192.168.2.749923194.26.29.449000TCP
              2025-03-15T14:16:05.530595+010028033053Unknown Traffic192.168.2.749924194.26.29.449000TCP
              2025-03-15T14:16:06.325092+010028033053Unknown Traffic192.168.2.749925194.26.29.449000TCP
              2025-03-15T14:16:07.155363+010028033053Unknown Traffic192.168.2.749926194.26.29.449000TCP
              2025-03-15T14:16:07.969242+010028033053Unknown Traffic192.168.2.749928194.26.29.449000TCP
              2025-03-15T14:16:08.786507+010028033053Unknown Traffic192.168.2.749929194.26.29.449000TCP
              2025-03-15T14:16:09.635824+010028033053Unknown Traffic192.168.2.749931194.26.29.449000TCP
              2025-03-15T14:16:10.427856+010028033053Unknown Traffic192.168.2.749932194.26.29.449000TCP
              2025-03-15T14:16:12.076759+010028033053Unknown Traffic192.168.2.749935194.26.29.449000TCP
              2025-03-15T14:16:13.668408+010028033053Unknown Traffic192.168.2.749938194.26.29.449000TCP
              2025-03-15T14:16:15.270679+010028033053Unknown Traffic192.168.2.749942194.26.29.449000TCP
              2025-03-15T14:16:20.054691+010028033053Unknown Traffic192.168.2.749951194.26.29.449000TCP
              2025-03-15T14:16:20.849830+010028033053Unknown Traffic192.168.2.749953194.26.29.449000TCP
              2025-03-15T14:16:23.234497+010028033053Unknown Traffic192.168.2.749957194.26.29.449000TCP
              2025-03-15T14:16:23.636384+010028033053Unknown Traffic192.168.2.749959194.26.29.449000TCP
              2025-03-15T14:16:24.648108+010028033053Unknown Traffic192.168.2.749961194.26.29.449000TCP
              2025-03-15T14:16:25.494702+010028033053Unknown Traffic192.168.2.749970194.26.29.449000TCP
              2025-03-15T14:16:26.423155+010028033053Unknown Traffic192.168.2.749975194.26.29.449000TCP
              2025-03-15T14:16:27.243734+010028033053Unknown Traffic192.168.2.749991194.26.29.449000TCP
              2025-03-15T14:16:28.034250+010028033053Unknown Traffic192.168.2.749992194.26.29.449000TCP
              2025-03-15T14:16:29.108116+010028033053Unknown Traffic192.168.2.749993194.26.29.449000TCP
              2025-03-15T14:16:29.893822+010028033053Unknown Traffic192.168.2.749994194.26.29.449000TCP
              2025-03-15T14:16:30.688517+010028033053Unknown Traffic192.168.2.749996194.26.29.449000TCP
              2025-03-15T14:16:31.501623+010028033053Unknown Traffic192.168.2.749997194.26.29.449000TCP
              2025-03-15T14:16:32.302258+010028033053Unknown Traffic192.168.2.749998194.26.29.449000TCP
              2025-03-15T14:16:33.093208+010028033053Unknown Traffic192.168.2.749999194.26.29.449000TCP
              2025-03-15T14:16:33.891990+010028033053Unknown Traffic192.168.2.750000194.26.29.449000TCP
              2025-03-15T14:16:34.692244+010028033053Unknown Traffic192.168.2.750001194.26.29.449000TCP
              2025-03-15T14:16:35.487883+010028033053Unknown Traffic192.168.2.750002194.26.29.449000TCP
              2025-03-15T14:16:36.311111+010028033053Unknown Traffic192.168.2.750003194.26.29.449000TCP
              2025-03-15T14:16:37.106589+010028033053Unknown Traffic192.168.2.750006194.26.29.449000TCP
              2025-03-15T14:16:37.883394+010028033053Unknown Traffic192.168.2.750007194.26.29.449000TCP
              2025-03-15T14:16:38.686634+010028033053Unknown Traffic192.168.2.750009194.26.29.449000TCP
              2025-03-15T14:16:39.485315+010028033053Unknown Traffic192.168.2.750010194.26.29.449000TCP
              2025-03-15T14:16:40.385932+010028033053Unknown Traffic192.168.2.750012194.26.29.449000TCP
              2025-03-15T14:16:41.166708+010028033053Unknown Traffic192.168.2.750013194.26.29.449000TCP
              2025-03-15T14:16:41.976697+010028033053Unknown Traffic192.168.2.750014194.26.29.449000TCP
              2025-03-15T14:16:42.761576+010028033053Unknown Traffic192.168.2.750015194.26.29.449000TCP
              2025-03-15T14:16:43.545434+010028033053Unknown Traffic192.168.2.750016194.26.29.449000TCP
              2025-03-15T14:16:44.332631+010028033053Unknown Traffic192.168.2.750017194.26.29.449000TCP
              2025-03-15T14:16:45.124359+010028033053Unknown Traffic192.168.2.750018194.26.29.449000TCP
              2025-03-15T14:16:45.926029+010028033053Unknown Traffic192.168.2.750019194.26.29.449000TCP
              2025-03-15T14:16:46.744781+010028033053Unknown Traffic192.168.2.750020194.26.29.449000TCP
              2025-03-15T14:16:47.546572+010028033053Unknown Traffic192.168.2.750021194.26.29.449000TCP
              2025-03-15T14:16:48.362653+010028033053Unknown Traffic192.168.2.750022194.26.29.449000TCP
              2025-03-15T14:16:49.155618+010028033053Unknown Traffic192.168.2.750023194.26.29.449000TCP
              2025-03-15T14:16:49.969640+010028033053Unknown Traffic192.168.2.750024194.26.29.449000TCP
              2025-03-15T14:16:50.780003+010028033053Unknown Traffic192.168.2.750025194.26.29.449000TCP
              2025-03-15T14:16:51.639540+010028033053Unknown Traffic192.168.2.750026194.26.29.449000TCP
              2025-03-15T14:16:52.430120+010028033053Unknown Traffic192.168.2.750027194.26.29.449000TCP
              2025-03-15T14:16:53.244051+010028033053Unknown Traffic192.168.2.750028194.26.29.449000TCP
              2025-03-15T14:16:54.039671+010028033053Unknown Traffic192.168.2.750029194.26.29.449000TCP
              2025-03-15T14:16:54.838454+010028033053Unknown Traffic192.168.2.750030194.26.29.449000TCP
              2025-03-15T14:16:55.650407+010028033053Unknown Traffic192.168.2.750031194.26.29.449000TCP
              2025-03-15T14:16:56.442982+010028033053Unknown Traffic192.168.2.750032194.26.29.449000TCP
              2025-03-15T14:16:57.229407+010028033053Unknown Traffic192.168.2.750033194.26.29.449000TCP
              2025-03-15T14:16:58.020519+010028033053Unknown Traffic192.168.2.750034194.26.29.449000TCP
              2025-03-15T14:16:58.871077+010028033053Unknown Traffic192.168.2.750036194.26.29.449000TCP
              2025-03-15T14:16:59.681823+010028033053Unknown Traffic192.168.2.750037194.26.29.449000TCP
              2025-03-15T14:17:00.473545+010028033053Unknown Traffic192.168.2.750038194.26.29.449000TCP
              2025-03-15T14:17:01.271386+010028033053Unknown Traffic192.168.2.750039194.26.29.449000TCP
              2025-03-15T14:17:02.365048+010028033053Unknown Traffic192.168.2.750040194.26.29.449000TCP
              2025-03-15T14:17:03.162998+010028033053Unknown Traffic192.168.2.750041194.26.29.449000TCP
              2025-03-15T14:17:03.961894+010028033053Unknown Traffic192.168.2.750042194.26.29.449000TCP
              2025-03-15T14:17:04.773887+010028033053Unknown Traffic192.168.2.750043194.26.29.449000TCP
              2025-03-15T14:17:05.580391+010028033053Unknown Traffic192.168.2.750044194.26.29.449000TCP
              2025-03-15T14:17:06.382296+010028033053Unknown Traffic192.168.2.750045194.26.29.449000TCP
              2025-03-15T14:17:07.177767+010028033053Unknown Traffic192.168.2.750046194.26.29.449000TCP
              2025-03-15T14:17:07.988056+010028033053Unknown Traffic192.168.2.750047194.26.29.449000TCP
              2025-03-15T14:17:08.786053+010028033053Unknown Traffic192.168.2.750048194.26.29.449000TCP
              2025-03-15T14:17:09.724836+010028033053Unknown Traffic192.168.2.750049194.26.29.449000TCP
              2025-03-15T14:17:10.534605+010028033053Unknown Traffic192.168.2.750050194.26.29.449000TCP
              2025-03-15T14:17:11.436055+010028033053Unknown Traffic192.168.2.750051194.26.29.449000TCP
              2025-03-15T14:17:12.473951+010028033053Unknown Traffic192.168.2.750052194.26.29.449000TCP
              2025-03-15T14:17:13.270232+010028033053Unknown Traffic192.168.2.750054194.26.29.449000TCP
              2025-03-15T14:17:14.085050+010028033053Unknown Traffic192.168.2.750055194.26.29.449000TCP
              2025-03-15T14:17:14.879530+010028033053Unknown Traffic192.168.2.750056194.26.29.449000TCP
              2025-03-15T14:17:15.678062+010028033053Unknown Traffic192.168.2.750057194.26.29.449000TCP
              2025-03-15T14:17:16.472721+010028033053Unknown Traffic192.168.2.750058194.26.29.449000TCP
              2025-03-15T14:17:18.066561+010028033053Unknown Traffic192.168.2.750060194.26.29.449000TCP
              2025-03-15T14:17:18.853205+010028033053Unknown Traffic192.168.2.750061194.26.29.449000TCP
              2025-03-15T14:17:20.455642+010028033053Unknown Traffic192.168.2.750063194.26.29.449000TCP
              2025-03-15T14:17:23.742278+010028033053Unknown Traffic192.168.2.750068194.26.29.449000TCP
              2025-03-15T14:17:24.534042+010028033053Unknown Traffic192.168.2.750069194.26.29.449000TCP
              2025-03-15T14:17:25.323082+010028033053Unknown Traffic192.168.2.750070194.26.29.449000TCP
              2025-03-15T14:17:26.105474+010028033053Unknown Traffic192.168.2.750071194.26.29.449000TCP
              2025-03-15T14:17:26.909248+010028033053Unknown Traffic192.168.2.750072194.26.29.449000TCP
              2025-03-15T14:17:30.133518+010028033053Unknown Traffic192.168.2.750076194.26.29.449000TCP
              2025-03-15T14:17:31.741957+010028033053Unknown Traffic192.168.2.750079194.26.29.449000TCP
              2025-03-15T14:17:41.292931+010028033053Unknown Traffic192.168.2.750091194.26.29.449000TCP
              2025-03-15T14:17:42.876454+010028033053Unknown Traffic192.168.2.750093194.26.29.449000TCP
              2025-03-15T14:17:44.478586+010028033053Unknown Traffic192.168.2.750095194.26.29.449000TCP
              2025-03-15T14:17:45.281013+010028033053Unknown Traffic192.168.2.750096194.26.29.449000TCP
              2025-03-15T14:17:46.069069+010028033053Unknown Traffic192.168.2.750097194.26.29.449000TCP
              2025-03-15T14:17:46.861510+010028033053Unknown Traffic192.168.2.750098194.26.29.449000TCP
              2025-03-15T14:17:47.649898+010028033053Unknown Traffic192.168.2.750099194.26.29.449000TCP
              2025-03-15T14:17:49.253408+010028033053Unknown Traffic192.168.2.750102194.26.29.449000TCP
              2025-03-15T14:17:50.075407+010028033053Unknown Traffic192.168.2.750103194.26.29.449000TCP
              2025-03-15T14:17:50.860717+010028033053Unknown Traffic192.168.2.750105194.26.29.449000TCP
              2025-03-15T14:17:51.697524+010028033053Unknown Traffic192.168.2.750106194.26.29.449000TCP
              2025-03-15T14:17:54.115182+010028033053Unknown Traffic192.168.2.750109194.26.29.449000TCP
              2025-03-15T14:17:57.507672+010028033053Unknown Traffic192.168.2.750113194.26.29.449000TCP
              2025-03-15T14:18:00.099501+010028033053Unknown Traffic192.168.2.750118194.26.29.449000TCP
              2025-03-15T14:18:01.748352+010028033053Unknown Traffic192.168.2.750120194.26.29.449000TCP
              2025-03-15T14:18:04.304453+010028033053Unknown Traffic192.168.2.750124194.26.29.449000TCP
              2025-03-15T14:18:07.641691+010028033053Unknown Traffic192.168.2.750129194.26.29.449000TCP
              2025-03-15T14:18:08.624058+010028033053Unknown Traffic192.168.2.750130194.26.29.449000TCP
              2025-03-15T14:18:09.431528+010028033053Unknown Traffic192.168.2.750131194.26.29.449000TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Joe Sandbox ML detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 94.9% probability
              Source: Blue-Cloner-Signed.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
              Source: Blue-Cloner-Signed.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: Binary string: vbc.pdb source: is-0DKEL.tmp.3.dr
              Source: Binary string: D:\dbs\sh\ddvsm\1002_165500_0\cmd\a\out\binaries\amd64ret\bin\amd64\vspkgs\Opt\x05xyg5w.zg2\Output\CompSvcsPkg.pdb source: is-S2L72.tmp.3.dr
              Source: Binary string: /_/artifacts/obj/Microsoft.AspNetCore.Http/Release/net7.0/Microsoft.AspNetCore.Http.pdb source: Microsoft.AspNetCore.Http.dll.4.dr
              Source: Binary string: D:\a\_work\1\s\src\Setup.Download\obj\Release\net45\Microsoft.VisualStudio.Setup.Download.pdb" source: Microsoft.VisualStudio.Setup.Download.dll.4.dr
              Source: Binary string: /_/artifacts/obj/Microsoft.DotNet.DesignTools.Protocol/Release/netcoreapp3.1/Microsoft.DotNet.DesignTools.Protocol.pdb source: is-PGLBN.tmp.3.dr
              Source: Binary string: WindowsBase.pdb source: WindowsBase.dll.4.dr, is-REOGC.tmp.3.dr
              Source: Binary string: /_/artifacts/obj/Microsoft.Build.Tasks.CodeAnalysis/Release/net6.0/Microsoft.Build.Tasks.CodeAnalysis.pdb source: is-0DKEL.tmp.3.dr
              Source: Binary string: Microsoft.VisualStudio.TestPlatform.ObjectModel.ni.pdb source: Microsoft.VisualStudio.TestPlatform.ObjectModel.dll.4.dr
              Source: Binary string: WindowsBase.pdbBSJB source: WindowsBase.dll.4.dr, is-REOGC.tmp.3.dr
              Source: Binary string: UIAutomationClientSideProviders.ni.pdb source: UIAutomationClientSideProviders.dll.4.dr, is-L9AJM.tmp.3.dr
              Source: Binary string: methodName.pdb!RunConfiguration5.NETFramework,Version=v3.55.NETFramework,Version=v4.05.NETFramework,Version=v4.5#UAP,Version=v10.0!ResultsDirectory source: Microsoft.VisualStudio.TestPlatform.ObjectModel.dll.4.dr
              Source: Binary string: Microsoft.VisualStudio.TestPlatform.ObjectModel.pdb source: Microsoft.VisualStudio.TestPlatform.ObjectModel.dll.4.dr
              Source: Binary string: type: yPortableSymbolReader: Failed to load symbols for binary: {0}GCannot find portable .PDB file for source: Microsoft.VisualStudio.TestPlatform.ObjectModel.dll.4.dr
              Source: Binary string: /_/artifacts/obj/Microsoft.AspNetCore.Http/Release/net7.0/Microsoft.AspNetCore.Http.pdbSHA256$ source: Microsoft.AspNetCore.Http.dll.4.dr
              Source: Binary string: /_/artifacts/obj/Microsoft.DotNet.DesignTools.Protocol/Release/netcoreapp3.1/Microsoft.DotNet.DesignTools.Protocol.pdbSHA2564X source: is-PGLBN.tmp.3.dr
              Source: Binary string: Microsoft.Build.Tasks.CodeAnalysis.ni.pdb source: is-0DKEL.tmp.3.dr
              Source: Binary string: Microsoft.AspNetCore.Http.ni.pdb source: Microsoft.AspNetCore.Http.dll.4.dr
              Source: Binary string: /_/artifacts/obj/UIAutomationClientSideProviders/x64/Release/net7.0/UIAutomationClientSideProviders.pdbRSDS source: UIAutomationClientSideProviders.dll.4.dr, is-L9AJM.tmp.3.dr
              Source: Binary string: /_/artifacts/obj/UIAutomationClientSideProviders/x64/Release/net7.0/UIAutomationClientSideProviders.pdb source: UIAutomationClientSideProviders.dll.4.dr, is-L9AJM.tmp.3.dr
              Source: Binary string: c:\zlib-dll\Release\isunzlib.pdb source: Blue-Cloner-Signed.tmp, 00000001.00000003.859820828.00000000022E3000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.1.dr, _isdecmp.dll.3.dr
              Source: Binary string: D:\a\_work\1\s\src\Setup.Download\obj\Release\net45\Microsoft.VisualStudio.Setup.Download.pdb source: Microsoft.VisualStudio.Setup.Download.dll.4.dr

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49694 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49684 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49692 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49714 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49716 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49713 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49683 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49723 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49718 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49697 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49725 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49710 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49687 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49688 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49703 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49720 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49701 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49736 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49708 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49705 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49737 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49728 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49722 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49690 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49709 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49704 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49686 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49742 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49726 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49732 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49717 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49734 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49700 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49721 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49744 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49745 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49750 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49712 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49753 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49752 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49751 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49748 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49758 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49755 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49743 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49759 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49731 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49760 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49763 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49756 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49739 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49764 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49761 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49706 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49767 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49747 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49769 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49774 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49773 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49776 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49777 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49770 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49778 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49779 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49781 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49768 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49772 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49782 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49786 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49788 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49789 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49792 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49793 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49790 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49794 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49796 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49784 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49785 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49798 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49800 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49801 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49803 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49797 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49806 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49808 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49805 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49810 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49815 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49830 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49831 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49834 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49842 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49838 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49841 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49849 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49844 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49855 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49865 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49862 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49866 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49869 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49868 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49879 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49874 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49888 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49887 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49883 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49891 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49892 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49893 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49895 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49896 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49897 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49898 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49889 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49901 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49902 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49904 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49906 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49907 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49909 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49910 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49912 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49914 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49916 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49918 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49919 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49920 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49876 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49882 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49924 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49900 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49905 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49925 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49923 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49928 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49929 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49931 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49932 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49933 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49937 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49938 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49941 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49942 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49944 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49945 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49947 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49948 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49951 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49953 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49954 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49956 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49959 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49957 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49961 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49970 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49975 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49992 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49993 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49994 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49996 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49997 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49999 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50000 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50001 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50002 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50006 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50007 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50009 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50010 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50012 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50013 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50014 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50016 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50017 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50018 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50019 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50015 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50020 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50021 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50022 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50023 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50024 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49950 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50003 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50025 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50026 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50027 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50028 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50029 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50030 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50031 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50032 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50033 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50034 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50036 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50037 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50038 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50039 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50040 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50041 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50042 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50044 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50045 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49913 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50046 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50047 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50048 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49926 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50049 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49935 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49991 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50051 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50052 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50054 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50055 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50056 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50057 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50058 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50059 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50060 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50061 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50062 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50063 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:49998 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50064 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50065 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50066 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50068 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50070 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50073 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50072 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50074 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50076 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50078 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50079 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50080 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50081 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50082 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50083 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50084 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50085 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50086 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50087 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50088 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50089 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50090 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50092 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50093 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50095 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50096 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50101 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50091 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50094 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50102 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50103 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50105 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50106 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50107 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50108 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50109 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50110 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50111 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50112 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50114 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50113 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50117 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50118 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50099 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50119 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50050 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50121 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50123 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50124 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50125 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50127 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50128 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50130 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50131 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50132 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50133 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50069 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50071 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50098 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50129 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50120 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50043 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50075 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.7:50097 -> 194.26.29.44:9000
              Connects to many ports of the same IP (likely port scanning)
              Source: global trafficTCP traffic: 194.26.29.44 ports 9000,1,4,5,7,8,15847
              Uses known network protocols on non-standard ports
              Source: unknownNetwork traffic detected: HTTP traffic on port 49683 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 49684 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 49686 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49686
              Source: unknownNetwork traffic detected: HTTP traffic on port 49687 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49687
              Source: unknownNetwork traffic detected: HTTP traffic on port 49688 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49688
              Source: unknownNetwork traffic detected: HTTP traffic on port 49690 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49690
              Source: unknownNetwork traffic detected: HTTP traffic on port 49692 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49692
              Source: unknownNetwork traffic detected: HTTP traffic on port 49694 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49694
              Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49697
              Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49700
              Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49701
              Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49703
              Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49704
              Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49705
              Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49706
              Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49708
              Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49709
              Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49710
              Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49712
              Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49713
              Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49714
              Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49716
              Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49717
              Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49718
              Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49720
              Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49721
              Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49722
              Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49723
              Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49725
              Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49726
              Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49728
              Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49731
              Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49732
              Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49734
              Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49736
              Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49737
              Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49739
              Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49742
              Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49743
              Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49744
              Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49745
              Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49747
              Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49748
              Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49750
              Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49751
              Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49752
              Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49753
              Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49755
              Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49756
              Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49758
              Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49759
              Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49760
              Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49761
              Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49763
              Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49764
              Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49767
              Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49768
              Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49769
              Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49770
              Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49772
              Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49773
              Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49774
              Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49776
              Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49777
              Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49778
              Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49779
              Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49781
              Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49782
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49782
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49782
              Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49784
              Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49785
              Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49786
              Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49788
              Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49789
              Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49790
              Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49792
              Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49793
              Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49794
              Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49796
              Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49797
              Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49798
              Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49800
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49800
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49800
              Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49801
              Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49803
              Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49805
              Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49806
              Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49810
              Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49830
              Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49831
              Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49834
              Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49841
              Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49842
              Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49849
              Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49855
              Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49862
              Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49865
              Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49866
              Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49868
              Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49869
              Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49874
              Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49876
              Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49879
              Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49882
              Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49883
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49883
              Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49887
              Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49888
              Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49889
              Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49891
              Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49892
              Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49893
              Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49895
              Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49896
              Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49897
              Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49898
              Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49900
              Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49901
              Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49902
              Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49904
              Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49905
              Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49906
              Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49907
              Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49909
              Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49910
              Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49912
              Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49913
              Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49914
              Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49916
              Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49918
              Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49919
              Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49920
              Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49923
              Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49924
              Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49925
              Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49926
              Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49928
              Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49929
              Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49931
              Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49932
              Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49933
              Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49935
              Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49937
              Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49938
              Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49941
              Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49942
              Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49944
              Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49945
              Source: unknownNetwork traffic detected: HTTP traffic on port 49947 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49947
              Source: unknownNetwork traffic detected: HTTP traffic on port 49948 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49948
              Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49950
              Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49951
              Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49953
              Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49956
              Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49957
              Source: unknownNetwork traffic detected: HTTP traffic on port 49959 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49961
              Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49970
              Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49975
              Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49991
              Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49992
              Source: unknownNetwork traffic detected: HTTP traffic on port 49993 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49993
              Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49994
              Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49996
              Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49997
              Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49998
              Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49999
              Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50000
              Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50001
              Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50002
              Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50003
              Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50006
              Source: unknownNetwork traffic detected: HTTP traffic on port 50007 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50007
              Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50009
              Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50010
              Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50012
              Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50013
              Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50014
              Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50015
              Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50016
              Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50017
              Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50018
              Source: unknownNetwork traffic detected: HTTP traffic on port 50019 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50019
              Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50020
              Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50021
              Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50022
              Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50023
              Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50024
              Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50025
              Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50026
              Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50027
              Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50028
              Source: unknownNetwork traffic detected: HTTP traffic on port 50029 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50029
              Source: unknownNetwork traffic detected: HTTP traffic on port 50030 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50030
              Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50031
              Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50032
              Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50033
              Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50034
              Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50036
              Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50037
              Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50038
              Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50039
              Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50040
              Source: unknownNetwork traffic detected: HTTP traffic on port 50041 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50041
              Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50042
              Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50043
              Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50044
              Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50045
              Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50046
              Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50047
              Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50048
              Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50049
              Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50050
              Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50051
              Source: unknownNetwork traffic detected: HTTP traffic on port 50052 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50052
              Source: unknownNetwork traffic detected: HTTP traffic on port 50054 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50054
              Source: unknownNetwork traffic detected: HTTP traffic on port 50055 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50055
              Source: unknownNetwork traffic detected: HTTP traffic on port 50056 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50056
              Source: unknownNetwork traffic detected: HTTP traffic on port 50057 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50057
              Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50058
              Source: unknownNetwork traffic detected: HTTP traffic on port 50059 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50059
              Source: unknownNetwork traffic detected: HTTP traffic on port 50060 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50060
              Source: unknownNetwork traffic detected: HTTP traffic on port 50061 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50061
              Source: unknownNetwork traffic detected: HTTP traffic on port 50062 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50062
              Source: unknownNetwork traffic detected: HTTP traffic on port 50063 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50063
              Source: unknownNetwork traffic detected: HTTP traffic on port 50064 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50064
              Source: unknownNetwork traffic detected: HTTP traffic on port 50065 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50065
              Source: unknownNetwork traffic detected: HTTP traffic on port 50066 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50066
              Source: unknownNetwork traffic detected: HTTP traffic on port 50068 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50068
              Source: unknownNetwork traffic detected: HTTP traffic on port 50069 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50069
              Source: unknownNetwork traffic detected: HTTP traffic on port 50070 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50070
              Source: unknownNetwork traffic detected: HTTP traffic on port 50071 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50071
              Source: unknownNetwork traffic detected: HTTP traffic on port 50072 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50072
              Source: unknownNetwork traffic detected: HTTP traffic on port 50073 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50073
              Source: unknownNetwork traffic detected: HTTP traffic on port 50074 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50074
              Source: unknownNetwork traffic detected: HTTP traffic on port 50075 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50075
              Source: unknownNetwork traffic detected: HTTP traffic on port 50076 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50076
              Source: unknownNetwork traffic detected: HTTP traffic on port 50078 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50078
              Source: unknownNetwork traffic detected: HTTP traffic on port 50079 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50079
              Source: unknownNetwork traffic detected: HTTP traffic on port 50080 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50080
              Source: unknownNetwork traffic detected: HTTP traffic on port 50081 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50081
              Source: unknownNetwork traffic detected: HTTP traffic on port 50082 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50082
              Source: unknownNetwork traffic detected: HTTP traffic on port 50083 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50083
              Source: unknownNetwork traffic detected: HTTP traffic on port 50084 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50084
              Source: unknownNetwork traffic detected: HTTP traffic on port 50085 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50085
              Source: unknownNetwork traffic detected: HTTP traffic on port 50086 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50086
              Source: unknownNetwork traffic detected: HTTP traffic on port 50087 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50087
              Source: unknownNetwork traffic detected: HTTP traffic on port 50088 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50088
              Source: unknownNetwork traffic detected: HTTP traffic on port 50089 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50089
              Source: unknownNetwork traffic detected: HTTP traffic on port 50090 -> 9000
              Source: global trafficTCP traffic: 192.168.2.7:49682 -> 194.26.29.44:15847
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: Joe Sandbox ViewIP Address: 2.22.242.105 2.22.242.105
              Source: Joe Sandbox ViewIP Address: 2.22.242.11 2.22.242.11
              Source: Joe Sandbox ViewIP Address: 13.74.129.1 13.74.129.1
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49694 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49692 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49714 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49716 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49713 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49723 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49718 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49697 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49725 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49710 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49703 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49687 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49688 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49720 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49701 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49736 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49708 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49728 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49704 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49709 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49705 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49690 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49722 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49737 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49726 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49742 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49734 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49744 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49732 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49717 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49700 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49721 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49745 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49750 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49712 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49753 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49748 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49752 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49751 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49758 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49706 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49755 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49743 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49759 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49731 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49760 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49763 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49756 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49739 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49764 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49761 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49767 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49747 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49769 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49773 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49774 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49776 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49777 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49778 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49770 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49779 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49781 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49768 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49772 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49782 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49786 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49788 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49789 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49792 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49793 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49790 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49794 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49796 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49784 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49785 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49798 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49800 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49801 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49803 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49797 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49806 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49808 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49805 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49810 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49815 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49830 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49831 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49834 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49842 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49838 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49841 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49849 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49844 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49855 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49865 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49862 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49866 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49869 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49868 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49879 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49874 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49888 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49883 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49887 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49891 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49892 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49893 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49895 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49896 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49897 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49898 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49889 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49901 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49902 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49904 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49906 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49907 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49909 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49910 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49912 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49914 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49916 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49918 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49919 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49920 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49876 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49882 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49924 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49900 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49905 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49925 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49923 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49928 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49929 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49931 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49932 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49938 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49942 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49951 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49953 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49959 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49957 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49961 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49970 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49975 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49992 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49993 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49994 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49996 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49997 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49999 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50000 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50001 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50002 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50006 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50007 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50009 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50010 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50012 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50013 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50014 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50016 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50017 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50018 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50019 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50015 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50020 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50021 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50022 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50023 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50024 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50003 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50025 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50026 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50027 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50028 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50029 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50030 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50031 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50032 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50033 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50034 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50036 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50037 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50038 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50039 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50040 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50041 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50042 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50044 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50045 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49913 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50046 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50047 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50048 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49926 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50049 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49935 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49991 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50051 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50052 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50054 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50055 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50056 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50057 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50058 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50060 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50061 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50063 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49998 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50068 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50070 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50072 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50076 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50079 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50093 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50095 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50096 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50091 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50102 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50103 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50105 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50106 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50109 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50113 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50118 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50099 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50050 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50124 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50130 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50131 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50069 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50071 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50098 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50129 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50120 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50043 -> 194.26.29.44:9000
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50097 -> 194.26.29.44:9000
              Source: unknownTCP traffic detected without corresponding DNS query: 23.199.215.203
              Source: unknownTCP traffic detected without corresponding DNS query: 2.18.98.62
              Source: unknownTCP traffic detected without corresponding DNS query: 23.199.215.203
              Source: unknownTCP traffic detected without corresponding DNS query: 2.18.98.62
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: unknownTCP traffic detected without corresponding DNS query: 194.26.29.44
              Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiKo8sBCIWgzQEI9s/OAQiB1s4BCMnczgEIhODOAQii5M4BCK/kzgEI6eTOAQ==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiKo8sBCIWgzQEI9s/OAQiB1s4BCMnczgEIhODOAQii5M4BCK/kzgEI6eTOAQ==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531 HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
              Source: global trafficHTTP traffic detected: GET /edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531 HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
              Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/SSR-extension.cb278af4d754dd8a1a58.js HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 1.35sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 100sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 4gAccept: */*sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; sptmarket=en-GB||us|en-us|en-us|en||cf=8|RefA=E315E8C40A034817B4168803AB59B784.RefC=2025-03-15T13:16:24Z; USRLOC=; MUID=31C987FAE151690E01DA924AE0F968D8; MUIDB=31C987FAE151690E01DA924AE0F968D8; _EDGE_S=F=1&SID=2CEE59486DB465403C244CF86C6564B3; _EDGE_V=1
              Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/web-worker.948ffa5ea2d441a35f55.js HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 1.35sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 100sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 4gAccept: */*sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; sptmarket=en-GB||us|en-us|en-us|en||cf=8|RefA=E315E8C40A034817B4168803AB59B784.RefC=2025-03-15T13:16:24Z; USRLOC=; MUID=31C987FAE151690E01DA924AE0F968D8; MUIDB=31C987FAE151690E01DA924AE0F968D8; _EDGE_S=F=1&SID=2CEE59486DB465403C244CF86C6564B3; _EDGE_V=1
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE HTTP/1.1Host: 194.26.29.44:9000Connection: Keep-Alive
              Source: global trafficDNS traffic detected: DNS query: www.google.com
              Source: global trafficDNS traffic detected: DNS query: ntp.msn.com
              Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
              Source: global trafficDNS traffic detected: DNS query: sb.scorecardresearch.com
              Source: global trafficDNS traffic detected: DNS query: c.msn.com
              Source: global trafficDNS traffic detected: DNS query: assets.msn.com
              Source: global trafficDNS traffic detected: DNS query: api.msn.com
              Source: Microsoft.VisualStudio.Setup.Download.dll.4.drString found in binary or memory: http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://micros
              Source: is-LMMQQ.tmp.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
              Source: is-LMMQQ.tmp.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
              Source: Blue-Cloner-Signed.tmp, 00000001.00000003.859820828.00000000022E3000.00000004.00001000.00020000.00000000.sdmp, Blue-Cloner-Signed.tmp, 00000003.00000003.884108964.0000000002453000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.1.dr, _isdecmp.dll.3.drString found in binary or memory: http://crl.certum.pl/cscasha2.crl0q
              Source: Blue-Cloner-Signed.tmp, 00000001.00000003.859820828.00000000022E3000.00000004.00001000.00020000.00000000.sdmp, Blue-Cloner-Signed.tmp, 00000003.00000003.884108964.0000000002453000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.1.dr, _isdecmp.dll.3.drString found in binary or memory: http://crl.certum.pl/ctnca.crl0k
              Source: is-82LNC.tmp.3.drString found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
              Source: is-82LNC.tmp.3.drString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
              Source: is-82LNC.tmp.3.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
              Source: is-82LNC.tmp.3.drString found in binary or memory: http://crl.globalsign.net/root-r3.crl0
              Source: Blue-Cloner-Signed.tmp, 00000001.00000003.859820828.00000000022E3000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.1.dr, _isdecmp.dll.3.drString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
              Source: is-9Q7I2.tmp.3.dr, is-7V644.tmp.3.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
              Source: is-LMMQQ.tmp.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
              Source: is-LMMQQ.tmp.3.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
              Source: is-LMMQQ.tmp.3.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
              Source: is-LMMQQ.tmp.3.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
              Source: Blue-Cloner-Signed.tmp, 00000001.00000003.859820828.00000000022E3000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.1.dr, _isdecmp.dll.3.drString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
              Source: Blue-Cloner-Signed.tmp, 00000001.00000003.859820828.00000000022E3000.00000004.00001000.00020000.00000000.sdmp, Blue-Cloner-Signed.tmp, 00000003.00000003.884108964.0000000002453000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.1.dr, _isdecmp.dll.3.drString found in binary or memory: http://cscasha2.ocsp-certum.com04
              Source: is-S2L72.tmp.3.drString found in binary or memory: http://localhostrootServerBindingsSecureBindingshttps://localhost443:http://localhostprimaryfusion.d
              Source: is-LMMQQ.tmp.3.drString found in binary or memory: http://ocsp.digicert.com0C
              Source: is-LMMQQ.tmp.3.drString found in binary or memory: http://ocsp.digicert.com0O
              Source: Blue-Cloner-Signed.tmp, 00000001.00000003.859820828.00000000022E3000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.1.dr, _isdecmp.dll.3.drString found in binary or memory: http://ocsp.sectigo.com0
              Source: is-9Q7I2.tmp.3.dr, is-7V644.tmp.3.drString found in binary or memory: http://ocsp.thawte.com0
              Source: is-82LNC.tmp.3.drString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
              Source: is-82LNC.tmp.3.drString found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
              Source: is-82LNC.tmp.3.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
              Source: Blue-Cloner-Signed.tmp, 00000001.00000003.859820828.00000000022E3000.00000004.00001000.00020000.00000000.sdmp, Blue-Cloner-Signed.tmp, 00000003.00000003.884108964.0000000002453000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.1.dr, _isdecmp.dll.3.drString found in binary or memory: http://repository.certum.pl/cscasha2.cer0
              Source: Blue-Cloner-Signed.tmp, 00000001.00000003.859820828.00000000022E3000.00000004.00001000.00020000.00000000.sdmp, Blue-Cloner-Signed.tmp, 00000003.00000003.884108964.0000000002453000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.1.dr, _isdecmp.dll.3.drString found in binary or memory: http://repository.certum.pl/ctnca.cer09
              Source: is-LMMQQ.tmp.3.drString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
              Source: is-LMMQQ.tmp.3.drString found in binary or memory: http://s2.symcb.com0
              Source: is-S2L72.tmp.3.drString found in binary or memory: http://schemas.xmlsoap.org/disco/http://schemas.xmlsoap.org/wsdl/XMLDocument
              Source: is-82LNC.tmp.3.drString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
              Source: is-82LNC.tmp.3.drString found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
              Source: Blue-Cloner-Signed.tmp, 00000001.00000003.859820828.00000000022E3000.00000004.00001000.00020000.00000000.sdmp, Blue-Cloner-Signed.tmp, 00000003.00000003.884108964.0000000002453000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.1.dr, _isdecmp.dll.3.drString found in binary or memory: http://subca.ocsp-certum.com01
              Source: is-LMMQQ.tmp.3.drString found in binary or memory: http://sv.symcb.com/sv.crl0a
              Source: is-LMMQQ.tmp.3.drString found in binary or memory: http://sv.symcb.com/sv.crt0
              Source: is-LMMQQ.tmp.3.drString found in binary or memory: http://sv.symcd.com0&
              Source: is-9Q7I2.tmp.3.dr, is-7V644.tmp.3.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
              Source: is-9Q7I2.tmp.3.dr, is-7V644.tmp.3.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
              Source: is-9Q7I2.tmp.3.dr, is-7V644.tmp.3.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
              Source: WindowsBase.dll.4.dr, is-REOGC.tmp.3.drString found in binary or memory: http://uri.etsi.org/01903/v1.2.2#SignedProperties
              Source: WindowsBase.dll.4.dr, is-REOGC.tmp.3.drString found in binary or memory: http://uri.etsi.org/01903/v1.2.2#bhttp://uri.etsi.org/01903/v1.2.2#SignedProperties
              Source: WindowsBase.dll.4.dr, is-REOGC.tmp.3.drString found in binary or memory: http://uri.etsi.org/01903/v1.2.2#yHKEY_LOCAL_MACHINE
              Source: AutoIt3.exe, 00000004.00000000.882877850.00000000002D5000.00000002.00000001.01000000.0000000E.sdmp, AutoIt3.exe, 00000008.00000000.1016207917.0000000000E25000.00000002.00000001.01000000.00000014.sdmp, AutoIt3.exe, 0000000A.00000000.1098628197.0000000000E25000.00000002.00000001.01000000.00000014.sdmp, is-82LNC.tmp.3.drString found in binary or memory: http://www.autoitscript.com/autoit3/X
              Source: Blue-Cloner-Signed.tmp, 00000001.00000003.859820828.00000000022E3000.00000004.00001000.00020000.00000000.sdmp, Blue-Cloner-Signed.tmp, 00000003.00000003.884108964.0000000002453000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.1.dr, _isdecmp.dll.3.drString found in binary or memory: http://www.certum.pl/CPS0
              Source: is-LMMQQ.tmp.3.drString found in binary or memory: http://www.digicert.com/CPS0
              Source: is-LMMQQ.tmp.3.drString found in binary or memory: http://www.symauth.com/cps0(
              Source: is-LMMQQ.tmp.3.drString found in binary or memory: http://www.symauth.com/rpa00
              Source: is-9Q7I2.tmp.3.dr, is-7V644.tmp.3.drString found in binary or memory: http://www.vmware.com/0
              Source: is-LMMQQ.tmp.3.drString found in binary or memory: http://www.winzip.com/authenticode.htm0
              Source: chrome.exe, 00000006.00000003.976877692.00006CA0000DC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.981705495.00000180330C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
              Source: is-LMMQQ.tmp.3.drString found in binary or memory: https://d.symcb.com/cps0%
              Source: is-LMMQQ.tmp.3.drString found in binary or memory: https://d.symcb.com/rpa0
              Source: Microsoft.AspNetCore.Http.dll.4.drString found in binary or memory: https://github.com/dotnet/aspnetcore
              Source: Microsoft.AspNetCore.Http.dll.4.drString found in binary or memory: https://github.com/dotnet/aspnetcore/tree/57512b49997283599b00a6b67d0ccebaec171daf
              Source: is-0DKEL.tmp.3.drString found in binary or memory: https://github.com/dotnet/roslyn
              Source: UIAutomationClientSideProviders.dll.4.dr, is-L9AJM.tmp.3.drString found in binary or memory: https://github.com/dotnet/wpf
              Source: UIAutomationClientSideProviders.dll.4.dr, is-L9AJM.tmp.3.drString found in binary or memory: https://github.com/dotnet/wpf4
              Source: is-PGLBN.tmp.3.drString found in binary or memory: https://github.com/microsoft/winforms-designer
              Source: Blue-Cloner-Signed.tmp, 00000001.00000003.859820828.00000000022E3000.00000004.00001000.00020000.00000000.sdmp, Blue-Cloner-Signed.tmp, 00000003.00000003.884108964.0000000002453000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.1.dr, _isdecmp.dll.3.drString found in binary or memory: https://jrsoftware.org/
              Source: Blue-Cloner-Signed.exeString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
              Source: Blue-Cloner-Signed.tmp, 00000001.00000003.859820828.00000000022E3000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.1.dr, _isdecmp.dll.3.drString found in binary or memory: https://jrsoftware.org0
              Source: Microsoft.VisualStudio.Setup.Download.dll.4.drString found in binary or memory: https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47
              Source: Microsoft.VisualStudio.Setup.Download.dll.4.drString found in binary or memory: https://login.microsoftonline.comH72f988bf-86f1-41af-91ab-2d7cd011db47
              Source: jsc.exe, 00000009.00000002.1086363398.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com/raw/WQwfZTNB
              Source: jsc.exe, 00000009.00000002.1086363398.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com/raw/WQwfZTNBPO
              Source: Blue-Cloner-Signed.tmp, 00000001.00000003.859820828.00000000022E3000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.1.dr, _isdecmp.dll.3.drString found in binary or memory: https://sectigo.com/CPS0D
              Source: is-82LNC.tmp.3.drString found in binary or memory: https://www.autoitscript.com/autoit3/
              Source: Blue-Cloner-Signed.tmp, 00000001.00000003.859820828.00000000022E3000.00000004.00001000.00020000.00000000.sdmp, Blue-Cloner-Signed.tmp, 00000003.00000003.884108964.0000000002453000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.1.dr, _isdecmp.dll.3.drString found in binary or memory: https://www.certum.pl/CPS0
              Source: is-LMMQQ.tmp.3.drString found in binary or memory: https://www.digicert.com/CPS0
              Source: is-82LNC.tmp.3.drString found in binary or memory: https://www.globalsign.com/repository/0
              Source: is-82LNC.tmp.3.drString found in binary or memory: https://www.globalsign.com/repository/06
              Source: Blue-Cloner-Signed.exe, 00000000.00000003.853955200.000000007FB30000.00000004.00001000.00020000.00000000.sdmp, Blue-Cloner-Signed.tmp, 00000001.00000000.855177402.0000000000401000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.innosetup.com/
              Source: Blue-Cloner-Signed.exe, 00000000.00000003.853955200.000000007FB30000.00000004.00001000.00020000.00000000.sdmp, Blue-Cloner-Signed.tmp, 00000001.00000000.855177402.0000000000401000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.remobjects.com/ps
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
              Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
              Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
              Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
              Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
              Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
              Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
              Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
              Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
              Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
              Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: 9.2.jsc.exe.730000.0.unpack, type: UNPACKEDPEMatched rule: Detects Arechclient2 RAT Author: ditekSHen
              Submitted sample is a known malware sample
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped file: MD5: 9a7234078559093e06c9d32148ed95a3 Family: TRITON Alias: TEMP.Veles, TRISIS, XENOTIME, HATMAN, TRITON Description: TRITON, named by FireEye, is an attack framework built to interact with Triconex Safety Instrumented System (SIS) controllers. It is one of a limited number of publicly identified malicious software families targeted at industrial control systems (ICS). It could prevent safety mechanisms from executing their intended function, resulting in a physical consequence.When the attacker gained remote access to an SIS engineering workstation, the TRITON attack framework was deployed to reprogram the SIS controllers, to modify application memory on SIS controllers that could lead to a failed validation check. References: https://www.fireeye.com/blog/threat-research/2018/10/triton-attribution-russian-government-owned-lab-most-likely-built-tools.html https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.htmlhttps://dragos.com/adversaries.htmlhttps://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.htmlData Source: https://github.com/RedDrip7/APT_Digital_Weapon
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped file: MD5: 9a7234078559093e06c9d32148ed95a3 Family: TRITON Alias: TEMP.Veles, TRISIS, XENOTIME, HATMAN, TRITON Description: TRITON, named by FireEye, is an attack framework built to interact with Triconex Safety Instrumented System (SIS) controllers. It is one of a limited number of publicly identified malicious software families targeted at industrial control systems (ICS). It could prevent safety mechanisms from executing their intended function, resulting in a physical consequence.When the attacker gained remote access to an SIS engineering workstation, the TRITON attack framework was deployed to reprogram the SIS controllers, to modify application memory on SIS controllers that could lead to a failed validation check. References: https://www.fireeye.com/blog/threat-research/2018/10/triton-attribution-russian-government-owned-lab-most-likely-built-tools.html https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.htmlhttps://dragos.com/adversaries.htmlhttps://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.htmlData Source: https://github.com/RedDrip7/APT_Digital_Weapon
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeDropped file: MD5: 9a7234078559093e06c9d32148ed95a3 Family: TRITON Alias: TEMP.Veles, TRISIS, XENOTIME, HATMAN, TRITON Description: TRITON, named by FireEye, is an attack framework built to interact with Triconex Safety Instrumented System (SIS) controllers. It is one of a limited number of publicly identified malicious software families targeted at industrial control systems (ICS). It could prevent safety mechanisms from executing their intended function, resulting in a physical consequence.When the attacker gained remote access to an SIS engineering workstation, the TRITON attack framework was deployed to reprogram the SIS controllers, to modify application memory on SIS controllers that could lead to a failed validation check. References: https://www.fireeye.com/blog/threat-research/2018/10/triton-attribution-russian-government-owned-lab-most-likely-built-tools.html https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.htmlhttps://dragos.com/adversaries.htmlhttps://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.htmlData Source: https://github.com/RedDrip7/APT_Digital_Weapon
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess Stats: CPU usage > 49%
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeCode function: 9_2_00AE10509_2_00AE1050
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeCode function: 9_2_00AE19409_2_00AE1940
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeCode function: 9_2_00AE75989_2_00AE7598
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeCode function: 9_2_00AE59AB9_2_00AE59AB
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeCode function: 9_2_00AE19319_2_00AE1931
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeCode function: 9_2_00AE45F89_2_00AE45F8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeCode function: 9_2_00AE46089_2_00AE4608
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeCode function: 9_2_00AE17249_2_00AE1724
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeCode function: 9_2_00AE59C89_2_00AE59C8
              Source: Joe Sandbox ViewDropped File: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe 1DA298CAB4D537B0B7B5DABF09BFF6A212B9E45731E0CC772F99026005FB9E48
              Source: Blue-Cloner-Signed.exeStatic PE information: invalid certificate
              Source: Blue-Cloner-Signed.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
              Source: Blue-Cloner-Signed.tmp.2.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
              Source: is-O9589.tmp.3.drStatic PE information: No import functions for PE file found
              Source: is-0DKEL.tmp.3.drStatic PE information: No import functions for PE file found
              Source: is-N4QCG.tmp.3.drStatic PE information: No import functions for PE file found
              Source: is-QNESL.tmp.3.drStatic PE information: No import functions for PE file found
              Source: Blue-Cloner-Signed.exe, 00000000.00000000.853055354.00000000004F8000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs Blue-Cloner-Signed.exe
              Source: Blue-Cloner-Signed.exe, 00000000.00000003.861624486.00000000021CA000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs Blue-Cloner-Signed.exe
              Source: Blue-Cloner-Signed.exe, 00000000.00000003.861624486.0000000002288000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs Blue-Cloner-Signed.exe
              Source: Blue-Cloner-Signed.exe, 00000000.00000003.853955200.000000007FE33000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs Blue-Cloner-Signed.exe
              Source: Blue-Cloner-Signed.exe, 00000002.00000003.886976077.0000000002268000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs Blue-Cloner-Signed.exe
              Source: Blue-Cloner-Signed.exe, 00000002.00000003.886976077.00000000021AA000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs Blue-Cloner-Signed.exe
              Source: Blue-Cloner-Signed.exeBinary or memory string: OriginalFileName vs Blue-Cloner-Signed.exe
              Source: Blue-Cloner-Signed.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
              Source: 9.2.jsc.exe.730000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
              Source: is-0DKEL.tmp.3.dr, NamedPipeUtil.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
              Source: is-0DKEL.tmp.3.dr, NamedPipeUtil.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: is-0DKEL.tmp.3.dr, BuildServerConnection.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
              Source: is-0DKEL.tmp.3.dr, BuildServerConnection.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@70/224@18/13
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeMutant created: NULL
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeMutant created: \Sessions\1\BaseNamedObjects\80a528d848384796864d9d408fd78d4c
              Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exeFile created: C:\Users\user~1\AppData\Local\Temp\is-KJ2AK.tmpJump to behavior
              Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
              Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
              Source: Blue-Cloner-Signed.exeString found in binary or memory: /LOADINF="filename"
              Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exeFile read: C:\Users\user\Desktop\Blue-Cloner-Signed.exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\Blue-Cloner-Signed.exe "C:\Users\user\Desktop\Blue-Cloner-Signed.exe"
              Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exeProcess created: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp "C:\Users\user~1\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp" /SL5="$203E4,16056410,995328,C:\Users\user\Desktop\Blue-Cloner-Signed.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpProcess created: C:\Users\user\Desktop\Blue-Cloner-Signed.exe "C:\Users\user\Desktop\Blue-Cloner-Signed.exe" /VERYSILENT
              Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exeProcess created: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp "C:\Users\user~1\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp" /SL5="$203F2,16056410,995328,C:\Users\user\Desktop\Blue-Cloner-Signed.exe" /VERYSILENT
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpProcess created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe "C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe" lionheartedly.a3x
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9502 --profile-directory="Default"
              Source: unknownProcess created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe "C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Autoit3.exe" "C:\9e146be9-c76a-4720-bcdb-53011b87bd06\lionheartedly.a3x"
              Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"
              Source: unknownProcess created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe "C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Autoit3.exe" "C:\9e146be9-c76a-4720-bcdb-53011b87bd06\lionheartedly.a3x"
              Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9897 --profile-directory="Default"
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2188,i,17180470386210367676,4269936662652460596,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2192 /prefetch:3
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=8053 --profile-directory="Default"
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2588 --field-trial-handle=2080,i,12350679301300759523,9547740877792458895,262144 /prefetch:3
              Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=8053 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=2076,i,17998252986563725011,528699901736445202,262144 /prefetch:3
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=7905 --profile-directory="Default"
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2524 --field-trial-handle=2336,i,5047216504094889522,3815978345748103374,262144 /prefetch:3
              Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=7905 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2424 --field-trial-handle=2512,i,1085491752832484117,15979880841371217689,262144 /prefetch:3
              Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exeProcess created: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp "C:\Users\user~1\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp" /SL5="$203E4,16056410,995328,C:\Users\user\Desktop\Blue-Cloner-Signed.exe" Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpProcess created: C:\Users\user\Desktop\Blue-Cloner-Signed.exe "C:\Users\user\Desktop\Blue-Cloner-Signed.exe" /VERYSILENTJump to behavior
              Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exeProcess created: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp "C:\Users\user~1\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp" /SL5="$203F2,16056410,995328,C:\Users\user\Desktop\Blue-Cloner-Signed.exe" /VERYSILENTJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpProcess created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe "C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe" lionheartedly.a3xJump to behavior
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9502 --profile-directory="Default"Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9897 --profile-directory="Default"Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=8053 --profile-directory="Default"Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=7905 --profile-directory="Default"Jump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"Jump to behavior
              Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2188,i,17180470386210367676,4269936662652460596,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2192 /prefetch:3
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2588 --field-trial-handle=2080,i,12350679301300759523,9547740877792458895,262144 /prefetch:3
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=2076,i,17998252986563725011,528699901736445202,262144 /prefetch:3
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2524 --field-trial-handle=2336,i,5047216504094889522,3815978345748103374,262144 /prefetch:3
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2424 --field-trial-handle=2512,i,1085491752832484117,15979880841371217689,262144 /prefetch:3
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
              Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exeSection loaded: netapi32.dllJump to behavior
              Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpSection loaded: netapi32.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpSection loaded: wtsapi32.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpSection loaded: winsta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpSection loaded: textinputframework.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpSection loaded: coreuicomponents.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpSection loaded: shfolder.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpSection loaded: rstrtmgr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpSection loaded: propsys.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpSection loaded: edputil.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpSection loaded: appresolver.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpSection loaded: slc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpSection loaded: sppc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exeSection loaded: netapi32.dllJump to behavior
              Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpSection loaded: netapi32.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpSection loaded: wtsapi32.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpSection loaded: winsta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpSection loaded: textinputframework.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpSection loaded: coreuicomponents.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpSection loaded: shfolder.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpSection loaded: rstrtmgr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpSection loaded: textshaping.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpSection loaded: dwmapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpSection loaded: sfc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpSection loaded: sfc_os.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpSection loaded: explorerframe.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeSection loaded: wsock32.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeSection loaded: winmm.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: rtutils.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: windowscodecs.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: websocket.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exeSection loaded: wsock32.dllJump to behavior
              Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exeSection loaded: version.dllJump to behavior
              Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exeSection loaded: winmm.dllJump to behavior
              Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exeSection loaded: mpr.dllJump to behavior
              Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exeSection loaded: wininet.dllJump to behavior
              Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exeSection loaded: userenv.dllJump to behavior
              Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exeSection loaded: wsock32.dll
              Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exeSection loaded: version.dll
              Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exeSection loaded: winmm.dll
              Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exeSection loaded: mpr.dll
              Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exeSection loaded: wininet.dll
              Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exeSection loaded: iphlpapi.dll
              Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exeSection loaded: userenv.dll
              Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exeSection loaded: uxtheme.dll
              Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exeSection loaded: kernel.appcore.dll
              Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exeSection loaded: cryptsp.dll
              Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exeSection loaded: rsaenh.dll
              Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exeSection loaded: cryptbase.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: mscoree.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: version.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeSection loaded: uxtheme.dll
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpWindow found: window name: TMainFormJump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
              Source: Blue-Cloner-Signed.exeStatic file information: File size 19400458 > 1048576
              Source: Blue-Cloner-Signed.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: Binary string: vbc.pdb source: is-0DKEL.tmp.3.dr
              Source: Binary string: D:\dbs\sh\ddvsm\1002_165500_0\cmd\a\out\binaries\amd64ret\bin\amd64\vspkgs\Opt\x05xyg5w.zg2\Output\CompSvcsPkg.pdb source: is-S2L72.tmp.3.dr
              Source: Binary string: /_/artifacts/obj/Microsoft.AspNetCore.Http/Release/net7.0/Microsoft.AspNetCore.Http.pdb source: Microsoft.AspNetCore.Http.dll.4.dr
              Source: Binary string: D:\a\_work\1\s\src\Setup.Download\obj\Release\net45\Microsoft.VisualStudio.Setup.Download.pdb" source: Microsoft.VisualStudio.Setup.Download.dll.4.dr
              Source: Binary string: /_/artifacts/obj/Microsoft.DotNet.DesignTools.Protocol/Release/netcoreapp3.1/Microsoft.DotNet.DesignTools.Protocol.pdb source: is-PGLBN.tmp.3.dr
              Source: Binary string: WindowsBase.pdb source: WindowsBase.dll.4.dr, is-REOGC.tmp.3.dr
              Source: Binary string: /_/artifacts/obj/Microsoft.Build.Tasks.CodeAnalysis/Release/net6.0/Microsoft.Build.Tasks.CodeAnalysis.pdb source: is-0DKEL.tmp.3.dr
              Source: Binary string: Microsoft.VisualStudio.TestPlatform.ObjectModel.ni.pdb source: Microsoft.VisualStudio.TestPlatform.ObjectModel.dll.4.dr
              Source: Binary string: WindowsBase.pdbBSJB source: WindowsBase.dll.4.dr, is-REOGC.tmp.3.dr
              Source: Binary string: UIAutomationClientSideProviders.ni.pdb source: UIAutomationClientSideProviders.dll.4.dr, is-L9AJM.tmp.3.dr
              Source: Binary string: methodName.pdb!RunConfiguration5.NETFramework,Version=v3.55.NETFramework,Version=v4.05.NETFramework,Version=v4.5#UAP,Version=v10.0!ResultsDirectory source: Microsoft.VisualStudio.TestPlatform.ObjectModel.dll.4.dr
              Source: Binary string: Microsoft.VisualStudio.TestPlatform.ObjectModel.pdb source: Microsoft.VisualStudio.TestPlatform.ObjectModel.dll.4.dr
              Source: Binary string: type: yPortableSymbolReader: Failed to load symbols for binary: {0}GCannot find portable .PDB file for source: Microsoft.VisualStudio.TestPlatform.ObjectModel.dll.4.dr
              Source: Binary string: /_/artifacts/obj/Microsoft.AspNetCore.Http/Release/net7.0/Microsoft.AspNetCore.Http.pdbSHA256$ source: Microsoft.AspNetCore.Http.dll.4.dr
              Source: Binary string: /_/artifacts/obj/Microsoft.DotNet.DesignTools.Protocol/Release/netcoreapp3.1/Microsoft.DotNet.DesignTools.Protocol.pdbSHA2564X source: is-PGLBN.tmp.3.dr
              Source: Binary string: Microsoft.Build.Tasks.CodeAnalysis.ni.pdb source: is-0DKEL.tmp.3.dr
              Source: Binary string: Microsoft.AspNetCore.Http.ni.pdb source: Microsoft.AspNetCore.Http.dll.4.dr
              Source: Binary string: /_/artifacts/obj/UIAutomationClientSideProviders/x64/Release/net7.0/UIAutomationClientSideProviders.pdbRSDS source: UIAutomationClientSideProviders.dll.4.dr, is-L9AJM.tmp.3.dr
              Source: Binary string: /_/artifacts/obj/UIAutomationClientSideProviders/x64/Release/net7.0/UIAutomationClientSideProviders.pdb source: UIAutomationClientSideProviders.dll.4.dr, is-L9AJM.tmp.3.dr
              Source: Binary string: c:\zlib-dll\Release\isunzlib.pdb source: Blue-Cloner-Signed.tmp, 00000001.00000003.859820828.00000000022E3000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.1.dr, _isdecmp.dll.3.dr
              Source: Binary string: D:\a\_work\1\s\src\Setup.Download\obj\Release\net45\Microsoft.VisualStudio.Setup.Download.pdb source: Microsoft.VisualStudio.Setup.Download.dll.4.dr
              Source: is-N4QCG.tmp.3.drStatic PE information: 0xEED4070D [Thu Dec 20 20:14:05 2096 UTC]
              Source: Blue-Cloner-Signed.exeStatic PE information: section name: .didata
              Source: Blue-Cloner-Signed.tmp.0.drStatic PE information: section name: .didata
              Source: Blue-Cloner-Signed.tmp.2.drStatic PE information: section name: .didata
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeCode function: 9_2_00AE41AB pushfd ; ret 9_2_00AE41E6
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-Q86LU.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-V2HAC.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\Atlassian.Bitbucket.UI.exe (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-0DKEL.tmpJump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeFile created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Microsoft.AspNetCore.Http.dllJump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeFile created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Microsoft.VisualStudio.Services.CodeReview.WebApi.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-9Q7I2.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\Microsoft.VisualStudio.Setup.Download.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-67O6P.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\kvno.exe (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeFile created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\EppManifest.dllJump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeFile created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Microsoft.DotNet.DesignTools.Protocol.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\ahost.exe (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\gettext.exe (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeFile created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\MSB1FREN.DLLJump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeFile created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\MXF_SDK_XMLBuilder_1.3.39_vs10.dllJump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeFile created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\perf_intervals.dllJump to dropped file
              Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exeFile created: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-S2L72.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-MV4I3.tmpJump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeFile created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Microsoft.VisualStudio.TestPlatform.ObjectModel.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\perf_intervals.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\Microsoft.ExtendedReflection.Reasoning.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\jp2ssv.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeFile created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\boost_python-vc90-mt-gd-1_47.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\kdestroy.exe (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\Microsoft.AspNetCore.Http.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Local\Temp\is-14NCV.tmp\_isetup\_setup64.tmpJump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeFile created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Microsoft.TestPlatform.VsTestConsole.TranslationLayer.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-G5EHS.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-FATKD.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-J998I.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\git-upload-pack.exe (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-F4AFB.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-QM56C.tmpJump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeFile created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\CompSvcsPkg.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\Microsoft.DotNet.DesignTools.Protocol.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeFile created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\UIAutomationClientSideProviders.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-L9AJM.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Local\Temp\is-14NCV.tmp\_isetup\_iscrypt.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\scalar.exe (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\Microsoft.TestPlatform.VsTestConsole.TranslationLayer.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeFile created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\WRLiloPlugin.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-GOG00.tmpJump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeFile created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\jp2ssv.dllJump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeFile created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Microsoft.ExtendedReflection.Reasoning.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\CompSvcsPkg.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeFile created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\gnsdk_musicid.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-5CO57.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-7V644.tmpJump to dropped file
              Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exeFile created: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-7P6L7.tmpJump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeFile created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\7zxa64.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-7RJUF.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AdobeXMPFiles.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\MXF_SDK_XMLBuilder_1.3.39_vs10.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\gnsdk_musicid.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-9I5HK.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-QNESL.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Local\Temp\is-HLUPI.tmp\_isetup\_iscrypt.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Local\Temp\is-HLUPI.tmp\_isetup\_isdecmp.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-I90HQ.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-SEJ7F.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\Microsoft.VisualStudio.Services.CodeReview.WebApi.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-PGLBN.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-REOGC.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Local\Temp\is-14NCV.tmp\_isetup\_isdecmp.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\WindowsBase.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\Microsoft.Build.Tasks.CodeAnalysis.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\boost_python-vc90-mt-gd-1_47.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\WzWXFln64.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\kpasswd.exe (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-LMMQQ.tmpJump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeFile created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\WindowsBase.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\7zxa64.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\p11-kit.exe (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\UIAutomationClientSideProviders.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\MSB1FREN.DLL (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-1ETL8.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\WhoUses.exe (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeFile created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\CryptoPP530Fips32.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\git-askpass.exe (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeFile created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Microsoft.Build.Tasks.CodeAnalysis.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Local\Temp\is-HLUPI.tmp\_isetup\_setup64.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\CryptoPP530Fips32.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeFile created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Microsoft.VisualStudio.Setup.Download.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-AM20K.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\EppManifest.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-F1F38.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-7PBMM.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-O9589.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\kinit.exe (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-M1I32.tmpJump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeFile created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\WzWXFln64.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-1Q7FG.tmpJump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeFile created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AdobeXMPFiles.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\psl.exe (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\WRLiloPlugin.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\Microsoft.VisualStudio.TestPlatform.ObjectModel.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\bzip2.exe (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-N4QCG.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-82LNC.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-F170C.tmpJump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeFile created: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exeJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\kcpytkt.exe (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-GFSB8.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\x86_64-w64-mingw32-agrep.exe (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-K5Q6M.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\lzmadec.exe (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-BS67M.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-2T9KN.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-SRMF3.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpFile created: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-16T1P.tmpJump to dropped file

              Boot Survival

              barindex
              Monitors registry run keys for changes
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
              Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce lionheartedlyJump to behavior
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce lionheartedlyJump to behavior
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce lionheartedlyJump to behavior
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce lionheartedlyJump to behavior

              Hooking and other Techniques for Hiding and Protection

              barindex
              Uses known network protocols on non-standard ports
              Source: unknownNetwork traffic detected: HTTP traffic on port 49683 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 49684 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 49686 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49686
              Source: unknownNetwork traffic detected: HTTP traffic on port 49687 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49687
              Source: unknownNetwork traffic detected: HTTP traffic on port 49688 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49688
              Source: unknownNetwork traffic detected: HTTP traffic on port 49690 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49690
              Source: unknownNetwork traffic detected: HTTP traffic on port 49692 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49692
              Source: unknownNetwork traffic detected: HTTP traffic on port 49694 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49694
              Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49697
              Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49700
              Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49701
              Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49703
              Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49704
              Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49705
              Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49706
              Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49708
              Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49709
              Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49710
              Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49712
              Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49713
              Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49714
              Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49716
              Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49717
              Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49718
              Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49720
              Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49721
              Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49722
              Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49723
              Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49725
              Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49726
              Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49728
              Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49731
              Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49732
              Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49734
              Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49736
              Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49737
              Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49739
              Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49742
              Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49743
              Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49744
              Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49745
              Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49747
              Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49748
              Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49750
              Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49751
              Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49752
              Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49753
              Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49755
              Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49756
              Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49758
              Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49759
              Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49760
              Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49761
              Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49763
              Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49764
              Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49767
              Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49768
              Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49769
              Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49770
              Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49772
              Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49773
              Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49774
              Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49776
              Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49777
              Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49778
              Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49779
              Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49781
              Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49782
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49782
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49782
              Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49784
              Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49785
              Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49786
              Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49788
              Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49789
              Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49790
              Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49792
              Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49793
              Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49794
              Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49796
              Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49797
              Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49798
              Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49800
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49800
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49800
              Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49801
              Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49803
              Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49805
              Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49806
              Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49810
              Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49830
              Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49831
              Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49834
              Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49841
              Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49842
              Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49849
              Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49855
              Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49862
              Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49865
              Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49866
              Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49868
              Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49869
              Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49874
              Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49876
              Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49879
              Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49882
              Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49883
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49883
              Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49887
              Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49888
              Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49889
              Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49891
              Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49892
              Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49893
              Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49895
              Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49896
              Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49897
              Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49898
              Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49900
              Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49901
              Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49902
              Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49904
              Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49905
              Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49906
              Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49907
              Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49909
              Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49910
              Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49912
              Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49913
              Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49914
              Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49916
              Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49918
              Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49919
              Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49920
              Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49923
              Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49924
              Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49925
              Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49926
              Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49928
              Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49929
              Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49931
              Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49932
              Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49933
              Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49935
              Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49937
              Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49938
              Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49941
              Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49942
              Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49944
              Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49945
              Source: unknownNetwork traffic detected: HTTP traffic on port 49947 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49947
              Source: unknownNetwork traffic detected: HTTP traffic on port 49948 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49948
              Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49950
              Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49951
              Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49953
              Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49956
              Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49957
              Source: unknownNetwork traffic detected: HTTP traffic on port 49959 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49961
              Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49970
              Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49975
              Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49991
              Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49992
              Source: unknownNetwork traffic detected: HTTP traffic on port 49993 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49993
              Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49994
              Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49996
              Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49997
              Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49998
              Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 49999
              Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50000
              Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50001
              Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50002
              Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50003
              Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50006
              Source: unknownNetwork traffic detected: HTTP traffic on port 50007 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50007
              Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50009
              Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50010
              Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50012
              Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50013
              Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50014
              Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50015
              Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50016
              Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50017
              Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50018
              Source: unknownNetwork traffic detected: HTTP traffic on port 50019 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50019
              Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50020
              Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50021
              Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50022
              Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50023
              Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50024
              Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50025
              Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50026
              Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50027
              Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50028
              Source: unknownNetwork traffic detected: HTTP traffic on port 50029 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50029
              Source: unknownNetwork traffic detected: HTTP traffic on port 50030 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50030
              Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50031
              Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50032
              Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50033
              Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50034
              Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50036
              Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50037
              Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50038
              Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50039
              Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50040
              Source: unknownNetwork traffic detected: HTTP traffic on port 50041 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50041
              Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50042
              Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50043
              Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50044
              Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50045
              Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50046
              Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50047
              Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50048
              Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50049
              Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50050
              Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50051
              Source: unknownNetwork traffic detected: HTTP traffic on port 50052 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50052
              Source: unknownNetwork traffic detected: HTTP traffic on port 50054 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50054
              Source: unknownNetwork traffic detected: HTTP traffic on port 50055 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50055
              Source: unknownNetwork traffic detected: HTTP traffic on port 50056 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50056
              Source: unknownNetwork traffic detected: HTTP traffic on port 50057 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50057
              Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50058
              Source: unknownNetwork traffic detected: HTTP traffic on port 50059 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50059
              Source: unknownNetwork traffic detected: HTTP traffic on port 50060 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50060
              Source: unknownNetwork traffic detected: HTTP traffic on port 50061 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50061
              Source: unknownNetwork traffic detected: HTTP traffic on port 50062 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50062
              Source: unknownNetwork traffic detected: HTTP traffic on port 50063 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50063
              Source: unknownNetwork traffic detected: HTTP traffic on port 50064 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50064
              Source: unknownNetwork traffic detected: HTTP traffic on port 50065 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50065
              Source: unknownNetwork traffic detected: HTTP traffic on port 50066 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50066
              Source: unknownNetwork traffic detected: HTTP traffic on port 50068 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50068
              Source: unknownNetwork traffic detected: HTTP traffic on port 50069 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50069
              Source: unknownNetwork traffic detected: HTTP traffic on port 50070 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50070
              Source: unknownNetwork traffic detected: HTTP traffic on port 50071 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50071
              Source: unknownNetwork traffic detected: HTTP traffic on port 50072 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50072
              Source: unknownNetwork traffic detected: HTTP traffic on port 50073 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50073
              Source: unknownNetwork traffic detected: HTTP traffic on port 50074 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50074
              Source: unknownNetwork traffic detected: HTTP traffic on port 50075 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50075
              Source: unknownNetwork traffic detected: HTTP traffic on port 50076 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50076
              Source: unknownNetwork traffic detected: HTTP traffic on port 50078 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50078
              Source: unknownNetwork traffic detected: HTTP traffic on port 50079 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50079
              Source: unknownNetwork traffic detected: HTTP traffic on port 50080 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50080
              Source: unknownNetwork traffic detected: HTTP traffic on port 50081 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50081
              Source: unknownNetwork traffic detected: HTTP traffic on port 50082 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50082
              Source: unknownNetwork traffic detected: HTTP traffic on port 50083 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50083
              Source: unknownNetwork traffic detected: HTTP traffic on port 50084 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50084
              Source: unknownNetwork traffic detected: HTTP traffic on port 50085 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50085
              Source: unknownNetwork traffic detected: HTTP traffic on port 50086 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50086
              Source: unknownNetwork traffic detected: HTTP traffic on port 50087 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50087
              Source: unknownNetwork traffic detected: HTTP traffic on port 50088 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50088
              Source: unknownNetwork traffic detected: HTTP traffic on port 50089 -> 9000
              Source: unknownNetwork traffic detected: HTTP traffic on port 9000 -> 50089
              Source: unknownNetwork traffic detected: HTTP traffic on port 50090 -> 9000
              Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Blue-Cloner-Signed.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess information set: NOOPENFILEERRORBOX

              Malware Analysis System Evasion

              barindex
              Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeMemory allocated: 3190000 memory reserve | memory write watchJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeMemory allocated: 3370000 memory reserve | memory write watchJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeMemory allocated: 5370000 memory reserve | memory write watchJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeMemory allocated: AC0000 memory reserve | memory write watchJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeMemory allocated: 26F0000 memory reserve | memory write watchJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeMemory allocated: 46F0000 memory reserve | memory write watchJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeMemory allocated: 10F0000 memory reserve | memory write watch
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeMemory allocated: 2A30000 memory reserve | memory write watch
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeMemory allocated: 4A30000 memory reserve | memory write watch
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 600000Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 922337203685477
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWindow / User API: threadDelayed 4497Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWindow / User API: threadDelayed 4986Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-Q86LU.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-V2HAC.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\Atlassian.Bitbucket.UI.exe (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-0DKEL.tmpJump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeDropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Microsoft.AspNetCore.Http.dllJump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeDropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Microsoft.VisualStudio.Services.CodeReview.WebApi.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-9Q7I2.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\Microsoft.VisualStudio.Setup.Download.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeDropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\EppManifest.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\kvno.exe (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-67O6P.tmpJump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeDropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Microsoft.DotNet.DesignTools.Protocol.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\ahost.exe (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\gettext.exe (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeDropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\MSB1FREN.DLLJump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeDropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\MXF_SDK_XMLBuilder_1.3.39_vs10.dllJump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeDropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\perf_intervals.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-S2L72.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-MV4I3.tmpJump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeDropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Microsoft.VisualStudio.TestPlatform.ObjectModel.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\perf_intervals.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\Microsoft.ExtendedReflection.Reasoning.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\jp2ssv.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeDropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\boost_python-vc90-mt-gd-1_47.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\kdestroy.exe (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\Microsoft.AspNetCore.Http.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-14NCV.tmp\_isetup\_setup64.tmpJump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeDropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Microsoft.TestPlatform.VsTestConsole.TranslationLayer.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-G5EHS.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-FATKD.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-J998I.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\git-upload-pack.exe (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-F4AFB.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-QM56C.tmpJump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeDropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\CompSvcsPkg.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\Microsoft.DotNet.DesignTools.Protocol.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeDropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\UIAutomationClientSideProviders.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-L9AJM.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\scalar.exe (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-14NCV.tmp\_isetup\_iscrypt.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\Microsoft.TestPlatform.VsTestConsole.TranslationLayer.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeDropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\WRLiloPlugin.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-GOG00.tmpJump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeDropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\jp2ssv.dllJump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeDropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Microsoft.ExtendedReflection.Reasoning.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\CompSvcsPkg.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeDropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\gnsdk_musicid.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-7V644.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-5CO57.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-7P6L7.tmpJump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeDropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\7zxa64.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-7RJUF.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AdobeXMPFiles.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\MXF_SDK_XMLBuilder_1.3.39_vs10.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\gnsdk_musicid.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-9I5HK.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-QNESL.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-HLUPI.tmp\_isetup\_iscrypt.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-HLUPI.tmp\_isetup\_isdecmp.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-I90HQ.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-SEJ7F.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\Microsoft.VisualStudio.Services.CodeReview.WebApi.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-PGLBN.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-REOGC.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-14NCV.tmp\_isetup\_isdecmp.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\WindowsBase.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\Microsoft.Build.Tasks.CodeAnalysis.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\boost_python-vc90-mt-gd-1_47.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\WzWXFln64.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\kpasswd.exe (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-LMMQQ.tmpJump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeDropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\WindowsBase.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\7zxa64.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\p11-kit.exe (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\UIAutomationClientSideProviders.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\MSB1FREN.DLL (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-1ETL8.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\WhoUses.exe (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeDropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\CryptoPP530Fips32.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\git-askpass.exe (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeDropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Microsoft.Build.Tasks.CodeAnalysis.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-HLUPI.tmp\_isetup\_setup64.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\CryptoPP530Fips32.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeDropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Microsoft.VisualStudio.Setup.Download.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-AM20K.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\EppManifest.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-F1F38.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-7PBMM.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-O9589.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\kinit.exe (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeDropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\WzWXFln64.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-M1I32.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-1Q7FG.tmpJump to dropped file
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeDropped PE file which has not been started: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AdobeXMPFiles.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\psl.exe (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\WRLiloPlugin.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\Microsoft.VisualStudio.TestPlatform.ObjectModel.dll (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\bzip2.exe (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-N4QCG.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-F170C.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\kcpytkt.exe (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-GFSB8.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\x86_64-w64-mingw32-agrep.exe (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-K5Q6M.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\lzmadec.exe (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-BS67M.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-2T9KN.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-SRMF3.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpDropped PE file which has not been started: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-16T1P.tmpJump to dropped file
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeRegistry key enumerated: More than 200 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7076Thread sleep time: -31359464925306218s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7076Thread sleep time: -300000s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024Thread sleep time: -48280s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7076Thread sleep time: -59866s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024Thread sleep time: -55596s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7076Thread sleep time: -59609s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7076Thread sleep time: -59442s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7076Thread sleep time: -59327s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7076Thread sleep time: -59156s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024Thread sleep time: -53947s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7076Thread sleep time: -58991s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024Thread sleep time: -48791s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024Thread sleep time: -45653s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024Thread sleep time: -52239s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024Thread sleep time: -48304s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024Thread sleep time: -32800s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024Thread sleep time: -44829s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024Thread sleep time: -46889s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024Thread sleep time: -58347s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024Thread sleep time: -53297s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024Thread sleep time: -38024s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024Thread sleep time: -58290s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024Thread sleep time: -48609s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024Thread sleep time: -59549s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024Thread sleep time: -43297s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024Thread sleep time: -54268s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 5484Thread sleep time: -30000s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 5428Thread sleep time: -540000s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024Thread sleep time: -53742s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024Thread sleep time: -33071s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 5464Thread sleep time: -1800000s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024Thread sleep time: -53594s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024Thread sleep time: -48933s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024Thread sleep time: -41175s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024Thread sleep time: -53646s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024Thread sleep time: -59408s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024Thread sleep time: -30927s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024Thread sleep time: -35036s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024Thread sleep time: -42355s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024Thread sleep time: -58364s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024Thread sleep time: -50767s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 7024Thread sleep time: -57181s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6552Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6700Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 60000Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 48280Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 59866Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 55596Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 59609Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 59442Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 59327Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 59156Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 53947Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 58991Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 48791Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 45653Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 52239Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 48304Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 32800Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 44829Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 46889Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 58347Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 53297Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 38024Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 58290Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 48609Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 59549Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 43297Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 54268Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 30000Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 60000Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 53742Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 33071Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 600000Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 53594Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 48933Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 41175Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 53646Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 59408Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 30927Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 35036Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 42355Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 58364Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 50767Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 57181Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeThread delayed: delay time: 922337203685477
              Source: Web Data.25.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
              Source: Web Data.25.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
              Source: is-7V644.tmp.3.drBinary or memory string: http://www.vmware.com/0
              Source: Web Data.25.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
              Source: Web Data.25.drBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
              Source: Web Data.25.drBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
              Source: Web Data.25.drBinary or memory string: outlook.office.comVMware20,11696492231s
              Source: Web Data.25.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
              Source: Web Data.25.drBinary or memory string: AMC password management pageVMware20,11696492231
              Source: Web Data.25.drBinary or memory string: interactivebrokers.comVMware20,11696492231
              Source: Web Data.25.drBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
              Source: is-7V644.tmp.3.drBinary or memory string: VMware, Inc.0
              Source: Web Data.25.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
              Source: Web Data.25.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
              Source: Web Data.25.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
              Source: Web Data.25.drBinary or memory string: outlook.office365.comVMware20,11696492231t
              Source: Web Data.25.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
              Source: Web Data.25.drBinary or memory string: discord.comVMware20,11696492231f
              Source: is-7V644.tmp.3.drBinary or memory string: VMware, Inc.1>0<
              Source: Web Data.25.drBinary or memory string: global block list test formVMware20,11696492231
              Source: Blue-Cloner-Signed.tmp, 00000001.00000002.861052831.00000000008CE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
              Source: Web Data.25.drBinary or memory string: dev.azure.comVMware20,11696492231j
              Source: Web Data.25.drBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
              Source: Web Data.25.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
              Source: Web Data.25.drBinary or memory string: bankofamerica.comVMware20,11696492231x
              Source: Web Data.25.drBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
              Source: Web Data.25.drBinary or memory string: tasks.office.comVMware20,11696492231o
              Source: Web Data.25.drBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
              Source: Web Data.25.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
              Source: chrome.exe, 00000006.00000002.981915577.0000018035EB0000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: xVMcI
              Source: Web Data.25.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
              Source: Web Data.25.drBinary or memory string: ms.portal.azure.comVMware20,11696492231
              Source: Web Data.25.drBinary or memory string: turbotax.intuit.comVMware20,11696492231t
              Source: Web Data.25.drBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
              Source: Web Data.25.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
              Source: Web Data.25.drBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
              Source: C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmpProcess information queried: ProcessInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeMemory allocated: page read and write | page guardJump to behavior

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Allocates memory in foreign processes
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: 1360000 protect: page execute and read and writeJump to behavior
              Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: 730000 protect: page execute and read and writeJump to behavior
              Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: B00000 protect: page execute and read and write
              Injects a PE file into a foreign processes
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: 1360000 value starts with: 4D5AJump to behavior
              Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: 730000 value starts with: 4D5AJump to behavior
              Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: B00000 value starts with: 4D5A
              Writes to foreign memory regions
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: 1360000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: 1143000Jump to behavior
              Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: 730000Jump to behavior
              Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: 5F2000Jump to behavior
              Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: B00000
              Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: 914000
              Source: C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmpProcess created: C:\Users\user\Desktop\Blue-Cloner-Signed.exe "C:\Users\user\Desktop\Blue-Cloner-Signed.exe" /VERYSILENTJump to behavior
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9502 --profile-directory="Default"Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9897 --profile-directory="Default"Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=8053 --profile-directory="Default"Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=7905 --profile-directory="Default"Jump to behavior
              Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"Jump to behavior
              Source: C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"
              Source: AutoIt3.exe, 00000004.00000000.882792487.00000000002C1000.00000002.00000001.01000000.0000000E.sdmp, AutoIt3.exe, 00000008.00000000.1016134576.0000000000E11000.00000002.00000001.01000000.00000014.sdmp, AutoIt3.exe, 0000000A.00000000.1098549657.0000000000E11000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
              Source: UIAutomationClientSideProviders.dll.4.dr, is-L9AJM.tmp.3.drBinary or memory string: _hwndProgman
              Source: UIAutomationClientSideProviders.dll.4.dr, is-L9AJM.tmp.3.drBinary or memory string: Shell_TrayWnd
              Source: UIAutomationClientSideProviders.dll.4.dr, is-L9AJM.tmp.3.drBinary or memory string: Progman
              Source: UIAutomationClientSideProviders.dll.4.dr, is-L9AJM.tmp.3.drBinary or memory string: IsProgmanWindow
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe VolumeInformation
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
              Source: C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

              Stealing of Sensitive Information

              barindex
              Yara detected RedLine Stealer
              Source: Yara matchFile source: 9.2.jsc.exe.730000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000009.00000002.1084269642.0000000000732000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: jsc.exe PID: 6688, type: MEMORYSTR
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqliteJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Tries to steal Crypto Currency Wallets
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
              Source: Yara matchFile source: 9.2.jsc.exe.730000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000009.00000002.1084269642.0000000000732000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: jsc.exe PID: 6688, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Attempt to bypass Chrome Application-Bound Encryption
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9502 --profile-directory="Default"
              Yara detected RedLine Stealer
              Source: Yara matchFile source: 9.2.jsc.exe.730000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000009.00000002.1084269642.0000000000732000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: jsc.exe PID: 6688, type: MEMORYSTR

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts221
              Windows Management Instrumentation              		1
              DLL Side-Loading              		1
              DLL Side-Loading              		1
              Disable or Modify Tools              		1
              OS Credential Dumping              		1
              File and Directory Discovery              		Remote Services1
              Archive Collected Data              		1
              Ingress Tool Transfer              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts2
              Command and Scripting Interpreter              		1
              Registry Run Keys / Startup Folder              		312
              Process Injection              		1
              Obfuscated Files or Information              		LSASS Memory123
              System Information Discovery              		Remote Desktop Protocol2
              Data from Local System              		11
              Encrypted Channel              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
              Registry Run Keys / Startup Folder              		1
              Timestomp              		Security Account Manager1
              Query Registry              		SMB/Windows Admin SharesData from Network Shared Drive11
              Non-Standard Port              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
              DLL Side-Loading              		NTDS221
              Security Software Discovery              		Distributed Component Object ModelInput Capture1
              Remote Access Software              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
              Masquerading              		LSA Secrets12
              Process Discovery              		SSHKeylogging2
              Non-Application Layer Protocol              		Scheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts241
              Virtualization/Sandbox Evasion              		Cached Domain Credentials241
              Virtualization/Sandbox Evasion              		VNCGUI Input Capture3
              Application Layer Protocol              		Data Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items312
              Process Injection              		DCSync1
              Application Window Discovery              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem2
              System Owner/User Discovery              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 signatures2 2 Behavior Graph ID: 1639390 Sample: Blue-Cloner-Signed.exe Startdate: 15/03/2025 Architecture: WINDOWS Score: 100 126 Suricata IDS alerts for network traffic 2->126 128 Malicious sample detected (through community Yara rule) 2->128 130 Yara detected RedLine Stealer 2->130 132 3 other signatures 2->132 12 Blue-Cloner-Signed.exe 2 2->12         started        15 AutoIt3.exe 2->15         started        18 AutoIt3.exe 2->18         started        20 2 other processes 2->20 process3 dnsIp4 92 C:\Users\user\...\Blue-Cloner-Signed.tmp, PE32 12->92 dropped 23 Blue-Cloner-Signed.tmp 3 15 12->23         started        146 Writes to foreign memory regions 15->146 148 Allocates memory in foreign processes 15->148 150 Injects a PE file into a foreign processes 15->150 26 jsc.exe 1 15->26         started        28 jsc.exe 18->28         started        98 239.255.255.250 unknown Reserved 20->98 30 msedge.exe 20->30         started        33 msedge.exe 20->33         started        file5 signatures6 process7 dnsIp8 78 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 23->78 dropped 80 C:\Users\user\AppData\Local\...\_isdecmp.dll, PE32 23->80 dropped 82 C:\Users\user\AppData\Local\...\_iscrypt.dll, PE32 23->82 dropped 35 Blue-Cloner-Signed.exe 2 23->35         started        102 a-0003.a-msedge.net 204.79.197.203, 443, 49847, 49860 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 30->102 104 a416.dscd.akamai.net 2.22.242.105, 443, 49857 AKAMAI-ASN1EU European Union 30->104 110 5 other IPs or domains 30->110 106 c-msn-pme.trafficmanager.net 13.74.129.1 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 33->106 108 ax-0001.ax-msedge.net 150.171.27.10 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 33->108 112 17 other IPs or domains 33->112 file9 process10 file11 68 C:\Users\user\...\Blue-Cloner-Signed.tmp, PE32 35->68 dropped 38 Blue-Cloner-Signed.tmp 5 59 35->38         started        process12 file13 70 C:\Users\user\AppData\...\AutoIt3.exe (copy), PE32 38->70 dropped 72 C:\Users\user\...\perf_intervals.dll (copy), PE32+ 38->72 dropped 74 C:\Users\user\AppData\...\jp2ssv.dll (copy), PE32+ 38->74 dropped 76 82 other files (none is malicious) 38->76 dropped 136 Submitted sample is a known malware sample 38->136 42 AutoIt3.exe 1 27 38->42         started        signatures14 process15 file16 84 C:\...\AutoIt3.exe, PE32 42->84 dropped 86 C:\...\perf_intervals.dll, PE32+ 42->86 dropped 88 C:\...\jp2ssv.dll, PE32+ 42->88 dropped 90 21 other files (none is malicious) 42->90 dropped 138 Submitted sample is a known malware sample 42->138 140 Writes to foreign memory regions 42->140 142 Allocates memory in foreign processes 42->142 144 Injects a PE file into a foreign processes 42->144 46 jsc.exe 15 16 42->46         started        signatures17 process18 dnsIp19 114 194.26.29.44, 15847, 49682, 49683 RELIABLESITEUS unknown 46->114 116 127.0.0.1 unknown unknown 46->116 94 C:\Users\user\AppData\...\Secure Preferences, JSON 46->94 dropped 118 Attempt to bypass Chrome Application-Bound Encryption 46->118 120 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 46->120 122 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 46->122 124 2 other signatures 46->124 51 msedge.exe 46->51         started        54 msedge.exe 46->54         started        56 chrome.exe 46->56         started        59 chrome.exe 46->59         started        file20 signatures21 process22 dnsIp23 134 Monitors registry run keys for changes 51->134 61 msedge.exe 51->61         started        63 msedge.exe 54->63         started        100 192.168.2.7, 15847, 443, 49681 unknown unknown 56->100 65 chrome.exe 56->65         started        signatures24 process25 dnsIp26 96 www.google.com 142.250.185.228, 443, 49817, 49818 GOOGLEUS United States 65->96

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.