Windows Analysis Report
107.exe

Overview

General Information

Sample name:	107.exe
Analysis ID:	1537509
MD5:	468bbc70a56325cc39d82e796879faa2
SHA1:	5488f804a50f35be53fbf646ecb75d0211f180f3
SHA256:	4732e7bbf0eb82ab024b4758bab398bb45320f45dbec2073bda054cce01b6d61
Tags:	exeuser-V3n0mStrike
Infos:

Detection

RedLine

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected RedLine Stealer

AI detected suspicious sample

Allocates memory in foreign processes

Connects to many ports of the same IP (likely port scanning)

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)

Contains functionality to inject code into remote processes

Injects a PE file into a foreign processes

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Tries to harvest and steal browser information (history, passwords, etc)

Uses known network protocols on non-standard ports

Writes to foreign memory regions

AV process strings found (often used to terminate AV products)

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to communicate with device drivers

Contains functionality to debug other processes

Contains functionality to delete services

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Enables debug privileges

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Malware Threat Intel
Provided by

Name	Description	Attribution	Blogpost URLs	Link
RedLine Stealer	RedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://apophis133.medium.com/redline-technical-analysis-report-5034e16ad152 https://asec.ahnlab.com/en/30445/ https://asec.ahnlab.com/en/35981/ https://asec.ahnlab.com/ko/25837/	https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: 107.exe	ReversingLabs: Detection: 31%
Source: 107.exe	Virustotal: Detection: 28%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\Desktop\107.exe

Code function: 0_2_00459B90 RegOpenKeyExW,GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GlobalMemoryStatusEx,GetDiskFreeSpaceExW,GetSystemTimes,QueryPerformanceCounter,CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,

0_2_00459B90

Uses 32bit PE files

Source: 107.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\background.js.LICENSE.txt	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\import.js.LICENSE.txt	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\options.js.LICENSE.txt	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\permissions.js.LICENSE.txt	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\popup.js.LICENSE.txt	Jump to behavior

Source:

Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x86\avDump.pdb source: 107.exe

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then jmp 06EFDB95h	1_2_06EFD5B9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then jmp 07B9556Ch	1_2_07B94580
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then jmp 07B9556Ch	1_2_07B94580

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.5:49704 -> 213.109.202.97:15647
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 213.109.202.97:15647 -> 192.168.2.5:49704
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49705 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49711 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49706 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49708 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49713 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49716 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49761 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49767 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49749 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49801 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49782 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49773 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49795 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49807 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49789 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49819 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49813 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49825 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49831 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49754 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49848 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49860 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49866 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49854 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49872 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49878 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49894 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49884 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49900 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49906 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49913 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49840 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49919 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49925 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49932 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49938 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49951 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49967 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49957 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49973 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49991 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49997 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50004 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49944 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50014 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50019 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50027 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50025 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50028 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50029 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50031 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50030 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50032 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50033 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50034 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50035 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.5:50038 -> 213.109.202.97:15647
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.5:50037 -> 213.109.202.97:15647
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.5:50039 -> 213.109.202.97:15647
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.5:50042 -> 213.109.202.97:15647
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.5:50041 -> 213.109.202.97:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50036 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50040 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50043 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49979 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 213.109.202.97:15647 -> 192.168.2.5:50042
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50045 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50046 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.5:50048 -> 213.109.202.97:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50047 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50049 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50050 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49985 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50052 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50053 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50054 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50044 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.5:50051 -> 213.109.202.97:15647
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 213.109.202.97:15647 -> 192.168.2.5:50048
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50055 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50056 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.5:50058 -> 213.109.202.97:15647
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 213.109.202.97:15647 -> 192.168.2.5:50051
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50057 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50059 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 213.109.202.97:15647 -> 192.168.2.5:50058
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50060 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50061 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50062 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50063 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50064 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50065 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.5:50067 -> 213.109.202.97:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50066 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50069 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50070 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50071 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50072 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 213.109.202.97:15647 -> 192.168.2.5:50067
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50073 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50074 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50068 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50075 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.5:50076 -> 213.109.202.97:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50077 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.5:50081 -> 213.109.202.97:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50078 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50079 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50080 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50082 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50083 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.5:50085 -> 213.109.202.97:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50084 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 213.109.202.97:15647 -> 192.168.2.5:50081
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50086 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50087 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50088 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50089 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50090 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50091 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50092 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 213.109.202.97:15647 -> 192.168.2.5:50085
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50093 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50094 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50096 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50097 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50098 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50099 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50100 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50102 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50103 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50104 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50105 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50106 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50107 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50108 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50109 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50110 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50111 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50112 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50113 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50114 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50115 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50116 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50095 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50117 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50118 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50119 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50120 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50121 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50122 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50123 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50124 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50125 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50126 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50127 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50128 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.5:50130 -> 213.109.202.97:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50129 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50131 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50132 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50133 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 213.109.202.97:15647 -> 192.168.2.5:50130
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50134 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50135 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50136 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.5:50138 -> 213.109.202.97:15647
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.5:50139 -> 213.109.202.97:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50137 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50140 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50141 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 213.109.202.97:15647 -> 192.168.2.5:50139
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50142 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50143 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50144 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50145 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50146 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50147 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50148 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50149 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50150 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50151 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.5:50153 -> 213.109.202.97:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50152 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50155 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50156 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50157 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 213.109.202.97:15647 -> 192.168.2.5:50153
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50158 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50159 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50154 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.5:50161 -> 213.109.202.97:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50160 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50162 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50163 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50164 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50165 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 213.109.202.97:15647 -> 192.168.2.5:50161
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.5:50168 -> 213.109.202.97:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50167 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50169 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50170 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50171 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50172 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50173 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 213.109.202.97:15647 -> 192.168.2.5:50168
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50175 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50176 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50174 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50177 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50178 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50179 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50180 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50181 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50182 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50183 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50166 -> 213.109.202.97:9000

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 213.109.202.97 ports 9000,1,4,5,6,7,15647

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 50019 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 50029 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 50030 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 50052 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 50060 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50063 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 50064 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 50065 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 50066 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 50069 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 50070 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 50072 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 50077 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 50078 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 50082 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 50084 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 50086 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 50087 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 50088 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 50089 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 50090 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 50091 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 50092 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 50093 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50093
Source: unknown	Network traffic detected: HTTP traffic on port 50094 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50095
Source: unknown	Network traffic detected: HTTP traffic on port 50096 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 50097 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50097
Source: unknown	Network traffic detected: HTTP traffic on port 50098 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50098
Source: unknown	Network traffic detected: HTTP traffic on port 50099 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50099
Source: unknown	Network traffic detected: HTTP traffic on port 50100 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 50103 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 50104 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50104
Source: unknown	Network traffic detected: HTTP traffic on port 50105 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 50107 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 50108 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50108
Source: unknown	Network traffic detected: HTTP traffic on port 50109 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 50110 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 50111 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 50112 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 50113 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 50115 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 50116 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50116
Source: unknown	Network traffic detected: HTTP traffic on port 50117 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50117
Source: unknown	Network traffic detected: HTTP traffic on port 50118 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50118
Source: unknown	Network traffic detected: HTTP traffic on port 50119 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 50120 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 50122 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50122
Source: unknown	Network traffic detected: HTTP traffic on port 50123 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50123
Source: unknown	Network traffic detected: HTTP traffic on port 50124 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 50125 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50125
Source: unknown	Network traffic detected: HTTP traffic on port 50126 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50126
Source: unknown	Network traffic detected: HTTP traffic on port 50127 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 50129 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 50131 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50131
Source: unknown	Network traffic detected: HTTP traffic on port 50132 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50132
Source: unknown	Network traffic detected: HTTP traffic on port 50133 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50133
Source: unknown	Network traffic detected: HTTP traffic on port 50134 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50134
Source: unknown	Network traffic detected: HTTP traffic on port 50135 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50135
Source: unknown	Network traffic detected: HTTP traffic on port 50136 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50136
Source: unknown	Network traffic detected: HTTP traffic on port 50137 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50137
Source: unknown	Network traffic detected: HTTP traffic on port 50140 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50140
Source: unknown	Network traffic detected: HTTP traffic on port 50141 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50141
Source: unknown	Network traffic detected: HTTP traffic on port 50142 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50142
Source: unknown	Network traffic detected: HTTP traffic on port 50143 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50143
Source: unknown	Network traffic detected: HTTP traffic on port 50144 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50144
Source: unknown	Network traffic detected: HTTP traffic on port 50145 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50145
Source: unknown	Network traffic detected: HTTP traffic on port 50146 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50146
Source: unknown	Network traffic detected: HTTP traffic on port 50147 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50147
Source: unknown	Network traffic detected: HTTP traffic on port 50148 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50148
Source: unknown	Network traffic detected: HTTP traffic on port 50149 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50149
Source: unknown	Network traffic detected: HTTP traffic on port 50150 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50150
Source: unknown	Network traffic detected: HTTP traffic on port 50151 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50151
Source: unknown	Network traffic detected: HTTP traffic on port 50152 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50152
Source: unknown	Network traffic detected: HTTP traffic on port 50154 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50154
Source: unknown	Network traffic detected: HTTP traffic on port 50155 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50155
Source: unknown	Network traffic detected: HTTP traffic on port 50156 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50156
Source: unknown	Network traffic detected: HTTP traffic on port 50157 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50157
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50157
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50157
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50157
Source: unknown	Network traffic detected: HTTP traffic on port 50158 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50158
Source: unknown	Network traffic detected: HTTP traffic on port 50159 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50159
Source: unknown	Network traffic detected: HTTP traffic on port 50160 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50160
Source: unknown	Network traffic detected: HTTP traffic on port 50162 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50162
Source: unknown	Network traffic detected: HTTP traffic on port 50163 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50163
Source: unknown	Network traffic detected: HTTP traffic on port 50164 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50164
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50164
Source: unknown	Network traffic detected: HTTP traffic on port 50165 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50165
Source: unknown	Network traffic detected: HTTP traffic on port 50166 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50166
Source: unknown	Network traffic detected: HTTP traffic on port 50167 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50167
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50167
Source: unknown	Network traffic detected: HTTP traffic on port 50169 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50169
Source: unknown	Network traffic detected: HTTP traffic on port 50170 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50170
Source: unknown	Network traffic detected: HTTP traffic on port 50171 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50171
Source: unknown	Network traffic detected: HTTP traffic on port 50172 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50172
Source: unknown	Network traffic detected: HTTP traffic on port 50173 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50173
Source: unknown	Network traffic detected: HTTP traffic on port 50174 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50174
Source: unknown	Network traffic detected: HTTP traffic on port 50175 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50175
Source: unknown	Network traffic detected: HTTP traffic on port 50176 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50176
Source: unknown	Network traffic detected: HTTP traffic on port 50177 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50177
Source: unknown	Network traffic detected: HTTP traffic on port 50178 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50178
Source: unknown	Network traffic detected: HTTP traffic on port 50179 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50179
Source: unknown	Network traffic detected: HTTP traffic on port 50180 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50180
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50180
Source: unknown	Network traffic detected: HTTP traffic on port 50181 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50181
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50181
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50181
Source: unknown	Network traffic detected: HTTP traffic on port 50182 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50182
Source: unknown	Network traffic detected: HTTP traffic on port 50183 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50183

Detected TCP or UDP traffic on non-standard ports

Source: global traffic

TCP traffic: 192.168.2.5:49704 -> 213.109.202.97:15647

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjfl?q=02a10a9fb79f454eb9b579eb295605f6 HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: UA-LINK-ASUA UA-LINK-ASUA

Suricata IDS alerts with low severity for network traffic

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49705 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49713 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49761 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49767 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49801 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49795 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49773 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49782 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49807 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49789 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49819 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49813 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49825 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49831 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49754 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49848 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49860 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49866 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49854 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49872 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49878 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49884 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49894 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49900 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49906 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49913 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49840 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49919 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49925 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49932 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49938 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49951 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49967 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49957 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49973 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49991 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49997 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50004 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49944 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50014 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50019 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50025 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50027 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50028 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50029 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50030 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50031 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50032 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50033 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50034 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50035 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50036 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50040 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50043 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49979 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50045 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50046 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50047 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50049 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50050 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49985 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50052 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50053 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50054 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50044 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50055 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50056 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50057 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50059 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50060 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50061 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50062 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50063 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50064 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50065 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50066 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50069 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50070 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50071 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50072 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50073 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50074 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50068 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50075 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50077 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50078 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50079 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50080 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50082 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50083 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50084 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50086 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50087 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50088 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50089 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50090 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50091 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50092 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50093 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50094 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50096 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50097 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50098 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50099 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50100 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50103 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50104 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50105 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50106 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50107 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50108 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50109 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50110 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50111 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50112 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50113 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50114 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50115 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50116 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50095 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50117 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50118 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50119 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50120 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50121 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50123 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50133 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50141 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50147 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50150 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50152 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50155 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50159 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50160 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50170 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50175 -> 213.109.202.97:9000

Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97

Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjfl?q=02a10a9fb79f454eb9b579eb295605f6 HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive

Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002C17000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://213.109.202.97:9000
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002C17000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://213.109.202.97:9000/wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: licenses.html.1.dr	String found in binary or memory: http://www.droidfonts.com/
Source: RegAsm.exe, 00000001.00000002.4489424197.000000000317B000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000002DC6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000002F2D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000003006000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: manifest.json.1.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: RegAsm.exe, 00000001.00000002.4489424197.000000000317B000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000002DC6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000002F2D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000003006000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: RegAsm.exe, 00000001.00000002.4489424197.000000000317B000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000002DC6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000002F2D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000003006000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: RegAsm.exe, 00000001.00000002.4489424197.000000000317B000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000002DC6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000002F2D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000003006000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Secure Preferences.1.dr	String found in binary or memory: https://chrome.google.com/webstore
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, Secure Preferences.1.dr, manifest.json.1.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: Secure Preferences.1.dr	String found in binary or memory: https://docs.google.com/
Source: Secure Preferences.1.dr	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: Secure Preferences.1.dr	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: Secure Preferences.1.dr	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: Secure Preferences.1.dr	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: Secure Preferences.1.dr	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: Secure Preferences.1.dr	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: Secure Preferences.1.dr	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: Secure Preferences.1.dr	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: Secure Preferences.1.dr	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: Secure Preferences.1.dr	String found in binary or memory: https://drive-staging.corp.google.com/
Source: Secure Preferences.1.dr	String found in binary or memory: https://drive.google.com/
Source: RegAsm.exe, 00000001.00000002.4489424197.000000000317B000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000002DC6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000002F2D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002DC6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: RegAsm.exe, 00000001.00000002.4489424197.000000000317B000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000002F2D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtabS
Source: RegAsm.exe, 00000001.00000002.4489424197.000000000317B000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000002DC6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000002F2D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: licenses.html.1.dr	String found in binary or memory: https://github.com/Authenticator-Extension
Source: licenses.html.1.dr	String found in binary or memory: https://github.com/FortAwesome/Font-Awesome
Source: licenses.html.1.dr	String found in binary or memory: https://github.com/multiwebinc
Source: manifest.json.1.dr	String found in binary or memory: https://login.microsoftonline.com/common/oauth2/v2.0/token
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pastebin.com/raw/Ld9GfkdJ
Source: RegAsm.exe, 00000001.00000002.4489424197.000000000317B000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000002DC6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000002F2D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000003006000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: manifest.json.1.dr	String found in binary or memory: https://www.google.com/
Source: RegAsm.exe, 00000001.00000002.4489424197.000000000317B000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000002DC6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000002F2D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/drive.file

System Summary

Malicious sample detected (through community Yara rule)

Source: 1.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Arechclient2 RAT Author: ditekSHen
Source: 0.2.107.exe.45b30d0.4.unpack, type: UNPACKEDPE	Matched rule: Detects Arechclient2 RAT Author: ditekSHen
Source: 0.2.107.exe.4680000.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Arechclient2 RAT Author: ditekSHen
Source: 0.2.107.exe.45b30d0.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Arechclient2 RAT Author: ditekSHen
Source: 0.2.107.exe.44d1cd0.1.unpack, type: UNPACKEDPE	Matched rule: Detects Arechclient2 RAT Author: ditekSHen
Source: 0.2.107.exe.4680000.5.unpack, type: UNPACKEDPE	Matched rule: Detects Arechclient2 RAT Author: ditekSHen
Source: 0.2.107.exe.44d1cd0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Arechclient2 RAT Author: ditekSHen
Source: 0.2.107.exe.44c0000.2.unpack, type: UNPACKEDPE	Matched rule: Detects Arechclient2 RAT Author: ditekSHen
Source: 0.2.107.exe.45a0000.3.unpack, type: UNPACKEDPE	Matched rule: Detects Arechclient2 RAT Author: ditekSHen
Source: 0.2.107.exe.45a0000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Arechclient2 RAT Author: ditekSHen
Source: 0.2.107.exe.44c0000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Arechclient2 RAT Author: ditekSHen
Source: 00000000.00000002.2026335847.00000000045A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects Arechclient2 RAT Author: ditekSHen
Source: 00000000.00000002.2026450332.0000000004680000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Arechclient2 RAT Author: ditekSHen
Source: 00000000.00000002.2026267845.00000000044C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Arechclient2 RAT Author: ditekSHen

Abnormal high CPU Usage

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Process Stats: CPU usage > 49%

Contains functionality to call native functions

Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_004473E0 GetModuleHandleW,GetProcAddress,NtQueryInformationProcess,GetCurrentProcess,NtQueryInformationProcess,	0_2_004473E0
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_004568B0 NtOpenKey,	0_2_004568B0
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_004569E0 NtQueryKey,	0_2_004569E0
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_00456AC0 NtDeleteKey,NtClose,RegCloseKey,SetLastError,	0_2_00456AC0
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_0045ED20 GetFileAttributesW,CreateFileW,NtSystemDebugControl,CloseHandle,GetLastError,DeleteFileW,GetCurrentProcess,CheckRemoteDebuggerPresent,GetModuleHandleW,GetProcAddress,VirtualProtect,VirtualProtect,GetCurrentProcess,FlushInstructionCache,	0_2_0045ED20

Contains functionality to communicate with device drivers

Source: C:\Users\user\Desktop\107.exe

Code function: 0_2_00403010: OpenProcess,K32GetProcessImageFileNameW,CloseHandle,DebugActiveProcess,DebugSetProcessKillOnExit,WaitForDebugEvent,SetEvent,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle,EnterCriticalSection,LeaveCriticalSection,EnterCriticalSection,LeaveCriticalSection,OpenProcess,DebugBreakProcess,CloseHandle,ContinueDebugEvent,OpenProcess,K32EnumProcessModules,K32GetModuleBaseNameW,CloseHandle,CloseHandle,OpenThread,SetThreadToken,CloseHandle,OpenProcess,ReadProcessMemory,CloseHandle,OpenThread,GetThreadContext,DebugSetProcessKillOnExit,GetThreadContext,GetSystemTimeAsFileTime,GetFileAttributesExW,CloseHandle,CreateFileW,GetLastError,DebugActiveProcessStop,DeviceIoControl,GetLastError,CloseHandle,DebugActiveProcessStop,GetLastError,GetLastError,

0_2_00403010

Contains functionality to delete services

Source: C:\Users\user\Desktop\107.exe

Code function: 0_2_0042C200 QueryServiceConfig2W,ChangeServiceConfig2W,GetLastError,SetDllDirectoryW,GetModuleHandleW,GetProcAddress,GetFileAttributesW,StartServiceCtrlDispatcherW,GetLastError,OpenSCManagerW,OpenServiceW,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,GetLastError,CloseServiceHandle,GetLastError,SetConsoleCtrlHandler,WaitForSingleObject,RpcServerUnregisterIf,RpcServerUnregisterIf,RpcServerUnregisterIf,OpenSCManagerW,GetModuleFileNameW,CreateServiceW,OpenServiceW,QueryServiceConfig2W,RpcStringBindingComposeW,RpcBindingFromStringBindingW,RpcStringFreeW,CloseServiceHandle,ChangeServiceConfigW,OpenSCManagerW,OpenServiceW,ControlService,GetLastError,CloseServiceHandle,GetLastError,GetLastError,CloseServiceHandle,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,

0_2_0042C200

Detected potential crypto function

Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_00403010	0_2_00403010
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_004160F0	0_2_004160F0
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_005BB110	0_2_005BB110
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_0042B1C0	0_2_0042B1C0
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_0042C200	0_2_0042C200
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_004182D0	0_2_004182D0
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_0041C2F0	0_2_0041C2F0
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_0040A2A0	0_2_0040A2A0
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_00417340	0_2_00417340
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_00591340	0_2_00591340
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_0045C450	0_2_0045C450
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_005B44CA	0_2_005B44CA
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_00422500	0_2_00422500
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_00415590	0_2_00415590
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_0043E6A0	0_2_0043E6A0
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_0041E6B0	0_2_0041E6B0
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_0041F740	0_2_0041F740
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_00413750	0_2_00413750
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_0041B830	0_2_0041B830
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_00417970	0_2_00417970
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_00419B90	0_2_00419B90
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_0041DBB0	0_2_0041DBB0
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_0041CC40	0_2_0041CC40
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_0041BCB0	0_2_0041BCB0
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_0041AD20	0_2_0041AD20
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_00599E40	0_2_00599E40
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_00405EA0	0_2_00405EA0
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_045A1000	0_2_045A1000
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_045A9562	0_2_045A9562
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_045A368F	0_2_045A368F
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_045AAD41	0_2_045AAD41
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_045A8FF0	0_2_045A8FF0
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_045A6826	0_2_045A6826
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_045A9AD4	0_2_045A9AD4
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_045ABBFC	0_2_045ABBFC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_00E7C880	1_2_00E7C880
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_00E71070	1_2_00E71070
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_00E7B01F	1_2_00E7B01F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_00E7D110	1_2_00E7D110
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_00E715E0	1_2_00E715E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_00E7BD78	1_2_00E7BD78
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_00E7A8FB	1_2_00E7A8FB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_00E7C862	1_2_00E7C862
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_00E7A908	1_2_00E7A908
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_00E7D0F3	1_2_00E7D0F3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_00E7B09E	1_2_00E7B09E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_00E71067	1_2_00E71067
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_00E715D7	1_2_00E715D7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_00E7BD45	1_2_00E7BD45
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06D76C48	1_2_06D76C48
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06D70DEF	1_2_06D70DEF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06D70040	1_2_06D70040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06D71800	1_2_06D71800
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06D7E830	1_2_06D7E830
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06D72761	1_2_06D72761
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06D7BCFA	1_2_06D7BCFA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06D72430	1_2_06D72430
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06D7BD6A	1_2_06D7BD6A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06D7BD00	1_2_06D7BD00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06D70BC8	1_2_06D70BC8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06D7C818	1_2_06D7C818
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06D7C809	1_2_06D7C809
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06D7E008	1_2_06D7E008
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06EF67B8	1_2_06EF67B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06EF3759	1_2_06EF3759
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06EFDF52	1_2_06EFDF52
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06EF4CE0	1_2_06EF4CE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06EF2CA1	1_2_06EF2CA1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06EF74B0	1_2_06EF74B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06EF5498	1_2_06EF5498
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06EFB0A0	1_2_06EFB0A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06EF0040	1_2_06EF0040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06EF0828	1_2_06EF0828
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06EFC660	1_2_06EFC660
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06EFC670	1_2_06EFC670
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06EF4F90	1_2_06EF4F90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06EF4CCF	1_2_06EF4CCF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06EF2478	1_2_06EF2478
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06EF0006	1_2_06EF0006
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06EF0818	1_2_06EF0818
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06EF818A	1_2_06EF818A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07687674	1_2_07687674
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07687AF8	1_2_07687AF8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_0768E9A0	1_2_0768E9A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07685F6C	1_2_07685F6C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07688F70	1_2_07688F70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_0768DD70	1_2_0768DD70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_0768E940	1_2_0768E940
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B90E90	1_2_07B90E90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B982C8	1_2_07B982C8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B98A08	1_2_07B98A08
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B99278	1_2_07B99278
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B9C5AA	1_2_07B9C5AA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B94580	1_2_07B94580
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B96D38	1_2_07B96D38
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B9F0D5	1_2_07B9F0D5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B9BB80	1_2_07B9BB80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B95BF8	1_2_07B95BF8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B95BE9	1_2_07B95BE9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B9CF53	1_2_07B9CF53
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B95598	1_2_07B95598
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B95587	1_2_07B95587
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B905C8	1_2_07B905C8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B96D0B	1_2_07B96D0B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B97960	1_2_07B97960
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B94580	1_2_07B94580
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B9B020	1_2_07B9B020
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B9B010	1_2_07B9B010
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B90006	1_2_07B90006
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B90040	1_2_07B90040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B9D300	1_2_07B9D300
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B9D2F0	1_2_07B9D2F0

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\107.exe	Code function: String function: 00423020 appears 98 times
Source: C:\Users\user\Desktop\107.exe	Code function: String function: 00427770 appears 40 times

Sample file is different than original file name gathered from version info

Source: 107.exe	Binary or memory string: OriginalFilename vs 107.exe
Source: 107.exe, 00000000.00000002.2025876429.00000000006F0000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameavDump.exeB vs 107.exe
Source: 107.exe, 00000000.00000002.2026335847.00000000045A0000.00000040.10000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenamebluefin.exe" vs 107.exe
Source: 107.exe, 00000000.00000002.2026450332.0000000004680000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamebluefin.exe" vs 107.exe
Source: 107.exe, 00000000.00000002.2026267845.00000000044C0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamebluefin.exe" vs 107.exe
Source: 107.exe	Binary or memory string: OriginalFilenameavDump.exeB vs 107.exe

Uses 32bit PE files

Source: 107.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Yara signature match

Source: 1.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
Source: 0.2.107.exe.45b30d0.4.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
Source: 0.2.107.exe.4680000.5.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
Source: 0.2.107.exe.45b30d0.4.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
Source: 0.2.107.exe.44d1cd0.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
Source: 0.2.107.exe.4680000.5.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
Source: 0.2.107.exe.44d1cd0.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
Source: 0.2.107.exe.44c0000.2.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
Source: 0.2.107.exe.45a0000.3.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
Source: 0.2.107.exe.45a0000.3.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
Source: 0.2.107.exe.44c0000.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
Source: 00000000.00000002.2026335847.00000000045A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
Source: 00000000.00000002.2026450332.0000000004680000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
Source: 00000000.00000002.2026267845.00000000044C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT

Source: 0.2.107.exe.45b30d0.4.raw.unpack, -Module-.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.107.exe.4680000.5.raw.unpack, -Module-.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.107.exe.44d1cd0.1.raw.unpack, -Module-.cs	Cryptographic APIs: 'CreateDecryptor'

Source: 107.exe

Binary string: DUnable to retrieve the path of the module!Unable to get the path of the module!Unable to store the path of the module!SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell FoldersUnable to retrieve a path of the known folder ({})!Common AppData%APPDATA%%LOCALAPPDATA%ProgramFilesProgramW6432ProgramFiles(x86)ProgramFiles(Arm)ProgramFilesDirSOFTWARE\Microsoft\Windows\CurrentVersionProgramFilesDir (x86)ProgramFilesDir (arm)CommonProgramFilesCommonProgramFiles(x86)CommonFilesDirCommonFilesDir (x86)\\?\Unable to enumerate volumes!Unable to convert NT path '{}' to a volume GUID path!Unable to retrieve volume paths for volume '{}'!\Device\LanmanRedirector\\Device\Mup\\SystemRoot\\\.\GLOBALROOTHKEY_PERFORMANCE_DATAHKEY_PERFORMANCE_TEXTHKEY_PERFORMANCE_NLSTEXTHKEY_CURRENT_CONFIGHKEY_DYN_DATA<Unknown or opened key>32-bit 64-bit )path: (on (on value: String environment expansion failedString environment expansion failed due to unexpected buffer sizeCannot query registry value typeCannot enumerate subkeysCannot query key info to enumerate key value namesCannot enumerate key value namesCannot open registry keyCannot create registry keyFailed to register change async notificationUnable to open registry key handle using NtOpenKeyCannot query kernel mode registry key pathCannot delete registry keyCannot delete registry key treeCannot delete registry valueCannot write key valueCannot query multiple valuesCannot query registry valueCannot query registry value sizeCannot query registry value dataCannot query registry data due to '{}' value changed too often), but queried different type than expectedQuerying registry value (L

Source: tmpDC8Ctmp.zip.1.dr

Binary or memory string: ~.vBp5

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@3/145@0/1

Source: C:\Users\user\Desktop\107.exe

0_2_00459B90

Source: C:\Users\user\Desktop\107.exe

Code function: QueryServiceConfig2W,ChangeServiceConfig2W,GetLastError,SetDllDirectoryW,GetModuleHandleW,GetProcAddress,GetFileAttributesW,StartServiceCtrlDispatcherW,GetLastError,OpenSCManagerW,OpenServiceW,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,GetLastError,CloseServiceHandle,GetLastError,SetConsoleCtrlHandler,WaitForSingleObject,RpcServerUnregisterIf,RpcServerUnregisterIf,RpcServerUnregisterIf,OpenSCManagerW,GetModuleFileNameW,CreateServiceW,OpenServiceW,QueryServiceConfig2W,RpcStringBindingComposeW,RpcBindingFromStringBindingW,RpcStringFreeW,CloseServiceHandle,ChangeServiceConfigW,OpenSCManagerW,OpenServiceW,ControlService,GetLastError,CloseServiceHandle,GetLastError,GetLastError,CloseServiceHandle,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,

0_2_0042C200

Source: C:\Users\user\Desktop\107.exe

0_2_0042C200

Source: C:\Users\user\Desktop\107.exe

0_2_0042C200

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File created: C:\Users\user\AppData\Local\Yandex

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Mutant created: NULL
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Mutant created: \Sessions\1\BaseNamedObjects\9a6266ed752044c78662da8da86e77c4

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File created: C:\Users\user\AppData\Local\Temp\tmp67CB.tmp

Jump to behavior

Source: 107.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\107.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 107.exe	ReversingLabs: Detection: 31%
Source: 107.exe	Virustotal: Detection: 28%

Source: 107.exe	String found in binary or memory: company-install-path
Source: 107.exe	String found in binary or memory: SecureLineSecure VPNHMA! Pro VPNVPNTuneupTuneUpCleanupUtilitiesBatterySaverDriverUpdaterBreachGuardAntiTrackKamoSoftware\\IcarusSYSTEM\Software\PersistentStorageOverrideDataFolderLogssettingsproduct-reg-keyreg-keyicarus.iniprogram-data-dirdata-dirproduct-dircompany-install-pathcouldn't open filecouldn't obtain exclusive file lockinvalid string_view position

Source: unknown	Process created: C:\Users\user\Desktop\107.exe "C:\Users\user\Desktop\107.exe"
Source: C:\Users\user\Desktop\107.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Users\user\Desktop\107.exe"
Source: C:\Users\user\Desktop\107.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Users\user\Desktop\107.exe"	Jump to behavior

Source: C:\Users\user\Desktop\107.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\107.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\107.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\107.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\107.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\107.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\107.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32

Jump to behavior

Source: 107.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: 107.exe

Static file information: File size 4083200 > 1048576

Source: 107.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x1f0200

Source: 107.exe

Static PE information: More than 200 imports for KERNEL32.dll

Source: 107.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: 107.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: 107.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: 107.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: 107.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: 107.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: 107.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x86\avDump.pdb source: 107.exe

Source: 107.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: 107.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: 107.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: 107.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: 107.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\107.exe

Code function: 0_2_004613E0 InitializeCriticalSection,UuidCreate,GetSystemDirectoryW,LoadLibraryW,GetProcAddress,GetLastError,GetLastError,SetEvent,

0_2_004613E0

PE file contains an invalid checksum

Source: 107.exe

Static PE information: real checksum: 0x32286d should be: 0x3ee7c3

PE file contains sections with non-standard names

Source: 107.exe

Static PE information: section name: .didat

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_00599247 push ecx; ret	0_2_0059925A
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_0042A791 push E8FFFFFEh; iretd	0_2_0042A796
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_045B2DC0 push eax; ret	0_2_045B2E21
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_045B2E70 push eax; ret	0_2_045B2E21
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_045A2E15 push ecx; ret	0_2_045A2E28
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_00E7EC5D push eax; iretd	1_2_00E7EC5E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06D7814A push esp; ret	1_2_06D78151
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07687968 push es; iretd	1_2_07687974

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\background.js.LICENSE.txt	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\import.js.LICENSE.txt	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\options.js.LICENSE.txt	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\permissions.js.LICENSE.txt	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\popup.js.LICENSE.txt	Jump to behavior

Source: C:\Users\user\Desktop\107.exe

0_2_0042C200

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 50019 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 50029 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 50030 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 50052 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 50060 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50063 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 50064 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 50065 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 50066 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 50069 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 50070 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 50072 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 50077 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 50078 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 50082 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 50084 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 50086 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 50087 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 50088 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 50089 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 50090 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 50091 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 50092 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 50093 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50093
Source: unknown	Network traffic detected: HTTP traffic on port 50094 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50095
Source: unknown	Network traffic detected: HTTP traffic on port 50096 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 50097 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50097
Source: unknown	Network traffic detected: HTTP traffic on port 50098 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50098
Source: unknown	Network traffic detected: HTTP traffic on port 50099 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50099
Source: unknown	Network traffic detected: HTTP traffic on port 50100 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 50103 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 50104 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50104
Source: unknown	Network traffic detected: HTTP traffic on port 50105 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 50107 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 50108 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50108
Source: unknown	Network traffic detected: HTTP traffic on port 50109 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 50110 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 50111 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 50112 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 50113 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 50115 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 50116 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50116
Source: unknown	Network traffic detected: HTTP traffic on port 50117 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50117
Source: unknown	Network traffic detected: HTTP traffic on port 50118 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50118
Source: unknown	Network traffic detected: HTTP traffic on port 50119 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 50120 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 50122 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50122
Source: unknown	Network traffic detected: HTTP traffic on port 50123 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50123
Source: unknown	Network traffic detected: HTTP traffic on port 50124 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 50125 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50125
Source: unknown	Network traffic detected: HTTP traffic on port 50126 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50126
Source: unknown	Network traffic detected: HTTP traffic on port 50127 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 50129 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 50131 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50131
Source: unknown	Network traffic detected: HTTP traffic on port 50132 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50132
Source: unknown	Network traffic detected: HTTP traffic on port 50133 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50133
Source: unknown	Network traffic detected: HTTP traffic on port 50134 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50134
Source: unknown	Network traffic detected: HTTP traffic on port 50135 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50135
Source: unknown	Network traffic detected: HTTP traffic on port 50136 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50136
Source: unknown	Network traffic detected: HTTP traffic on port 50137 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50137
Source: unknown	Network traffic detected: HTTP traffic on port 50140 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50140
Source: unknown	Network traffic detected: HTTP traffic on port 50141 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50141
Source: unknown	Network traffic detected: HTTP traffic on port 50142 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50142
Source: unknown	Network traffic detected: HTTP traffic on port 50143 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50143
Source: unknown	Network traffic detected: HTTP traffic on port 50144 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50144
Source: unknown	Network traffic detected: HTTP traffic on port 50145 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50145
Source: unknown	Network traffic detected: HTTP traffic on port 50146 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50146
Source: unknown	Network traffic detected: HTTP traffic on port 50147 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50147
Source: unknown	Network traffic detected: HTTP traffic on port 50148 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50148
Source: unknown	Network traffic detected: HTTP traffic on port 50149 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50149
Source: unknown	Network traffic detected: HTTP traffic on port 50150 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50150
Source: unknown	Network traffic detected: HTTP traffic on port 50151 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50151
Source: unknown	Network traffic detected: HTTP traffic on port 50152 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50152
Source: unknown	Network traffic detected: HTTP traffic on port 50154 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50154
Source: unknown	Network traffic detected: HTTP traffic on port 50155 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50155
Source: unknown	Network traffic detected: HTTP traffic on port 50156 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50156
Source: unknown	Network traffic detected: HTTP traffic on port 50157 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50157
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50157
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50157
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50157
Source: unknown	Network traffic detected: HTTP traffic on port 50158 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50158
Source: unknown	Network traffic detected: HTTP traffic on port 50159 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50159
Source: unknown	Network traffic detected: HTTP traffic on port 50160 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50160
Source: unknown	Network traffic detected: HTTP traffic on port 50162 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50162
Source: unknown	Network traffic detected: HTTP traffic on port 50163 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50163
Source: unknown	Network traffic detected: HTTP traffic on port 50164 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50164
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50164
Source: unknown	Network traffic detected: HTTP traffic on port 50165 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50165
Source: unknown	Network traffic detected: HTTP traffic on port 50166 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50166
Source: unknown	Network traffic detected: HTTP traffic on port 50167 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50167
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50167
Source: unknown	Network traffic detected: HTTP traffic on port 50169 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50169
Source: unknown	Network traffic detected: HTTP traffic on port 50170 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50170
Source: unknown	Network traffic detected: HTTP traffic on port 50171 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50171
Source: unknown	Network traffic detected: HTTP traffic on port 50172 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50172
Source: unknown	Network traffic detected: HTTP traffic on port 50173 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50173
Source: unknown	Network traffic detected: HTTP traffic on port 50174 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50174
Source: unknown	Network traffic detected: HTTP traffic on port 50175 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50175
Source: unknown	Network traffic detected: HTTP traffic on port 50176 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50176
Source: unknown	Network traffic detected: HTTP traffic on port 50177 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50177
Source: unknown	Network traffic detected: HTTP traffic on port 50178 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50178
Source: unknown	Network traffic detected: HTTP traffic on port 50179 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50179
Source: unknown	Network traffic detected: HTTP traffic on port 50180 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50180
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50180
Source: unknown	Network traffic detected: HTTP traffic on port 50181 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50181
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50181
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50181
Source: unknown	Network traffic detected: HTTP traffic on port 50182 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50182
Source: unknown	Network traffic detected: HTTP traffic on port 50183 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50183

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\Desktop\107.exe

Code function: 0_2_045A368F EncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_045A368F

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: E70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 2B70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 4B70000 memory reserve \| memory write watch	Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\107.exe

Code function: 0_2_00459B90 rdtsc

0_2_00459B90

Contains long sleeps (>= 3 min)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Window / User API: threadDelayed 1989			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Window / User API: threadDelayed 7560			Jump to behavior

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\107.exe

API coverage: 3.4 %

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 984	Thread sleep time: -27670116110564310s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 984	Thread sleep time: -420000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 984	Thread sleep time: -59890s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -33966s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 984	Thread sleep time: -59781s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -34686s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 984	Thread sleep time: -59672s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 984	Thread sleep time: -59562s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 984	Thread sleep time: -59453s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -42936s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 984	Thread sleep time: -59343s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -52114s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 984	Thread sleep time: -59230s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 984	Thread sleep time: -59062s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -39120s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -50964s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -44683s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -55819s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -39392s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -53059s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -49454s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -50861s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5860	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -49491s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -36765s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -33263s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -58856s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -34904s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -54936s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -33115s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -45458s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -51486s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -42085s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -47669s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -35326s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -35956s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -33699s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -42091s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -34551s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -39042s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -42012s >= -30000s	Jump to behavior

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 59890	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 33966	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 59781	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 34686	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 59672	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 59562	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 59453	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 42936	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 59343	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 52114	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 59230	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 59062	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 39120	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 50964	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 44683	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 55819	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 39392	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 53059	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 49454	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 50861	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 49491	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 36765	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 33263	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 58856	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 34904	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 54936	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 33115	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 45458	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 51486	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 42085	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 47669	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 35326	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 35956	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 33699	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 42091	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 34551	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 39042	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 42012	Jump to behavior

Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696428655
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: RegAsm.exe, 00000001.00000002.4488678862.0000000000F3D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696428655f
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696428655
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)

Source: C:\Users\user\Desktop\107.exe

Code function: 0_2_0045ED20 GetFileAttributesW,CreateFileW,NtSystemDebugControl,CloseHandle,GetLastError,DeleteFileW,GetCurrentProcess,CheckRemoteDebuggerPresent,GetModuleHandleW,GetProcAddress,VirtualProtect,VirtualProtect,GetCurrentProcess,FlushInstructionCache,

0_2_0045ED20

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\107.exe

Code function: 0_2_00459B90 rdtsc

0_2_00459B90

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\107.exe

Code function: 0_2_005A3B93 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_005A3B93

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Source: C:\Users\user\Desktop\107.exe

Code function: 0_2_045A7DE6 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,

0_2_045A7DE6

Contains functionality to debug other processes

Source: C:\Users\user\Desktop\107.exe

Code function: 0_2_00403010 OpenProcess,K32GetProcessImageFileNameW,CloseHandle,DebugActiveProcess,DebugSetProcessKillOnExit,WaitForDebugEvent,SetEvent,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle,EnterCriticalSection,LeaveCriticalSection,EnterCriticalSection,LeaveCriticalSection,OpenProcess,DebugBreakProcess,CloseHandle,ContinueDebugEvent,OpenProcess,K32EnumProcessModules,K32GetModuleBaseNameW,CloseHandle,CloseHandle,OpenThread,SetThreadToken,CloseHandle,OpenProcess,ReadProcessMemory,CloseHandle,OpenThread,GetThreadContext,DebugSetProcessKillOnExit,GetThreadContext,GetSystemTimeAsFileTime,GetFileAttributesExW,CloseHandle,CreateFileW,GetLastError,DebugActiveProcessStop,DeviceIoControl,GetLastError,CloseHandle,DebugActiveProcessStop,GetLastError,GetLastError,

0_2_00403010

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\107.exe

Code function: 0_2_004613E0 InitializeCriticalSection,UuidCreate,GetSystemDirectoryW,LoadLibraryW,GetProcAddress,GetLastError,GetLastError,SetEvent,

0_2_004613E0

Contains functionality to read the PEB

Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_005B541A mov eax, dword ptr fs:[00000030h]		0_2_005B541A
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_005B1572 mov ecx, dword ptr fs:[00000030h]		0_2_005B1572

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Desktop\107.exe

Code function: 0_2_045A3860 GetProcessHeap,

0_2_045A3860

Enables debug privileges

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_00598B9C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00598B9C
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_005A3B93 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_005A3B93
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_045A4390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_045A4390

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Allocates memory in foreign processes

Source: C:\Users\user\Desktop\107.exe

Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write

Jump to behavior

Contains functionality to inject code into remote processes

Source: C:\Users\user\Desktop\107.exe

Code function: 0_2_045A1000 _memset,GetCommandLineW,CreateProcessW,GetLastError,_wprintf,VirtualAlloc,GetLastError,_wprintf,_memmove,_memset,Wow64GetThreadContext,GetLastError,_wprintf,ReadProcessMemory,GetLastError,_wprintf,GetModuleHandleA,GetProcAddress,GetLastError,_wprintf,VirtualAllocEx,VirtualAllocEx,GetLastError,VirtualAllocEx,GetLastError,_wprintf,WriteProcessMemory,WriteProcessMemory,_wprintf,WriteProcessMemory,Wow64SetThreadContext,GetLastError,_wprintf,WriteProcessMemory,WriteProcessMemory,VirtualProtectEx,WriteProcessMemory,VirtualProtectEx,ResumeThread,GetLastError,_wprintf,GetLastError,_wprintf,GetLastError,_wprintf,

0_2_045A1000

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\107.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A

Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\107.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: A92008	Jump to behavior
Source: C:\Users\user\Desktop\107.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\107.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 402000	Jump to behavior
Source: C:\Users\user\Desktop\107.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 4C2000	Jump to behavior
Source: C:\Users\user\Desktop\107.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 4C4000	Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\107.exe

Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Users\user\Desktop\107.exe"

Jump to behavior

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\107.exe

Code function: 0_2_045A63F2 cpuid

0_2_045A63F2

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\Desktop\107.exe	Code function: GetLocaleInfoW,	0_2_005B50C4
Source: C:\Users\user\Desktop\107.exe	Code function: GetACP,IsValidCodePage,GetLocaleInfoW,	0_2_005BB65F
Source: C:\Users\user\Desktop\107.exe	Code function: GetLocaleInfoW,	0_2_005BB860
Source: C:\Users\user\Desktop\107.exe	Code function: EnumSystemLocalesW,	0_2_005BB952
Source: C:\Users\user\Desktop\107.exe	Code function: EnumSystemLocalesW,	0_2_005BB907
Source: C:\Users\user\Desktop\107.exe	Code function: EnumSystemLocalesW,	0_2_005BB9ED
Source: C:\Users\user\Desktop\107.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	0_2_005BBA80
Source: C:\Users\user\Desktop\107.exe	Code function: EnumSystemLocalesW,	0_2_005B4B7D
Source: C:\Users\user\Desktop\107.exe	Code function: GetLocaleInfoW,	0_2_005BBCE0
Source: C:\Users\user\Desktop\107.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_005BBE09
Source: C:\Users\user\Desktop\107.exe	Code function: GetLocaleInfoW,	0_2_005BBF0F
Source: C:\Users\user\Desktop\107.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_005BBFDE

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\107.exe

Code function: 0_2_00582290 QueryUnbiasedInterruptTime,GetSystemTimes,

0_2_00582290

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

AV process strings found (often used to terminate AV products)

Source: RegAsm.exe, 00000001.00000002.4488678862.0000000000EF2000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4494113492.0000000006B4F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4488678862.0000000000F3D000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

Stealing of Sensitive Information

Yara detected RedLine Stealer

Source: Yara match	File source: 1.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.45b30d0.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.4680000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.45b30d0.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.44d1cd0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.4680000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.44d1cd0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.44c0000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.45a0000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.45a0000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.44c0000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2026335847.00000000045A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.4487554897.0000000000402000.00000020.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2026450332.0000000004680000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2026267845.00000000044C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 107.exe PID: 7112, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 3928, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior

Yara detected Credential Stealer

Source: Yara match	File source: 1.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.45b30d0.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.4680000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.45b30d0.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.44d1cd0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.4680000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.44d1cd0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.44c0000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.45a0000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.45a0000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.44c0000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2026335847.00000000045A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.4487554897.0000000000402000.00000020.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2026450332.0000000004680000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2026267845.00000000044C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 107.exe PID: 7112, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 3928, type: MEMORYSTR

Remote Access Functionality

Yara detected RedLine Stealer

Source: Yara match	File source: 1.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.45b30d0.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.4680000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.45b30d0.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.44d1cd0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.4680000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.44d1cd0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.44c0000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.45a0000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.45a0000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.44c0000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2026335847.00000000045A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.4487554897.0000000000402000.00000020.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2026450332.0000000004680000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2026267845.00000000044C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 107.exe PID: 7112, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 3928, type: MEMORYSTR

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Source: C:\Users\user\Desktop\107.exe

0_2_0042C200

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
213.109.202.97	unknown	unknown		34359	UA-LINK-ASUA	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://213.109.202.97:9000/wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F	true		unknown

AV Detection

Multi AV Scanner detection for submitted file

Source: 107.exe	ReversingLabs: Detection: 31%
Source: 107.exe	Virustotal: Detection: 28%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\Desktop\107.exe

0_2_00459B90

Uses 32bit PE files

Source: 107.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\background.js.LICENSE.txt	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\import.js.LICENSE.txt	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\options.js.LICENSE.txt	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\permissions.js.LICENSE.txt	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\popup.js.LICENSE.txt	Jump to behavior

Source:

Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x86\avDump.pdb source: 107.exe

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then jmp 06EFDB95h	1_2_06EFD5B9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then jmp 07B9556Ch	1_2_07B94580
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then jmp 07B9556Ch	1_2_07B94580

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.5:49704 -> 213.109.202.97:15647
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 213.109.202.97:15647 -> 192.168.2.5:49704
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49705 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49711 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49706 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49708 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49713 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49716 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49761 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49767 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49749 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49801 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49782 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49773 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49795 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49807 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49789 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49819 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49813 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49825 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49831 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49754 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49848 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49860 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49866 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49854 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49872 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49878 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49894 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49884 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49900 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49906 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49913 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49840 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49919 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49925 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49932 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49938 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49951 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49967 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49957 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49973 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49991 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49997 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50004 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49944 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50014 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50019 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50027 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50025 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50028 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50029 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50031 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50030 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50032 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50033 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50034 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50035 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.5:50038 -> 213.109.202.97:15647
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.5:50037 -> 213.109.202.97:15647
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.5:50039 -> 213.109.202.97:15647
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.5:50042 -> 213.109.202.97:15647
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.5:50041 -> 213.109.202.97:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50036 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50040 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50043 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49979 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 213.109.202.97:15647 -> 192.168.2.5:50042
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50045 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50046 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.5:50048 -> 213.109.202.97:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50047 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50049 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50050 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:49985 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50052 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50053 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50054 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50044 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.5:50051 -> 213.109.202.97:15647
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 213.109.202.97:15647 -> 192.168.2.5:50048
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50055 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50056 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.5:50058 -> 213.109.202.97:15647
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 213.109.202.97:15647 -> 192.168.2.5:50051
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50057 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50059 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 213.109.202.97:15647 -> 192.168.2.5:50058
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50060 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50061 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50062 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50063 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50064 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50065 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.5:50067 -> 213.109.202.97:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50066 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50069 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50070 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50071 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50072 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 213.109.202.97:15647 -> 192.168.2.5:50067
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50073 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50074 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50068 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50075 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.5:50076 -> 213.109.202.97:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50077 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.5:50081 -> 213.109.202.97:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50078 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50079 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50080 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50082 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50083 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.5:50085 -> 213.109.202.97:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50084 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 213.109.202.97:15647 -> 192.168.2.5:50081
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50086 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50087 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50088 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50089 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50090 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50091 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50092 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 213.109.202.97:15647 -> 192.168.2.5:50085
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50093 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50094 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50096 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50097 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50098 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50099 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50100 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50102 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50103 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50104 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50105 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50106 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50107 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50108 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50109 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50110 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50111 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50112 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50113 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50114 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50115 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50116 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50095 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50117 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50118 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50119 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50120 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50121 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50122 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50123 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50124 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50125 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50126 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50127 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50128 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.5:50130 -> 213.109.202.97:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50129 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50131 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50132 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50133 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 213.109.202.97:15647 -> 192.168.2.5:50130
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50134 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50135 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50136 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.5:50138 -> 213.109.202.97:15647
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.5:50139 -> 213.109.202.97:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50137 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50140 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50141 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 213.109.202.97:15647 -> 192.168.2.5:50139
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50142 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50143 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50144 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50145 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50146 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50147 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50148 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50149 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50150 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50151 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.5:50153 -> 213.109.202.97:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50152 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50155 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50156 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50157 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 213.109.202.97:15647 -> 192.168.2.5:50153
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50158 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50159 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50154 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.5:50161 -> 213.109.202.97:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50160 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50162 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50163 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50164 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50165 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 213.109.202.97:15647 -> 192.168.2.5:50161
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.5:50168 -> 213.109.202.97:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50167 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50169 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50170 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50171 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50172 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50173 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 213.109.202.97:15647 -> 192.168.2.5:50168
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50175 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50176 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50174 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50177 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50178 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50179 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50180 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50181 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50182 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50183 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.5:50166 -> 213.109.202.97:9000

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 213.109.202.97 ports 9000,1,4,5,6,7,15647

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 50019 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 50029 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 50030 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 50052 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 50060 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50063 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 50064 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 50065 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 50066 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 50069 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 50070 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 50072 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 50077 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 50078 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 50082 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 50084 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 50086 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 50087 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 50088 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 50089 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 50090 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 50091 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 50092 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 50093 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50093
Source: unknown	Network traffic detected: HTTP traffic on port 50094 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50095
Source: unknown	Network traffic detected: HTTP traffic on port 50096 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 50097 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50097
Source: unknown	Network traffic detected: HTTP traffic on port 50098 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50098
Source: unknown	Network traffic detected: HTTP traffic on port 50099 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50099
Source: unknown	Network traffic detected: HTTP traffic on port 50100 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 50103 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 50104 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50104
Source: unknown	Network traffic detected: HTTP traffic on port 50105 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 50107 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 50108 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50108
Source: unknown	Network traffic detected: HTTP traffic on port 50109 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 50110 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 50111 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 50112 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 50113 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 50115 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 50116 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50116
Source: unknown	Network traffic detected: HTTP traffic on port 50117 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50117
Source: unknown	Network traffic detected: HTTP traffic on port 50118 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50118
Source: unknown	Network traffic detected: HTTP traffic on port 50119 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 50120 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 50122 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50122
Source: unknown	Network traffic detected: HTTP traffic on port 50123 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50123
Source: unknown	Network traffic detected: HTTP traffic on port 50124 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 50125 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50125
Source: unknown	Network traffic detected: HTTP traffic on port 50126 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50126
Source: unknown	Network traffic detected: HTTP traffic on port 50127 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 50129 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 50131 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50131
Source: unknown	Network traffic detected: HTTP traffic on port 50132 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50132
Source: unknown	Network traffic detected: HTTP traffic on port 50133 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50133
Source: unknown	Network traffic detected: HTTP traffic on port 50134 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50134
Source: unknown	Network traffic detected: HTTP traffic on port 50135 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50135
Source: unknown	Network traffic detected: HTTP traffic on port 50136 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50136
Source: unknown	Network traffic detected: HTTP traffic on port 50137 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50137
Source: unknown	Network traffic detected: HTTP traffic on port 50140 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50140
Source: unknown	Network traffic detected: HTTP traffic on port 50141 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50141
Source: unknown	Network traffic detected: HTTP traffic on port 50142 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50142
Source: unknown	Network traffic detected: HTTP traffic on port 50143 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50143
Source: unknown	Network traffic detected: HTTP traffic on port 50144 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50144
Source: unknown	Network traffic detected: HTTP traffic on port 50145 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50145
Source: unknown	Network traffic detected: HTTP traffic on port 50146 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50146
Source: unknown	Network traffic detected: HTTP traffic on port 50147 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50147
Source: unknown	Network traffic detected: HTTP traffic on port 50148 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50148
Source: unknown	Network traffic detected: HTTP traffic on port 50149 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50149
Source: unknown	Network traffic detected: HTTP traffic on port 50150 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50150
Source: unknown	Network traffic detected: HTTP traffic on port 50151 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50151
Source: unknown	Network traffic detected: HTTP traffic on port 50152 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50152
Source: unknown	Network traffic detected: HTTP traffic on port 50154 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50154
Source: unknown	Network traffic detected: HTTP traffic on port 50155 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50155
Source: unknown	Network traffic detected: HTTP traffic on port 50156 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50156
Source: unknown	Network traffic detected: HTTP traffic on port 50157 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50157
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50157
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50157
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50157
Source: unknown	Network traffic detected: HTTP traffic on port 50158 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50158
Source: unknown	Network traffic detected: HTTP traffic on port 50159 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50159
Source: unknown	Network traffic detected: HTTP traffic on port 50160 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50160
Source: unknown	Network traffic detected: HTTP traffic on port 50162 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50162
Source: unknown	Network traffic detected: HTTP traffic on port 50163 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50163
Source: unknown	Network traffic detected: HTTP traffic on port 50164 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50164
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50164
Source: unknown	Network traffic detected: HTTP traffic on port 50165 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50165
Source: unknown	Network traffic detected: HTTP traffic on port 50166 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50166
Source: unknown	Network traffic detected: HTTP traffic on port 50167 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50167
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50167
Source: unknown	Network traffic detected: HTTP traffic on port 50169 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50169
Source: unknown	Network traffic detected: HTTP traffic on port 50170 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50170
Source: unknown	Network traffic detected: HTTP traffic on port 50171 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50171
Source: unknown	Network traffic detected: HTTP traffic on port 50172 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50172
Source: unknown	Network traffic detected: HTTP traffic on port 50173 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50173
Source: unknown	Network traffic detected: HTTP traffic on port 50174 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50174
Source: unknown	Network traffic detected: HTTP traffic on port 50175 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50175
Source: unknown	Network traffic detected: HTTP traffic on port 50176 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50176
Source: unknown	Network traffic detected: HTTP traffic on port 50177 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50177
Source: unknown	Network traffic detected: HTTP traffic on port 50178 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50178
Source: unknown	Network traffic detected: HTTP traffic on port 50179 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50179
Source: unknown	Network traffic detected: HTTP traffic on port 50180 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50180
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50180
Source: unknown	Network traffic detected: HTTP traffic on port 50181 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50181
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50181
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50181
Source: unknown	Network traffic detected: HTTP traffic on port 50182 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50182
Source: unknown	Network traffic detected: HTTP traffic on port 50183 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50183

Detected TCP or UDP traffic on non-standard ports

Source: global traffic

TCP traffic: 192.168.2.5:49704 -> 213.109.202.97:15647

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjfl?q=02a10a9fb79f454eb9b579eb295605f6 HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: UA-LINK-ASUA UA-LINK-ASUA

Suricata IDS alerts with low severity for network traffic

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49705 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49713 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49761 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49767 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49801 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49795 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49773 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49782 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49807 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49789 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49819 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49813 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49825 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49831 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49754 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49848 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49860 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49866 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49854 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49872 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49878 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49884 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49894 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49900 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49906 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49913 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49840 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49919 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49925 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49932 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49938 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49951 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49967 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49957 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49973 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49991 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49997 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50004 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49944 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50014 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50019 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50025 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50027 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50028 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50029 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50030 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50031 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50032 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50033 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50034 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50035 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50036 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50040 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50043 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49979 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50045 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50046 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50047 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50049 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50050 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49985 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50052 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50053 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50054 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50044 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50055 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50056 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50057 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50059 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50060 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50061 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50062 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50063 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50064 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50065 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50066 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50069 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50070 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50071 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50072 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50073 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50074 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50068 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50075 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50077 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50078 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50079 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50080 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50082 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50083 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50084 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50086 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50087 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50088 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50089 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50090 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50091 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50092 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50093 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50094 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50096 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50097 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50098 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50099 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50100 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50103 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50104 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50105 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50106 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50107 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50108 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50109 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50110 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50111 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50112 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50113 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50114 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50115 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50116 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50095 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50117 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50118 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50119 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50120 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50121 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50123 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50133 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50141 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50147 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50150 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50152 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50155 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50159 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50160 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50170 -> 213.109.202.97:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50175 -> 213.109.202.97:9000

Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97
Source: unknown	TCP traffic detected without corresponding DNS query: 213.109.202.97

Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjfl?q=02a10a9fb79f454eb9b579eb295605f6 HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F HTTP/1.1Host: 213.109.202.97:9000Connection: Keep-Alive

Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002C17000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://213.109.202.97:9000
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002C17000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://213.109.202.97:9000/wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: licenses.html.1.dr	String found in binary or memory: http://www.droidfonts.com/
Source: RegAsm.exe, 00000001.00000002.4489424197.000000000317B000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000002DC6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000002F2D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000003006000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: manifest.json.1.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: RegAsm.exe, 00000001.00000002.4489424197.000000000317B000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000002DC6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000002F2D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000003006000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: RegAsm.exe, 00000001.00000002.4489424197.000000000317B000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000002DC6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000002F2D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000003006000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: RegAsm.exe, 00000001.00000002.4489424197.000000000317B000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000002DC6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000002F2D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000003006000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Secure Preferences.1.dr	String found in binary or memory: https://chrome.google.com/webstore
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, Secure Preferences.1.dr, manifest.json.1.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: Secure Preferences.1.dr	String found in binary or memory: https://docs.google.com/
Source: Secure Preferences.1.dr	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: Secure Preferences.1.dr	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: Secure Preferences.1.dr	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: Secure Preferences.1.dr	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: Secure Preferences.1.dr	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: Secure Preferences.1.dr	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: Secure Preferences.1.dr	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: Secure Preferences.1.dr	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: Secure Preferences.1.dr	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: Secure Preferences.1.dr	String found in binary or memory: https://drive-staging.corp.google.com/
Source: Secure Preferences.1.dr	String found in binary or memory: https://drive.google.com/
Source: RegAsm.exe, 00000001.00000002.4489424197.000000000317B000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000002DC6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000002F2D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002DC6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: RegAsm.exe, 00000001.00000002.4489424197.000000000317B000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000002F2D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtabS
Source: RegAsm.exe, 00000001.00000002.4489424197.000000000317B000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000002DC6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000002F2D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: licenses.html.1.dr	String found in binary or memory: https://github.com/Authenticator-Extension
Source: licenses.html.1.dr	String found in binary or memory: https://github.com/FortAwesome/Font-Awesome
Source: licenses.html.1.dr	String found in binary or memory: https://github.com/multiwebinc
Source: manifest.json.1.dr	String found in binary or memory: https://login.microsoftonline.com/common/oauth2/v2.0/token
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pastebin.com/raw/Ld9GfkdJ
Source: RegAsm.exe, 00000001.00000002.4489424197.000000000317B000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000002DC6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000002F2D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000003006000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: manifest.json.1.dr	String found in binary or memory: https://www.google.com/
Source: RegAsm.exe, 00000001.00000002.4489424197.000000000317B000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000002DC6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.4489424197.0000000002F2D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/drive.file

System Summary

Malicious sample detected (through community Yara rule)

Source: 1.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Arechclient2 RAT Author: ditekSHen
Source: 0.2.107.exe.45b30d0.4.unpack, type: UNPACKEDPE	Matched rule: Detects Arechclient2 RAT Author: ditekSHen
Source: 0.2.107.exe.4680000.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Arechclient2 RAT Author: ditekSHen
Source: 0.2.107.exe.45b30d0.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Arechclient2 RAT Author: ditekSHen
Source: 0.2.107.exe.44d1cd0.1.unpack, type: UNPACKEDPE	Matched rule: Detects Arechclient2 RAT Author: ditekSHen
Source: 0.2.107.exe.4680000.5.unpack, type: UNPACKEDPE	Matched rule: Detects Arechclient2 RAT Author: ditekSHen
Source: 0.2.107.exe.44d1cd0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Arechclient2 RAT Author: ditekSHen
Source: 0.2.107.exe.44c0000.2.unpack, type: UNPACKEDPE	Matched rule: Detects Arechclient2 RAT Author: ditekSHen
Source: 0.2.107.exe.45a0000.3.unpack, type: UNPACKEDPE	Matched rule: Detects Arechclient2 RAT Author: ditekSHen
Source: 0.2.107.exe.45a0000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Arechclient2 RAT Author: ditekSHen
Source: 0.2.107.exe.44c0000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Arechclient2 RAT Author: ditekSHen
Source: 00000000.00000002.2026335847.00000000045A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects Arechclient2 RAT Author: ditekSHen
Source: 00000000.00000002.2026450332.0000000004680000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Arechclient2 RAT Author: ditekSHen
Source: 00000000.00000002.2026267845.00000000044C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Arechclient2 RAT Author: ditekSHen

Abnormal high CPU Usage

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Process Stats: CPU usage > 49%

Contains functionality to call native functions

Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_004473E0 GetModuleHandleW,GetProcAddress,NtQueryInformationProcess,GetCurrentProcess,NtQueryInformationProcess,	0_2_004473E0
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_004568B0 NtOpenKey,	0_2_004568B0
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_004569E0 NtQueryKey,	0_2_004569E0
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_00456AC0 NtDeleteKey,NtClose,RegCloseKey,SetLastError,	0_2_00456AC0
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_0045ED20 GetFileAttributesW,CreateFileW,NtSystemDebugControl,CloseHandle,GetLastError,DeleteFileW,GetCurrentProcess,CheckRemoteDebuggerPresent,GetModuleHandleW,GetProcAddress,VirtualProtect,VirtualProtect,GetCurrentProcess,FlushInstructionCache,	0_2_0045ED20

Contains functionality to communicate with device drivers

Source: C:\Users\user\Desktop\107.exe

0_2_00403010

Contains functionality to delete services

Source: C:\Users\user\Desktop\107.exe

0_2_0042C200

Detected potential crypto function

Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_00403010	0_2_00403010
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_004160F0	0_2_004160F0
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_005BB110	0_2_005BB110
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_0042B1C0	0_2_0042B1C0
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_0042C200	0_2_0042C200
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_004182D0	0_2_004182D0
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_0041C2F0	0_2_0041C2F0
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_0040A2A0	0_2_0040A2A0
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_00417340	0_2_00417340
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_00591340	0_2_00591340
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_0045C450	0_2_0045C450
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_005B44CA	0_2_005B44CA
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_00422500	0_2_00422500
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_00415590	0_2_00415590
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_0043E6A0	0_2_0043E6A0
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_0041E6B0	0_2_0041E6B0
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_0041F740	0_2_0041F740
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_00413750	0_2_00413750
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_0041B830	0_2_0041B830
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_00417970	0_2_00417970
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_00419B90	0_2_00419B90
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_0041DBB0	0_2_0041DBB0
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_0041CC40	0_2_0041CC40
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_0041BCB0	0_2_0041BCB0
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_0041AD20	0_2_0041AD20
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_00599E40	0_2_00599E40
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_00405EA0	0_2_00405EA0
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_045A1000	0_2_045A1000
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_045A9562	0_2_045A9562
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_045A368F	0_2_045A368F
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_045AAD41	0_2_045AAD41
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_045A8FF0	0_2_045A8FF0
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_045A6826	0_2_045A6826
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_045A9AD4	0_2_045A9AD4
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_045ABBFC	0_2_045ABBFC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_00E7C880	1_2_00E7C880
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_00E71070	1_2_00E71070
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_00E7B01F	1_2_00E7B01F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_00E7D110	1_2_00E7D110
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_00E715E0	1_2_00E715E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_00E7BD78	1_2_00E7BD78
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_00E7A8FB	1_2_00E7A8FB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_00E7C862	1_2_00E7C862
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_00E7A908	1_2_00E7A908
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_00E7D0F3	1_2_00E7D0F3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_00E7B09E	1_2_00E7B09E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_00E71067	1_2_00E71067
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_00E715D7	1_2_00E715D7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_00E7BD45	1_2_00E7BD45
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06D76C48	1_2_06D76C48
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06D70DEF	1_2_06D70DEF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06D70040	1_2_06D70040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06D71800	1_2_06D71800
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06D7E830	1_2_06D7E830
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06D72761	1_2_06D72761
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06D7BCFA	1_2_06D7BCFA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06D72430	1_2_06D72430
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06D7BD6A	1_2_06D7BD6A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06D7BD00	1_2_06D7BD00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06D70BC8	1_2_06D70BC8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06D7C818	1_2_06D7C818
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06D7C809	1_2_06D7C809
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06D7E008	1_2_06D7E008
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06EF67B8	1_2_06EF67B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06EF3759	1_2_06EF3759
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06EFDF52	1_2_06EFDF52
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06EF4CE0	1_2_06EF4CE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06EF2CA1	1_2_06EF2CA1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06EF74B0	1_2_06EF74B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06EF5498	1_2_06EF5498
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06EFB0A0	1_2_06EFB0A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06EF0040	1_2_06EF0040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06EF0828	1_2_06EF0828
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06EFC660	1_2_06EFC660
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06EFC670	1_2_06EFC670
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06EF4F90	1_2_06EF4F90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06EF4CCF	1_2_06EF4CCF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06EF2478	1_2_06EF2478
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06EF0006	1_2_06EF0006
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06EF0818	1_2_06EF0818
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06EF818A	1_2_06EF818A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07687674	1_2_07687674
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07687AF8	1_2_07687AF8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_0768E9A0	1_2_0768E9A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07685F6C	1_2_07685F6C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07688F70	1_2_07688F70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_0768DD70	1_2_0768DD70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_0768E940	1_2_0768E940
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B90E90	1_2_07B90E90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B982C8	1_2_07B982C8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B98A08	1_2_07B98A08
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B99278	1_2_07B99278
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B9C5AA	1_2_07B9C5AA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B94580	1_2_07B94580
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B96D38	1_2_07B96D38
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B9F0D5	1_2_07B9F0D5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B9BB80	1_2_07B9BB80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B95BF8	1_2_07B95BF8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B95BE9	1_2_07B95BE9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B9CF53	1_2_07B9CF53
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B95598	1_2_07B95598
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B95587	1_2_07B95587
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B905C8	1_2_07B905C8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B96D0B	1_2_07B96D0B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B97960	1_2_07B97960
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B94580	1_2_07B94580
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B9B020	1_2_07B9B020
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B9B010	1_2_07B9B010
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B90006	1_2_07B90006
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B90040	1_2_07B90040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B9D300	1_2_07B9D300
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07B9D2F0	1_2_07B9D2F0

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\107.exe	Code function: String function: 00423020 appears 98 times
Source: C:\Users\user\Desktop\107.exe	Code function: String function: 00427770 appears 40 times

Sample file is different than original file name gathered from version info

Source: 107.exe	Binary or memory string: OriginalFilename vs 107.exe
Source: 107.exe, 00000000.00000002.2025876429.00000000006F0000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameavDump.exeB vs 107.exe
Source: 107.exe, 00000000.00000002.2026335847.00000000045A0000.00000040.10000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenamebluefin.exe" vs 107.exe
Source: 107.exe, 00000000.00000002.2026450332.0000000004680000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamebluefin.exe" vs 107.exe
Source: 107.exe, 00000000.00000002.2026267845.00000000044C0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamebluefin.exe" vs 107.exe
Source: 107.exe	Binary or memory string: OriginalFilenameavDump.exeB vs 107.exe

Uses 32bit PE files

Source: 107.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Yara signature match

Source: 1.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
Source: 0.2.107.exe.45b30d0.4.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
Source: 0.2.107.exe.4680000.5.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
Source: 0.2.107.exe.45b30d0.4.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
Source: 0.2.107.exe.44d1cd0.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
Source: 0.2.107.exe.4680000.5.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
Source: 0.2.107.exe.44d1cd0.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
Source: 0.2.107.exe.44c0000.2.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
Source: 0.2.107.exe.45a0000.3.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
Source: 0.2.107.exe.45a0000.3.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
Source: 0.2.107.exe.44c0000.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
Source: 00000000.00000002.2026335847.00000000045A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
Source: 00000000.00000002.2026450332.0000000004680000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
Source: 00000000.00000002.2026267845.00000000044C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT

Source: 0.2.107.exe.45b30d0.4.raw.unpack, -Module-.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.107.exe.4680000.5.raw.unpack, -Module-.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.107.exe.44d1cd0.1.raw.unpack, -Module-.cs	Cryptographic APIs: 'CreateDecryptor'

Source: 107.exe

Source: tmpDC8Ctmp.zip.1.dr

Binary or memory string: ~.vBp5

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@3/145@0/1

Source: C:\Users\user\Desktop\107.exe

0_2_00459B90

Source: C:\Users\user\Desktop\107.exe

0_2_0042C200

Source: C:\Users\user\Desktop\107.exe

0_2_0042C200

Source: C:\Users\user\Desktop\107.exe

0_2_0042C200

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File created: C:\Users\user\AppData\Local\Yandex

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Mutant created: NULL
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Mutant created: \Sessions\1\BaseNamedObjects\9a6266ed752044c78662da8da86e77c4

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File created: C:\Users\user\AppData\Local\Temp\tmp67CB.tmp

Jump to behavior

Source: 107.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\107.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 107.exe	ReversingLabs: Detection: 31%
Source: 107.exe	Virustotal: Detection: 28%

Source: 107.exe	String found in binary or memory: company-install-path
Source: 107.exe	String found in binary or memory: SecureLineSecure VPNHMA! Pro VPNVPNTuneupTuneUpCleanupUtilitiesBatterySaverDriverUpdaterBreachGuardAntiTrackKamoSoftware\\IcarusSYSTEM\Software\PersistentStorageOverrideDataFolderLogssettingsproduct-reg-keyreg-keyicarus.iniprogram-data-dirdata-dirproduct-dircompany-install-pathcouldn't open filecouldn't obtain exclusive file lockinvalid string_view position

Source: unknown	Process created: C:\Users\user\Desktop\107.exe "C:\Users\user\Desktop\107.exe"
Source: C:\Users\user\Desktop\107.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Users\user\Desktop\107.exe"
Source: C:\Users\user\Desktop\107.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Users\user\Desktop\107.exe"	Jump to behavior

Source: C:\Users\user\Desktop\107.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\107.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\107.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\107.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\107.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\107.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\107.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32

Jump to behavior

Source: 107.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: 107.exe

Static file information: File size 4083200 > 1048576

Source: 107.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x1f0200

Source: 107.exe

Static PE information: More than 200 imports for KERNEL32.dll

Source: 107.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: 107.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: 107.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: 107.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: 107.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: 107.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: 107.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x86\avDump.pdb source: 107.exe

Source: 107.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: 107.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: 107.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: 107.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: 107.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\107.exe

Code function: 0_2_004613E0 InitializeCriticalSection,UuidCreate,GetSystemDirectoryW,LoadLibraryW,GetProcAddress,GetLastError,GetLastError,SetEvent,

0_2_004613E0

PE file contains an invalid checksum

Source: 107.exe

Static PE information: real checksum: 0x32286d should be: 0x3ee7c3

PE file contains sections with non-standard names

Source: 107.exe

Static PE information: section name: .didat

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_00599247 push ecx; ret	0_2_0059925A
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_0042A791 push E8FFFFFEh; iretd	0_2_0042A796
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_045B2DC0 push eax; ret	0_2_045B2E21
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_045B2E70 push eax; ret	0_2_045B2E21
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_045A2E15 push ecx; ret	0_2_045A2E28
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_00E7EC5D push eax; iretd	1_2_00E7EC5E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_06D7814A push esp; ret	1_2_06D78151
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 1_2_07687968 push es; iretd	1_2_07687974

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\background.js.LICENSE.txt	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\import.js.LICENSE.txt	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\options.js.LICENSE.txt	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\permissions.js.LICENSE.txt	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\popup.js.LICENSE.txt	Jump to behavior

Source: C:\Users\user\Desktop\107.exe

0_2_0042C200

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 50019 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 50029 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 50030 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 50052 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 50060 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50063 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 50064 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 50065 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 50066 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 50069 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 50070 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 50072 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 50077 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 50078 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 50082 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 50084 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 50086 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 50087 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 50088 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 50089 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 50090 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 50091 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 50092 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 50093 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50093
Source: unknown	Network traffic detected: HTTP traffic on port 50094 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50095
Source: unknown	Network traffic detected: HTTP traffic on port 50096 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 50097 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50097
Source: unknown	Network traffic detected: HTTP traffic on port 50098 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50098
Source: unknown	Network traffic detected: HTTP traffic on port 50099 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50099
Source: unknown	Network traffic detected: HTTP traffic on port 50100 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 50103 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 50104 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50104
Source: unknown	Network traffic detected: HTTP traffic on port 50105 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 50107 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 50108 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50108
Source: unknown	Network traffic detected: HTTP traffic on port 50109 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 50110 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 50111 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 50112 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 50113 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 50115 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 50116 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50116
Source: unknown	Network traffic detected: HTTP traffic on port 50117 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50117
Source: unknown	Network traffic detected: HTTP traffic on port 50118 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50118
Source: unknown	Network traffic detected: HTTP traffic on port 50119 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 50120 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 50122 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50122
Source: unknown	Network traffic detected: HTTP traffic on port 50123 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50123
Source: unknown	Network traffic detected: HTTP traffic on port 50124 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 50125 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50125
Source: unknown	Network traffic detected: HTTP traffic on port 50126 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50126
Source: unknown	Network traffic detected: HTTP traffic on port 50127 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 50129 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 50131 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50131
Source: unknown	Network traffic detected: HTTP traffic on port 50132 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50132
Source: unknown	Network traffic detected: HTTP traffic on port 50133 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50133
Source: unknown	Network traffic detected: HTTP traffic on port 50134 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50134
Source: unknown	Network traffic detected: HTTP traffic on port 50135 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50135
Source: unknown	Network traffic detected: HTTP traffic on port 50136 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50136
Source: unknown	Network traffic detected: HTTP traffic on port 50137 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50137
Source: unknown	Network traffic detected: HTTP traffic on port 50140 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50140
Source: unknown	Network traffic detected: HTTP traffic on port 50141 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50141
Source: unknown	Network traffic detected: HTTP traffic on port 50142 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50142
Source: unknown	Network traffic detected: HTTP traffic on port 50143 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50143
Source: unknown	Network traffic detected: HTTP traffic on port 50144 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50144
Source: unknown	Network traffic detected: HTTP traffic on port 50145 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50145
Source: unknown	Network traffic detected: HTTP traffic on port 50146 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50146
Source: unknown	Network traffic detected: HTTP traffic on port 50147 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50147
Source: unknown	Network traffic detected: HTTP traffic on port 50148 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50148
Source: unknown	Network traffic detected: HTTP traffic on port 50149 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50149
Source: unknown	Network traffic detected: HTTP traffic on port 50150 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50150
Source: unknown	Network traffic detected: HTTP traffic on port 50151 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50151
Source: unknown	Network traffic detected: HTTP traffic on port 50152 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50152
Source: unknown	Network traffic detected: HTTP traffic on port 50154 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50154
Source: unknown	Network traffic detected: HTTP traffic on port 50155 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50155
Source: unknown	Network traffic detected: HTTP traffic on port 50156 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50156
Source: unknown	Network traffic detected: HTTP traffic on port 50157 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50157
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50157
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50157
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50157
Source: unknown	Network traffic detected: HTTP traffic on port 50158 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50158
Source: unknown	Network traffic detected: HTTP traffic on port 50159 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50159
Source: unknown	Network traffic detected: HTTP traffic on port 50160 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50160
Source: unknown	Network traffic detected: HTTP traffic on port 50162 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50162
Source: unknown	Network traffic detected: HTTP traffic on port 50163 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50163
Source: unknown	Network traffic detected: HTTP traffic on port 50164 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50164
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50164
Source: unknown	Network traffic detected: HTTP traffic on port 50165 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50165
Source: unknown	Network traffic detected: HTTP traffic on port 50166 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50166
Source: unknown	Network traffic detected: HTTP traffic on port 50167 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50167
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50167
Source: unknown	Network traffic detected: HTTP traffic on port 50169 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50169
Source: unknown	Network traffic detected: HTTP traffic on port 50170 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50170
Source: unknown	Network traffic detected: HTTP traffic on port 50171 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50171
Source: unknown	Network traffic detected: HTTP traffic on port 50172 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50172
Source: unknown	Network traffic detected: HTTP traffic on port 50173 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50173
Source: unknown	Network traffic detected: HTTP traffic on port 50174 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50174
Source: unknown	Network traffic detected: HTTP traffic on port 50175 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50175
Source: unknown	Network traffic detected: HTTP traffic on port 50176 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50176
Source: unknown	Network traffic detected: HTTP traffic on port 50177 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50177
Source: unknown	Network traffic detected: HTTP traffic on port 50178 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50178
Source: unknown	Network traffic detected: HTTP traffic on port 50179 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50179
Source: unknown	Network traffic detected: HTTP traffic on port 50180 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50180
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50180
Source: unknown	Network traffic detected: HTTP traffic on port 50181 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50181
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50181
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50181
Source: unknown	Network traffic detected: HTTP traffic on port 50182 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50182
Source: unknown	Network traffic detected: HTTP traffic on port 50183 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50183

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\Desktop\107.exe

0_2_045A368F

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: E70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 2B70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 4B70000 memory reserve \| memory write watch	Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\107.exe

Code function: 0_2_00459B90 rdtsc

0_2_00459B90

Contains long sleeps (>= 3 min)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Window / User API: threadDelayed 1989			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Window / User API: threadDelayed 7560			Jump to behavior

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\107.exe

API coverage: 3.4 %

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 984	Thread sleep time: -27670116110564310s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 984	Thread sleep time: -420000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 984	Thread sleep time: -59890s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -33966s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 984	Thread sleep time: -59781s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -34686s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 984	Thread sleep time: -59672s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 984	Thread sleep time: -59562s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 984	Thread sleep time: -59453s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -42936s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 984	Thread sleep time: -59343s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -52114s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 984	Thread sleep time: -59230s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 984	Thread sleep time: -59062s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -39120s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -50964s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -44683s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -55819s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -39392s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -53059s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -49454s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -50861s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5860	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -49491s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -36765s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -33263s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -58856s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -34904s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -54936s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -33115s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -45458s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -51486s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -42085s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -47669s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -35326s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -35956s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -33699s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -42091s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -34551s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -39042s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2676	Thread sleep time: -42012s >= -30000s	Jump to behavior

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 59890	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 33966	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 59781	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 34686	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 59672	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 59562	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 59453	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 42936	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 59343	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 52114	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 59230	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 59062	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 39120	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 50964	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 44683	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 55819	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 39392	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 53059	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 49454	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 50861	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 49491	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 36765	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 33263	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 58856	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 34904	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 54936	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 33115	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 45458	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 51486	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 42085	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 47669	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 35326	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 35956	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 33699	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 42091	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 34551	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 39042	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 42012	Jump to behavior

Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696428655
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: RegAsm.exe, 00000001.00000002.4488678862.0000000000F3D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696428655f
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696428655
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: RegAsm.exe, 00000001.00000002.4489424197.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)

Source: C:\Users\user\Desktop\107.exe

0_2_0045ED20

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\107.exe

Code function: 0_2_00459B90 rdtsc

0_2_00459B90

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\107.exe

Code function: 0_2_005A3B93 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_005A3B93

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Source: C:\Users\user\Desktop\107.exe

0_2_045A7DE6

Contains functionality to debug other processes

Source: C:\Users\user\Desktop\107.exe

0_2_00403010

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\107.exe

Code function: 0_2_004613E0 InitializeCriticalSection,UuidCreate,GetSystemDirectoryW,LoadLibraryW,GetProcAddress,GetLastError,GetLastError,SetEvent,

0_2_004613E0

Contains functionality to read the PEB

Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_005B541A mov eax, dword ptr fs:[00000030h]		0_2_005B541A
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_005B1572 mov ecx, dword ptr fs:[00000030h]		0_2_005B1572

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Desktop\107.exe

Code function: 0_2_045A3860 GetProcessHeap,

0_2_045A3860

Enables debug privileges

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_00598B9C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00598B9C
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_005A3B93 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_005A3B93
Source: C:\Users\user\Desktop\107.exe	Code function: 0_2_045A4390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_045A4390

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Allocates memory in foreign processes

Source: C:\Users\user\Desktop\107.exe

Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write

Jump to behavior

Contains functionality to inject code into remote processes

Source: C:\Users\user\Desktop\107.exe

0_2_045A1000

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\107.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A

Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\107.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: A92008	Jump to behavior
Source: C:\Users\user\Desktop\107.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\107.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 402000	Jump to behavior
Source: C:\Users\user\Desktop\107.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 4C2000	Jump to behavior
Source: C:\Users\user\Desktop\107.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 4C4000	Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\107.exe

Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Users\user\Desktop\107.exe"

Jump to behavior

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\107.exe

Code function: 0_2_045A63F2 cpuid

0_2_045A63F2

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\Desktop\107.exe	Code function: GetLocaleInfoW,	0_2_005B50C4
Source: C:\Users\user\Desktop\107.exe	Code function: GetACP,IsValidCodePage,GetLocaleInfoW,	0_2_005BB65F
Source: C:\Users\user\Desktop\107.exe	Code function: GetLocaleInfoW,	0_2_005BB860
Source: C:\Users\user\Desktop\107.exe	Code function: EnumSystemLocalesW,	0_2_005BB952
Source: C:\Users\user\Desktop\107.exe	Code function: EnumSystemLocalesW,	0_2_005BB907
Source: C:\Users\user\Desktop\107.exe	Code function: EnumSystemLocalesW,	0_2_005BB9ED
Source: C:\Users\user\Desktop\107.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	0_2_005BBA80
Source: C:\Users\user\Desktop\107.exe	Code function: EnumSystemLocalesW,	0_2_005B4B7D
Source: C:\Users\user\Desktop\107.exe	Code function: GetLocaleInfoW,	0_2_005BBCE0
Source: C:\Users\user\Desktop\107.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_005BBE09
Source: C:\Users\user\Desktop\107.exe	Code function: GetLocaleInfoW,	0_2_005BBF0F
Source: C:\Users\user\Desktop\107.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_005BBFDE

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\107.exe

Code function: 0_2_00582290 QueryUnbiasedInterruptTime,GetSystemTimes,

0_2_00582290

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

AV process strings found (often used to terminate AV products)

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

Stealing of Sensitive Information

Yara detected RedLine Stealer

Source: Yara match	File source: 1.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.45b30d0.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.4680000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.45b30d0.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.44d1cd0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.4680000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.44d1cd0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.44c0000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.45a0000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.45a0000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.44c0000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2026335847.00000000045A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.4487554897.0000000000402000.00000020.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2026450332.0000000004680000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2026267845.00000000044C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 107.exe PID: 7112, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 3928, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior

Yara detected Credential Stealer

Source: Yara match	File source: 1.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.45b30d0.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.4680000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.45b30d0.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.44d1cd0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.4680000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.44d1cd0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.44c0000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.45a0000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.45a0000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.44c0000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2026335847.00000000045A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.4487554897.0000000000402000.00000020.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2026450332.0000000004680000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2026267845.00000000044C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 107.exe PID: 7112, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 3928, type: MEMORYSTR

Remote Access Functionality

Yara detected RedLine Stealer

Source: Yara match	File source: 1.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.45b30d0.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.4680000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.45b30d0.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.44d1cd0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.4680000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.44d1cd0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.44c0000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.45a0000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.45a0000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.107.exe.44c0000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2026335847.00000000045A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.4487554897.0000000000402000.00000020.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2026450332.0000000004680000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2026267845.00000000044C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 107.exe PID: 7112, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 3928, type: MEMORYSTR

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Source: C:\Users\user\Desktop\107.exe

0_2_0042C200

ID:	1537509
Product:	CloudBasic
Start time:	03:36:08
Start date:	19.10.2024
Sample:	107.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	468bbc70a56325cc39d82e796879faa2
SHA1:	5488f804a50f35be53fbf646ecb75d0211f180f3
SHA256:	4732e7bbf0eb82ab024b4758bab398bb45320f45dbec2073bda054cce01b6d61
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences	JSON data	EB18CA6BDC89457308EB33771166F0A4	A60679CC507BF8A551C584A21EB85B899373AF72	9B8ECE3CAAA7B1A7ABFD76324E29AF1DF73D7F4E29B92A208F1B12054CF25877
C:\Users\user\AppData\Local\Temp\tmp1075.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\Temp\tmp14D0.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\Temp\tmp1EE7.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4	9D46F142BBCF25D0D495FF1F3A7609D3	629BD8CD800F9D5B078B5779654F7CBFA96D4D4E	C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
C:\Users\user\AppData\Local\Temp\tmp267B.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\Temp\tmp3669.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4	9D46F142BBCF25D0D495FF1F3A7609D3	629BD8CD800F9D5B078B5779654F7CBFA96D4D4E	C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
C:\Users\user\AppData\Local\Temp\tmp3697.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\Temp\tmp3978.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\Temp\tmp3B29.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\Temp\tmp3CA9.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\Temp\tmp46F9.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\Temp\tmp4B47.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\Temp\tmp4C6D.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\Temp\tmp587C.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\Temp\tmp5D7A.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\Temp\tmp5EAA.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4	9D46F142BBCF25D0D495FF1F3A7609D3	629BD8CD800F9D5B078B5779654F7CBFA96D4D4E	C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
C:\Users\user\AppData\Local\Temp\tmp67CB.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4	9D46F142BBCF25D0D495FF1F3A7609D3	629BD8CD800F9D5B078B5779654F7CBFA96D4D4E	C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
C:\Users\user\AppData\Local\Temp\tmp6849.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\Temp\tmp7B39.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\Temp\tmp7BFD.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\Temp\tmp7DF7.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4	9D46F142BBCF25D0D495FF1F3A7609D3	629BD8CD800F9D5B078B5779654F7CBFA96D4D4E	C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
C:\Users\user\AppData\Local\Temp\tmp8341.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4	9D46F142BBCF25D0D495FF1F3A7609D3	629BD8CD800F9D5B078B5779654F7CBFA96D4D4E	C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
C:\Users\user\AppData\Local\Temp\tmp85D3.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\Temp\tmp9139.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4	9D46F142BBCF25D0D495FF1F3A7609D3	629BD8CD800F9D5B078B5779654F7CBFA96D4D4E	C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
C:\Users\user\AppData\Local\Temp\tmp9A96.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\Temp\tmp9D57.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\Temp\tmp9E2A.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\Temp\tmp9F7C.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\Temp\tmp9FA5.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\Temp\tmpA256.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4	9D46F142BBCF25D0D495FF1F3A7609D3	629BD8CD800F9D5B078B5779654F7CBFA96D4D4E	C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
C:\Users\user\AppData\Local\Temp\tmpA27F.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\Temp\tmpA652.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\Temp\tmpAA08.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\Temp\tmpAC54.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\Temp\tmpAE56.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\Temp\tmpB201.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4	9D46F142BBCF25D0D495FF1F3A7609D3	629BD8CD800F9D5B078B5779654F7CBFA96D4D4E	C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
C:\Users\user\AppData\Local\Temp\tmpBC4F.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\Temp\tmpC1AF.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\Temp\tmpC2A3.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4	9D46F142BBCF25D0D495FF1F3A7609D3	629BD8CD800F9D5B078B5779654F7CBFA96D4D4E	C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
C:\Users\user\AppData\Local\Temp\tmpC4DF.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\Temp\tmpC756.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\Temp\tmpD407.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\Temp\tmpD64F.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\Temp\tmpD916.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\Temp\tmpDC8Ctmp.zip	Zip archive data, at least v2.0 to extract, compression method=deflate	A0B613A5F726E687A336B190B5ED2E1B	F9031064C1A8C50F795E726A95E5F29F5524B798	AD676C1C422BBE7A026E92BF9E54459D8F21960916379E4C203566FD844AE5F7
C:\Users\user\AppData\Local\Temp\tmpE415.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\Temp\tmpE744.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4	9D46F142BBCF25D0D495FF1F3A7609D3	629BD8CD800F9D5B078B5779654F7CBFA96D4D4E	C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
C:\Users\user\AppData\Local\Temp\tmpEC43.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4	9D46F142BBCF25D0D495FF1F3A7609D3	629BD8CD800F9D5B078B5779654F7CBFA96D4D4E	C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
C:\Users\user\AppData\Local\Temp\tmpECBB.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\Temp\tmpF211.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4	9D46F142BBCF25D0D495FF1F3A7609D3	629BD8CD800F9D5B078B5779654F7CBFA96D4D4E	C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
C:\Users\user\AppData\Local\Temp\tmpF63D.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\Temp\tmpF64D.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\Temp\tmpFB4F.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\Temp\tmpFBC5.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	CFFF4E2B77FC5A18AB6323AF9BF95339	3AA2C2115A8EB4516049600E8832E9BFFE0C2412	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\LICENSE	ASCII text	7A1B9BFB9A7BD6EE388D5666C2248D7C	4C44FF489810B98DBEFC0C7E02855B5638C9C90F	8CB341FCABD04649D7662104D6F952CACA56558CF4A19B349B632E95D3DEBC7A
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\ar\messages.json	JSON data	578BDAF43F355C542B78099A03DA0186	E64358310EC0F6CC1AE088BD4A515E13B9A289AC	7526B9268F3597413942FD1E0D70A549D64013A4B2CA6AB2AC4D49DEDD175FFB
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\bg\messages.json	JSON data	4278741CAD58E316EB05D027A37507FF	FFA02D862BA07D6341708F0F6D91A07C407A0376	81842C2C27276809791D25976C798C733D7C684FC02B233431203A2118F3E106
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\bn\messages.json	JSON data	0FB0571E26A7125C2198BDEED7103B3A	B0397FB019FD976606325BF62E9D1A7DE80D15DD	221440420DC60DF3943C75CF2204287D7AC0917913C8E8CDC481DCEDCF0862A0
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\ca\messages.json	JSON data	AB7DC52815856C292ECE01C77034F5F8	E2A4FBCCAF800B3D5B7E6D66AFEF1B7788601A2E	436D4963DC7C2C3FE898C050EE42DCE052C36D87A83E255B8337F986291A3379
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\cs\messages.json	JSON data	A668C594BF6CD99A1E2EA05A2B9C5DA2	5C50D129F835DDEA878415F93E7B791B9E39ECBA	0E6EC9C806AE73A4E32150E872981FA4F6917D0CA1A6474E95A814F88A66C22E
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\da\messages.json	JSON data	1053F963D62A7C2DE0310AC28C4ECB5E	D55F4E1FD6F111E8B784E80F88A5F1495326DCAE	00D99E1898463CFF5173DA0344BCC869C40FB6EDA0AF0923C095C0780E4F67B5
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\de\messages.json	JSON data	2FEDB89A31145063E6CEC6B698C0F662	B36844B810B392C48E31724FDDEF0F618E50B33E	544626E0FE29E51119087A6E800850A31355182F576E7F3D88189DD791865BAD
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\el\messages.json	JSON data	B1DA977AE4C69DDED1DCEEC024A45A05	0229BE951CE0142DF05EDB4D38C1583E9741C414	ED7F5FCC8B833A4BC69C46AACBAE188E096DF1C3FE8B6FE24C67EEF2CDB82322
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\en\messages.json	JSON data	5949071001EFF2C74A543B2C7F54C097	75879B877C31E93ACADFDE345CE04695CFFE5820	43B5278E365CB9CFE3DC048AF608B8F314CAC5DA96E31C726FF86368F3CBC178
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\es\messages.json	JSON data	3319CF43F8EDCC99B1FEE48FAC5135BC	6AE6BB0BF6D9D0D2AC22D3E472E048B523DF51ED	FF4C0C40459BEC079FB22F71CBCCC3F79E69393604C188BF57172BDA3C674CFF
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\et\messages.json	JSON data	90E818A5F59793F61337E8CCC5311210	352C68C493565EC58CD28A1CE3C6CF9FFB3AAE5B	191F82E759A25A39CE74C38292B01120D8464390846287B66413010B90FDA33F
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\fa\messages.json	JSON data	E86AD9EFB881D09B0C414C08BC5D01BC	E6ED94F8F58BD9FB7CE04742C53E6579DC110ED1	A17A1AE7C308D47FED7FD741B254579C86B883A6ABF61AB82E50A206A51758AF
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\fi\messages.json	JSON data	DF7900E19E620251E3956BB262FB09DC	9ED59A61343B930382D6B4FA11DBB0726FD2434E	C11D78E59F821FE15EE8688D4D08488CA503F127CA47B45686397A7C9C1E566E
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\fr\messages.json	JSON data	56D405BD4CBBC69D18BDEA5A0010EBC0	7C61776CC4AAE122C89AFD21AFB0B4512EC601A8	D9A0F312E931216EB2BB5C34F223D5F573205AB0D1501AEA4C1C4F8633952CBC
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\fy\messages.json	JSON data	6F02D547242512CA723F762B8B02FAC9	5BB24C530848DF0EE0319B15CD4A1F04B8E0942F	B2F153D4DF2DD0EA9A0D04128618F9AE899719B5FCD49DAFE5D8D11C2A58564D
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\he\messages.json	JSON data	CEA848E033F93E334A09F96CC969D0C0	9179308A68C2BCE7A82640BBD41FE4C690B7915B	91A32CBC1BE0B3DB62C4E2B1A9E5DB9DCC9B4EC52C8109FAE0BEEB7F35E2B4A6
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\hi\messages.json	JSON data	83201892E15AA861B248364E980C3FEF	2AAE06DC36CF8A390E1737EB6DF44AE111FD4F3F	41BE00B58BBC6159EA5C226FA6FCA0037F1246BBABBDFC0CC0BA2CFFCA3D9C3B
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\hr\messages.json	JSON data	DA7211ED63AC209A632E247A3A0BBD1C	B2B7EC2D5BDD7D5CA7F034CC81E1161AA08C8F04	91C8BE389ABEBF4B5EAC9EC738CD73424DE0D8EA7612F6930EB5762F55677FB4
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\hu\messages.json	JSON data	3E0A1AA101930118C3F6ADE89BCB9F99	352EF417C0D5C3065DD57E81FC76776A1BB5EE76	0FC1B5A468794620BBE155653D97BF7A537D30A1962F1455163F597813968AA4
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\id\messages.json	JSON data	48F79A5E6B5D940713C279D4FE80A924	C062403EB058E92380E34C2FD9CE7D2BCAF108C5	EDD5EF6DA925F5CA29550B565D6EC991D65393ADDB91BA11721F0CDC4E371FF5
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\it\messages.json	JSON data	FF39A10DF542FA5D8DB29E478FDEB14B	76A2229B75F5C64D9D398D839545B52C8709210D	38EF463203668A131CED247D895D8479D24F0BC2670FFD1DB5824202532CF97B
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\ja\messages.json	JSON data	FDA72BCBC3BFC3D72D3622F6B98CD33E	F9199B2D3CA1E9AF75D7F01A3201A460CCDA93AD	A184FEBF5691D2AD0D35A2A59ED6E3040ED7994DE8BBCC019B4EB5018C4A4067
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\ko\messages.json	JSON data	BBFBCD51CDCBFE7CDF93D13D81232A4F	240123AD33BD2CC0D5F455D6AA2F188DE60C5AB6	A4865511F0B769E1C7A7777D28268AB9F17F1C93B685F17BCFA77C7B2C8D1701
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\nl\messages.json	JSON data	9767D196CCC612EB8E78F32F67E3A7AE	F13499ADD97A1821E78B448676F79157D0F95C4A	CBD0AEAE5EA6D000498EB520795FE172BCDA4451ACE613B3602E8A6D183E8891
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\no\messages.json	JSON data	88A1C9CE4013F28F21809FD0A9B4FD74	423D35ADE437A2E0609CD722F8098F7597E38BF8	73BA191118528622B2998C7F1525F38230AC69CEF786E72D962B95EF2508D98F
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\pl\messages.json	JSON data	FF012D8AB0090447DDB3D5921EBD7E3A	93B55A91D2FAE618C7F257F0CF686E67D9255683	F440CB7C3EC8542480A5031656FB169602D44287FE780B82B12878143AF41B09
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\pt\messages.json	JSON data	C99F3EB72C3D5638806C67A9C0F84DA9	46C8B30BF4E130D063067ABF889D0EFFC60CBC6E	A30870263FA917EC21FC1D1ADE869EC0C2CF6FFA1E2AA6F916BB3F2F8F9B12A4
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\pt_BR\messages.json	JSON data	1E4DB52838BFACDE9CDCC30479F028DA	E17EE1C9B82DE29FBA27753308D419965594E470	5C33EE71CBFA25FE74014D70C547747563BB11BDDB15EC8F062D6F2CEFCF38A2
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\ro\messages.json	JSON data	E264FE9A4D836C9C7CC61C595DAF5273	FF6EFC959E3DE02F03FAD65460849D678AE4AB30	D0D68DFCFD50BE449C9F81D91BD195A2A6AE22DC64512AF0670D2A8D72D8E2A7
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\ru\messages.json	JSON data	0BE4ED6D6B30DA3006D33FB0F4004830	0D14E8A86E22509AD6E31AE6F699442EA9491C83	CD4B54D3DFDE89AA03BCD45935B526C8F9F38CD109088950B54F48ECD1ADB2A3
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\sq\messages.json	JSON data	37845822ECD1F1B65B0ED319106699B4	F2206FFEAFD926EB74036A2A40979F0696AB40D8	9A7E3140F8EF73DCF623E939B32A0DCF8CB8EAC211CCBE8ECA3FCA5A185FDB5F
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\sr\messages.json	JSON data	B9263E012414BBF6EAC5CCEAC6CF1441	93E7D3F9D108E080E0421F20C319A6B8429D0950	CF04AAA3455E9168BC5C2E596519328DFD8DAFD91481770394CC4D7BA7A715C6
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\sv\messages.json	JSON data	06CAEB8E1BA45D066F594DF35201BF66	6D54FCF961DB26008EC50826FB6CB00C783BD41B	AFD7B32CA3703424CB0DF45F6B75EEB212863BFD4BC8EDE9620EB24C14799BE0
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\th\messages.json	JSON data	9A7789EA6B2A36A161F41C29E2249287	C37E56C927CC8D209641EB0BB2A7074E7BE078D8	40EB65E6A802BEE9AE87A3C3A376705BA060609B99B668FAA57F00996BD4E3C8
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\tr\messages.json	JSON data	1B1A64159B9E7753ED2840141EFD611A	204C22BA2FDA458F772FD613F42AE3E14C6E8449	D730D71A6CA0090A07FB7D6EA583ACC830F9F0BDCCFFECD4BF57AFDF26BAF623
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\uk\messages.json	JSON data	3AA7078881FF165531BD7935F0F2F8C1	1702064E920083F918F5F514B522F215185DCECD	A424BB65A794EC3EBDD4339C2C2968D30FF826462C8C692477673EE88E4942B3
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\vi\messages.json	JSON data	C760A2D5BA6DC5BBBD7001295DE673FC	BF7E878CE8E8F822D67DB0FAC433F27C25AC8300	6C8281A2B470D0639D00B821A1F3BC2F41C12DC9E913DC68C6E164768D8C1481
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\zh_CN\messages.json	JSON data	94413C0EF250365727FF521A53C40061	9A521666B35A0AF7464F5E6521584FF0A8FD08C6	2107F1DF343B151EBB2526D1F660D1F92B68E314D16F18DCA45EA080E9598013
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\_locales\zh_TW\messages.json	JSON data	F6FD13F777D90047BC1712F917BC0C00	D1F3E21191ECF1F702993323C94FC24B21186DFA	9259C48E14A20AA8448B117F97692E68780848E9725C25777324177F7845FCC2
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\css\DroidSansMono.woff2	Web Open Font Format (Version 2), TrueType, length 7568, version 1.0	6CB019C7369E46955B3977B7AD272B69	788CEE6C66641A98728A419A985D64743FBDB153	4FBB0D67DE39768AD27B9ACE08BC2BA0EFF7CFBB2C5BBB4C72F4209FB5D4D4CB
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\css\content.css	ASCII text	308485E43E73AD96D60F8CB7061F6AB3	97C8191669D64D1D877645C24E0855A7CF874623	15F8B8CAAD456E78CE3D8C739BF008C4BBEB7193A69D1BF8480AEF92ABB1F249
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\css\content.css.map	JSON data	8F7E653EC88B323ABD0F203CA80817C9	7636A819BEADB909FB2A9301326AC204EA9C8FB1	C9B6C41D29ACEB120B5379DBAFF6C5E5C02E6D8A333A712B1AED0EA7A19E7B14
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\css\import.css	Objective-C source, ASCII text	ED359F38EB2E3EB1151741E75D90A164	33F4BFAA8BF0E034DAB6051E73A42342DB3A57AB	B73274523A8146DE85A6905BB2E683445B445785B5AF55EE5784ECBC7FAAC82B
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\css\import.css.map	JSON data	8CC77F942EBAC942419E2E61BED51EAF	199E37443E46FBCA2C81FB20D02670BA820BF8A9	7F7EBBEC4CEB1F88DAED08715AC2B00DAF8B3A3706B166F1B2AC2854F9A94774
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\css\mocha.css	Unicode text, UTF-8 text	AE2D6E4EB5573750AE90EB7CDFA3F986	3BCA1C379E335BF0A46A0289DB2095C2242526FE	6B88FFF5DD13265D5B6CD175502F33521F299EEAFD44B408CB2686015B63F1F3
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\css\mocha.css.map	JSON data	D92B7B5001B615FF267EA719F0E4B226	1BE9AA517053FDC22276A5DE7A733E9C65F14D9D	BB29A629A73245871E8E4B4E6D28E20BCFC77F70175E31721F50C6B58D5D2BFE
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\css\permissions.css	ASCII text	CF59D642B1352E9EE17A8888DB2A6579	9A61AB004089BA9013B413CD1FA35F3311ABE9B2	E03B00A7C77124D4057CDBBABA92057A32A5E2FA3B9E66E733E25EEE46B000C4
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\css\permissions.css.map	JSON data	4C9DD632F8EBBBAA9AD4709662AEEE8F	BE749EBBED38C54875B81B70A13F41FF71DBFCFB	3F6AECF6F4D4C5E15A81B1709D5718015F8879360B447346E788D2B53D3F9779
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\css\popup.css	ASCII text, with very long lines (311)	D7A6252F505FC409247F5BCEFFC5BAA4	BECF52AE8CC3D607171A6628A8B46E656AA9EF41	48B9F6FF50B2050C2ECDEB15FEB308D46E0FDFFEB5CA32CD36C3807B7EA050CD
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\css\popup.css.map	JSON data	7971DFE574559A23C5AFE2F734368EBD	54576B232E621E7FCBC5BB7975D54A34106FA2BE	57F2074D1BA5E4628532DFAC9240B820E4FC758F5548165DDDD334FB8EA6F654
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\argon.js	ASCII text, with very long lines (47996)	99F4BE953FD8368FD2EC3C83374149AF	2EC7595445F1175FAAE82BFF10BCFEEF7D52B7B4	C4F15A55E8D51EA6B31105F84405510EBEAD434B45BB85CC902906F070DB5797
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\argon.js.map	JSON data	886A8B6D95CD50273A26BBE78C385EFE	33F5296B061B882D7D65CC0F809777676F972912	BD87FB0BEE1440A7AED6B224D2821E18E6028BC637974284D0BD81E6406441B9
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\background.js	ASCII text, with very long lines (65468)	6DCE5C3CBD845994AB8CF934BD515E84	762FA25E461EA2D691683DF966C5AF869B74D37C	81EA5A78236ED1B7B81D7CF9E069584E0C87BF2E86EA2CA11A5B426E728F751F
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\background.js.LICENSE.txt	Unicode text, UTF-8 text, with very long lines (756)	90AA4A2470CEABC6C11EBE4AA1CC2C79	2C2C4356E9905921DB67BE4B358F471261935F17	71CCCCF01420F6D64C1E2F86385F1E3A5BF8981AF5C9220CF9641637CB401CF3
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\background.js.map	ASCII text, with very long lines (65536), with no line terminators	F85E56B67AE14CF0E50F8518E3487BF7	F02A9EBFA03AAC359891EAFCCBBAB4E12BF69E8A	0DCE6E34C75A43A7FEE6671FC3A6DBA1EED7AC61DFB3A11D58BFA6CE36577C91
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\content.js	ASCII text, with very long lines (65536), with no line terminators	FCB868E98523EE058846B2F352B8841D	8E1327140F61FF3ED7B3CF8675A0D55AE5B4AF97	F2BB8193619847084C3A41D7433A18EC79D39BDA06CA22FC164289A142397FA4
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\content.js.map	JSON data	BA260789FD5DA1286DBDEEA217330B27	3E260F5238DEA3CB8E70304ABE1DFE1B6602AE98	E0D1E3C6F4A44CD91176477F956224304297EF40E2AECBAB43023E9C9E574F74
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\import.js	ASCII text, with very long lines (65472)	65120EA1FB47785ED16CFB229CDDB69B	1EC2D2D6094D3CC3B43A6E518DD190A1CD6FE605	009C1823FA088DACEF7730E89B7A63C8E1A7A8C25E3E4E47018E14188E6878F6
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\import.js.LICENSE.txt	Unicode text, UTF-8 text, with very long lines (756)	10D92456D9035F8E7732C9A59FD56973	C83A666335A138C05A9FCA3FC013999369403CD6	787158D513C16741A24AC5D474B069F60B6390D46A01EE6F96B2CD85760941B9
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\import.js.map	ASCII text, with very long lines (65536), with no line terminators	88623105910301F9F655D58271D9E169	2358B625406A6CF507E2C4346F64F545651EE643	814E37A21D4AEBD441AEE346805A569E86FBD23F2920986DBDF3F1A2A4AC9F4F
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\options.js	ASCII text, with very long lines (65471)	A6D4416A12065285B00B958AD6D7BF50	6AC30F40B74381AF820BBCDBA9EAFC4E2E9B5AD6	A499BD9DBDCEC555AE8930CE81DA78B299686112623351D22D52FED7BD1853CD
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\options.js.LICENSE.txt	ASCII text	C39023AF679079F36F8451330716C495	8B4026C1B5C5C08A23E12ECFE320EC3C7A514B36	F057B2ADDFC48CF2BC7AF9A8D11637B7C49859C3BADDBCC754D009A5BFB0F189
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\options.js.map	JSON data	67EFC7B8903036355C3E90BA7392F2F6	672EC183105F44FF0641341C77A614080475446E	4F7349FBC84FCFBF32FBA227622C4BFB6464AA637097B1CD17C703711FD6C96A
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\permissions.js	ASCII text, with very long lines (65467)	2850D0B3B00770F09F73C57CE8E6145A	AE1CE399E0B2CF49B2747C31EDC3724F37886F83	941DB835B985D8451AF57746377775ABA11CFE3FE006E3322AD3B8F9402139EA
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\permissions.js.LICENSE.txt	ASCII text	25B37A7B9B610529014EB9401A42AD1A	6ED040D22A0443A71D493F65B5BAC8E6097ED817	B57711D845E4884B081F1641340954D967AAB78EC264955E58D73C159E736119
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\permissions.js.map	JSON data	AB76465C3D052587342494C47480D1A8	D84C0FCF4C7A19DAB9CBE0DF3ADE98F3F5077898	DB13DAA3F1C36E964F299ADB67903E43CBA45F8BE569886647F2130ABD5A26DE
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\popup.js	ASCII text, with very long lines (65473)	435861249B5DBFF2A3041A967CD6BF5C	07745A0FEEA424642B150D181EDC28B07D3862D1	C52DF2C2751B1494EBC0490067824024494BA24961AA0BC334E94725CB08F04B
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\popup.js.LICENSE.txt	Unicode text, UTF-8 text, with very long lines (756)	77AB2A3770496D0F24028E4F791639A3	B23C0D86A7A3176B3B2C12E63BC87774EA7F1F8C	802C0CB898FDE67417CF7967B9703B3DE7396FB60F3747BEDC1DF261BD8AF43D
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\popup.js.map	ASCII text, with very long lines (65536), with no line terminators	FF9123A546AD88CCD1E0A4E676F1061D	53B2A0B285F55291845581843351576EDD363C2A	5897F6029D960A01D5E57E0E37CCC0D89F74319EB36702471783489DD75EB059
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\qrdebug.js	ASCII text, with very long lines (1119)	C049CE0AB70EE3200E490E50AE83C27C	BC93AB9C5CD40DDC427F7C4AF401FCD13FC39855	1FA868C6A2B9A7A50EF5BCB6CA7055959E400EC9336F7975F18DE0D956ADC421
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\dist\qrdebug.js.map	JSON data	69F959C2C9FB37FF8455E2FD9369EFA1	AD4A8222F2FBFB6DDD597B157EA11D8BBDF74C0C	988100394631EBA7BF6611DF91512689EEB07AA96F67CCDCDAEE8A199472DAC9
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\images\icon.svg	SVG Scalable Vector Graphics image	F74AF44C4025DB049798F06C1435D594	B08BB2032968E6B8EBA829BF24722DFAAC0622AB	D11113A888840C260C5F578CACC03CB435097C00EB8E3CA99B4852CC174B2A98
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\images\icon128.png	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced	8B3DD1075C9406E83691FF5C224832F1	16838B53108624172A7F5CEBC3C362FA5B40A0A2	05DA3F72683D77542E0C6E7A805EE89C42F99984A992DA7F18D18689D43CED20
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\images\icon16.png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	88E80962071C5E0EAFB35367AC130271	5C94058355EFB581A62789AB4B504A04BBF9E23E	61B5CCC8B6530B543B537F6A77E827306572E7ED6F0C3F850579A7739A46B8ED
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\images\icon19.png	PNG image data, 19 x 19, 8-bit/color RGBA, non-interlaced	3BDA1BBD902868EB22FFA68B605C0A3D	3C1CEB99A40AC771E187DFE84883847FC5435334	3C0EBDC376B0D072A62F0AA45964A470E0BC9B3779D5C33B823614A23D410C00
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\images\icon38.png	PNG image data, 38 x 38, 8-bit/color RGBA, non-interlaced	825D11F87E4BC8B2E74F9EC9D208EE6B	3F0CDDB466D0D106331910E1E4B15E43BA7DED8A	2992ABD9C952E1EA90DFDDC5CAD92D65A7ABD21F1BFC9DEBFCBD45E661CDFE60
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\images\icon48.png	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced	1645BF0D3E405804645688F6AC7F6945	7A13CB1BEBCB10481467F8B709904F033C6FE3A6	29199E6183F36A2251A0FF7A10257CA05683EE7E2507FA37A636FDE4D92D0C1C
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\images\scan.gif	GIF image data, version 89a, 300 x 300	8A03F5A835DCB6E17111A2C112114024	53D2DE1CD631F4E5F3547659CC1B0B8BF6E73436	3F98E235D64BF80F906CEBBCA518CCB57660A734D10D40073953D2D890C92A0E
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\manifest-pwa.json	JSON data	4074D115CBDEE09C883C61A4E88776B7	F25A08D8F3F02DFC0C1CD67F6693E64629CF3D39	9C19DE79ACCF71F673EEC5F659019C57E5D5319509B26AF3F78733E46813CE3B
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\manifest.fingerprint	ASCII text, with no line terminators	A9DE6230115CBE63F5AEDFED329FCF06	C96E316C531F93820BA46E645E03F47D227B05F7	C6E6A5D532264D509DC382A88C48782696D7B07FFF847F9330199DC0948CAC13
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\manifest.json	JSON data	70A5CBAAE6110F348B27AE9731B131DE	5391EFD9020D9AFF13C8D079BAB006411F488A95	92B82EFC938D44D71F9FABDA679EEDF8A05CF262DB16CB5B8AB27DACFD69A219
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\schema.json	JSON data	A9B9002F499E977F86431B80109A0DD0	2C69E2D83062406DC5C76C25F4806B60F3099EF6	8B2DB02AAB972E6DCEAF787D93DBCC0FF034704BC5CCD944C5E4394D18551F0A
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\view\argon.html	HTML document, ASCII text	DE1D49C0B1B5412C8030C8B53BBA691E	F389B240E3028BA7BF29F739C39FB6CD0D5D920D	EC4FDD9FF1F4B308589C69D454648624A274E1E5A4A67C62C39B3136AEE0149E
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\view\import.html	HTML document, ASCII text	5D2FDCB3E1E32A34FF5E7242495B0011	43093CC0EBDC5F9C37F96D4C690EF382B2AFE392	965ABA6848C992A4B2F145117323B809ED86B2D5E04CE720742AF6F8FD7EBBC6
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\view\licenses.html	HTML document, ASCII text	E634229DE9A283AE6FFB4CBAC375779C	C1678EF9BCFCF8958181F7CC77699000C285DFCF	B72B66155F468E404143C972C926A0650C8497014409EEED495580698C353B09
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\view\options.html	HTML document, ASCII text	ACE058F5B1EAA8B3914020BA2ECF49A7	F86D4BF2A8C143536045BA9705A5407478C7B4AD	41F9C8BB504E9C330DEA4D640AB5784348788FC218A028EE6DE6B359CF5A3A7A
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\view\permissions.html	HTML document, ASCII text, with CRLF line terminators	6630A819D29E4650267D26A946CAEE33	6B499114BAACAD1ED26A2914972D1C9F62F0F77D	284CFEDA69C6415F37C49FF9F6C4B7CA8F5783A9D15EC0EDEB09D462D4726D8C
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\view\popup.html	HTML document, ASCII text	3815D70620DA980B50DAD76424075E6D	77C7F364960585BF3199899FD28E21C62B0EC7D6	3FBB9F94858E224A476B5163709258D1C7D2FC8FE018DD2CC1B70808414594DB
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\view\qrdebug.html	HTML document, ASCII text, with CRLF line terminators	602C1F2C8C897925EE77CE4FB2AF7B02	5DABB424DCF5C84D79237D6F23FE97C29FE8E77F	04544604912BD6E22B5D4D9A4D69C5EE3A94A829DE4F78D8596EC1E0D85CEDA7
C:\Users\user\AppData\Local\snofla\blg\02a10a9fb79f454eb9b579eb295605f6\view\test.html	HTML document, ASCII text	98E84AC15C842C3E5F08E491FA84D816	A1C61D126702A08FF18196FDB46797CB160C4922	4E386D68E053085A2149CF00315297898457B7421D1BD8DA2059D8A24C686D94

Windows Analysis Report
107.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel
Provided by

Signatures

AV Detection

Cryptography

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted URLs

Windows Analysis Report 107.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel Provided by

Signatures

AV Detection

Cryptography

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted URLs

Windows Analysis Report
107.exe

Malware Threat Intel
Provided by