Windows Analysis Report
Kyuo21uNlG.exe

Overview

General Information

Sample name:	Kyuo21uNlG.exe renamed because original name is a hash value
Original sample name:	a499adf007df84fc58178a1fd861138c078731760bea948501259c8e83e19783.exe
Analysis ID:	1564529
MD5:	2b209f07c6251e367835fbf30e7c348e
SHA1:	cd5534d4871aeba9351941cf548b2e63f492a609
SHA256:	a499adf007df84fc58178a1fd861138c078731760bea948501259c8e83e19783
Tags:	45-141-84-168exeuser-JAMESWT_MHT
Infos:

Detection

RedLine

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected RedLine Stealer

AI detected suspicious sample

Connects to many ports of the same IP (likely port scanning)

Contains functionality to register a low level keyboard hook

Machine Learning detection for sample

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Tries to harvest and steal browser information (history, passwords, etc)

Uses known network protocols on non-standard ports

AV process strings found (often used to terminate AV products)

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains long sleeps (>= 3 min)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

HTTP GET or POST without a user agent

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Malware Threat Intel
Provided by

Name	Description	Attribution	Blogpost URLs	Link
RedLine Stealer	RedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://apophis133.medium.com/redline-technical-analysis-report-5034e16ad152 https://asec.ahnlab.com/en/30445/ https://asec.ahnlab.com/en/35981/ https://asec.ahnlab.com/ko/25837/	https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: Kyuo21uNlG.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: Kyuo21uNlG.exe

ReversingLabs: Detection: 68%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: Kyuo21uNlG.exe

Joe Sandbox ML: detected

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_069ED5BC CryptUnprotectData,		0_2_069ED5BC
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_069EDDC0 CryptUnprotectData,		0_2_069EDDC0

Uses 32bit PE files

Source: Kyuo21uNlG.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe

Code function: 4x nop then jmp 06A2E15Dh

0_2_06A2DB35

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.4:49730 -> 45.141.84.168:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49734 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49738 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49743 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49753 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49732 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49735 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49739 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49755 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49736 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49752 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49749 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49747 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49731 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49744 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49759 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 45.141.84.168:15647 -> 192.168.2.4:49730
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49754 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49757 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49733 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49741 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49750 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49763 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49764 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49761 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49762 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49767 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49756 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49760 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49768 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49758 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49766 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49783 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49793 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49798 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49765 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49737 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49800 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49787 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49804 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49808 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49821 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49825 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49828 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49834 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49839 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49841 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49846 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49852 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49769 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49855 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49860 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49865 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49870 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49813 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49873 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49879 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49882 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.4:49890 -> 45.141.84.168:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49888 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49892 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49896 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.4:49901 -> 45.141.84.168:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49900 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.4:49906 -> 45.141.84.168:15647
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 45.141.84.168:15647 -> 192.168.2.4:49890
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49904 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 45.141.84.168:15647 -> 192.168.2.4:49906
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49909 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.4:49913 -> 45.141.84.168:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49912 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49914 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.4:49916 -> 45.141.84.168:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49917 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 45.141.84.168:15647 -> 192.168.2.4:49916
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 45.141.84.168:15647 -> 192.168.2.4:49913
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49919 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49915 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49918 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49920 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49921 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49922 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.4:49923 -> 45.141.84.168:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49924 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49925 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49926 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49927 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49929 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.4:49931 -> 45.141.84.168:15647
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 45.141.84.168:15647 -> 192.168.2.4:49923
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49930 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49933 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49934 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49935 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49936 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.4:49938 -> 45.141.84.168:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49937 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49939 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49940 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49941 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49942 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.4:49943 -> 45.141.84.168:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49944 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 45.141.84.168:15647 -> 192.168.2.4:49938
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49945 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49946 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49947 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49948 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 45.141.84.168:15647 -> 192.168.2.4:49943
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49949 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.4:49951 -> 45.141.84.168:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49950 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49953 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49954 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.4:49932 -> 45.141.84.168:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49955 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49956 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 45.141.84.168:15647 -> 192.168.2.4:49951
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49957 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 45.141.84.168:15647 -> 192.168.2.4:49932
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49958 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49959 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.4:49961 -> 45.141.84.168:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49960 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49962 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 45.141.84.168:15647 -> 192.168.2.4:49961
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49964 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49965 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49967 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49968 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49970 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49969 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49971 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.4:49973 -> 45.141.84.168:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49974 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49972 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49975 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49977 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49978 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49963 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 45.141.84.168:15647 -> 192.168.2.4:49973
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49979 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49980 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49981 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49982 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49983 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49976 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49985 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49986 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49987 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49988 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49989 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49952 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49966 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49990 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49992 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49993 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49994 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49995 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49996 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49997 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49998 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49999 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:50000 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:50001 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:50002 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49984 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49991 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.4:49928 -> 45.141.84.168:15647
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 45.141.84.168:15647 -> 192.168.2.4:49928

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 45.141.84.168 ports 9000,1,4,5,6,7,15647

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 49937 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 49948 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 49959 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 49982 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 49993 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50002

Detected TCP or UDP traffic on non-standard ports

Source: global traffic

TCP traffic: 192.168.2.4:49730 -> 45.141.84.168:15647

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: MEDIALAND-ASRU MEDIALAND-ASRU

Suricata IDS alerts with low severity for network traffic

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49739 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49736 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49752 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49749 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49744 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49741 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49761 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49758 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49766 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49765 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49800 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49804 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49825 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49834 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49839 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49841 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49846 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49852 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49769 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49855 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49860 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49865 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49870 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49813 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49879 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49882 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49904 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49909 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49919 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49915 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49922 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49930 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49936 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49939 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49940 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49944 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49950 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49953 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49956 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49967 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49971 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49972 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49985 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49996 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49997 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49999 -> 45.141.84.168:9000

Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168

Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive

Source: Kyuo21uNlG.exe, 00000000.00000002.4125805350.00000000027F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://45.141.84.168:9000
Source: Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002892000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.00000000027F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://45.141.84.168:9000/wbinjget?q=8587D7BC4236146899B093C1B42EFE08
Source: Kyuo21uNlG.exe, 00000000.00000002.4125805350.00000000027F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A06000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002ADB000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A6A000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A63000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002AA3000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002C54000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002B38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A06000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002ADB000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A6A000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A63000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002AA3000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002C54000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002B38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A06000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002ADB000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A6A000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A63000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002AA3000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002C54000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002B38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A06000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002ADB000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A6A000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A63000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002AA3000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002C54000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002B38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A06000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002ADB000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A6A000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A63000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002AA3000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002C54000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002B38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A06000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002ADB000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A6A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A63000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002AA3000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002C54000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002B38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtabS
Source: Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A06000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002ADB000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A6A000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A63000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002AA3000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002C54000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002B38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: Kyuo21uNlG.exe, 00000000.00000002.4125805350.00000000027F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pastebin.com/raw/cLika3dt
Source: Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A06000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002ADB000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A6A000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A63000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002AA3000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002C54000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002B38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A06000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002ADB000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A6A000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A63000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002AA3000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002C54000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002B38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality to register a low level keyboard hook

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe

Code function: 0_2_06A22260 SetWindowsHookExW 0000000D,00000000,?,?

0_2_06A22260

System Summary

Malicious sample detected (through community Yara rule)

Source: Kyuo21uNlG.exe, type: SAMPLE	Matched rule: Detects Arechclient2 RAT Author: ditekSHen
Source: 0.0.Kyuo21uNlG.exe.420000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Arechclient2 RAT Author: ditekSHen

Abnormal high CPU Usage

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe

Process Stats: CPU usage > 49%

Detected potential crypto function

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_00B0C880	0_2_00B0C880
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_00B0B01F	0_2_00B0B01F
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_00B01070	0_2_00B01070
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_00B0D110	0_2_00B0D110
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_00B015E0	0_2_00B015E0
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_00B0BD78	0_2_00B0BD78
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_00B0C833	0_2_00B0C833
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_00B0C843	0_2_00B0C843
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_00B0A908	0_2_00B0A908
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_00B0B09E	0_2_00B0B09E
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_00B0D0F3	0_2_00B0D0F3
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_00B01060	0_2_00B01060
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_00B015C3	0_2_00B015C3
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_00B0BD45	0_2_00B0BD45
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_0544E95F	0_2_0544E95F
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_0544F9E8	0_2_0544F9E8
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_054411B8	0_2_054411B8
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_05444CC0	0_2_05444CC0
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06875EC0	0_2_06875EC0
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06876E40	0_2_06876E40
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06878270	0_2_06878270
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06877780	0_2_06877780
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06870FA0	0_2_06870FA0
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_068763E8	0_2_068763E8
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06874838	0_2_06874838
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_0687E440	0_2_0687E440
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_0687A870	0_2_0687A870
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06875590	0_2_06875590
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_068795F0	0_2_068795F0
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_0687E95E	0_2_0687E95E
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06875EAF	0_2_06875EAF
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06870F90	0_2_06870F90
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_068763CE	0_2_068763CE
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06871315	0_2_06871315
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06870007	0_2_06870007
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06874829	0_2_06874829
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06870040	0_2_06870040
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_0687A860	0_2_0687A860
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06879D80	0_2_06879D80
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06879D89	0_2_06879D89
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_068795E0	0_2_068795E0
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_0687351C	0_2_0687351C
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06873538	0_2_06873538
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_0687557F	0_2_0687557F
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06879D7E	0_2_06879D7E
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_069E9E90	0_2_069E9E90
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_069EE8E7	0_2_069EE8E7
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_069E1C08	0_2_069E1C08
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_069E7050	0_2_069E7050
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_069E0040	0_2_069E0040
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_069E11F7	0_2_069E11F7
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_069E9E80	0_2_069E9E80
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_069E5A08	0_2_069E5A08
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_069E0FD0	0_2_069E0FD0
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_069E2B60	0_2_069E2B60
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_069EC8DB	0_2_069EC8DB
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_069EE0D0	0_2_069EE0D0
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_069EBCE5	0_2_069EBCE5
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_069E2838	0_2_069E2838
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_069EBD00	0_2_069EBD00
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A27E80	0_2_06A27E80
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A26798	0_2_06A26798
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A25468	0_2_06A25468
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A2BA70	0_2_06A2BA70
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A273F8	0_2_06A273F8
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A230B0	0_2_06A230B0
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A20828	0_2_06A20828
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A20040	0_2_06A20040
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A2E9EA	0_2_06A2E9EA
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A239E8	0_2_06A239E8
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A2CC28	0_2_06A2CC28
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A2CC38	0_2_06A2CC38
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A2DA99	0_2_06A2DA99
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A273E8	0_2_06A273E8
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A28B5A	0_2_06A28B5A
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A22880	0_2_06A22880
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A2309F	0_2_06A2309F
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A250E8	0_2_06A250E8
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A250D7	0_2_06A250D7
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A20007	0_2_06A20007
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A2081A	0_2_06A2081A
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A239D8	0_2_06A239D8
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_071A7360	0_2_071A7360
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_071AE470	0_2_071AE470
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_071AE480	0_2_071AE480
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_071A58B0	0_2_071A58B0

Sample file is different than original file name gathered from version info

Source: Kyuo21uNlG.exe, 00000000.00000002.4131587435.0000000006DE9000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameUNKNOWN_FILET vs Kyuo21uNlG.exe
Source: Kyuo21uNlG.exe, 00000000.00000002.4124968111.0000000000B6E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs Kyuo21uNlG.exe
Source: Kyuo21uNlG.exe, 00000000.00000000.1673629570.0000000000422000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamebluefin.exe" vs Kyuo21uNlG.exe
Source: Kyuo21uNlG.exe, 00000000.00000002.4125805350.00000000027F1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs Kyuo21uNlG.exe
Source: Kyuo21uNlG.exe	Binary or memory string: OriginalFilenamebluefin.exe" vs Kyuo21uNlG.exe

Uses 32bit PE files

Source: Kyuo21uNlG.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Yara signature match

Source: Kyuo21uNlG.exe, type: SAMPLE	Matched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
Source: 0.0.Kyuo21uNlG.exe.420000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/13@0/1

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe

File created: C:\Users\user\AppData\Local\Yandex

Jump to behavior

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Mutant created: NULL
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Mutant created: \Sessions\1\BaseNamedObjects\a381c7bea27345e09604787bfabaa590

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe

File created: C:\Users\user\AppData\Local\Temp\tmp6B02.tmp

Jump to behavior

Source: Kyuo21uNlG.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: Kyuo21uNlG.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Kyuo21uNlG.exe

ReversingLabs: Detection: 68%

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32

Jump to behavior

Source: Kyuo21uNlG.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_00B0EC5D push eax; iretd	0_2_00B0EC5E
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_069E7A34 push esp; retf	0_2_069E7A35
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_069E8552 push esp; ret	0_2_069E8559
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_071AC5DD push dword ptr [ecx+ecx-75h]; iretd	0_2_071AC5E3
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_071A0880 push es; ret	0_2_071A0890

Source: Kyuo21uNlG.exe

Static PE information: section name: .text entropy: 6.816467095523557

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 49937 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 49948 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 49959 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 49982 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 49993 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50002

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Memory allocated: B00000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Memory allocated: 27F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Memory allocated: 47F0000 memory reserve \| memory write watch	Jump to behavior

Contains long sleeps (>= 3 min)

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 600000			Jump to behavior

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Window / User API: threadDelayed 2695			Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Window / User API: threadDelayed 6981			Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7364	Thread sleep time: -28592453314249787s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7364	Thread sleep time: -240000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7364	Thread sleep time: -59891s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7364	Thread sleep time: -59782s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7364	Thread sleep time: -59672s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -42901s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7364	Thread sleep time: -59563s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7364	Thread sleep time: -59453s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7364	Thread sleep time: -59344s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -36807s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7364	Thread sleep time: -59235s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -56014s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7364	Thread sleep time: -59125s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -58548s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7364	Thread sleep time: -59014s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -52909s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7364	Thread sleep time: -58907s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7364	Thread sleep time: -58793s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -39089s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7364	Thread sleep time: -58684s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -34074s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -40730s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -40495s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -51757s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -41174s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -42683s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -54993s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -31133s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -35473s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -45433s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -34951s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -45781s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -50458s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -57833s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7468	Thread sleep time: -420000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -31297s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -52741s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -47750s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -37200s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -55234s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7460	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -34005s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -57039s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -51041s >= -30000s	Jump to behavior

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 59891	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 59782	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 59672	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 42901	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 59563	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 59453	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 59344	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 36807	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 59235	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 56014	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 59125	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 58548	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 59014	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 52909	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 58907	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 58793	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 39089	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 58684	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 34074	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 40730	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 40495	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 51757	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 41174	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 42683	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 54993	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 31133	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 35473	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 45433	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 34951	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 45781	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 50458	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 57833	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 31297	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 52741	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 47750	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 37200	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 55234	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 34005	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 57039	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 51041	Jump to behavior

Source: Kyuo21uNlG.exe, 00000000.00000002.4124968111.0000000000C02000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe

Process information queried: ProcessInformation

Jump to behavior

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe

Code function: 0_2_068729B8 LdrInitializeThunk,

0_2_068729B8

Enables debug privileges

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe

Memory allocated: page read and write | page guard

Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Queries volume information: C:\Users\user\Desktop\Kyuo21uNlG.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

AV process strings found (often used to terminate AV products)

Source: Kyuo21uNlG.exe, 00000000.00000002.4130405457.0000000005DA4000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

Stealing of Sensitive Information

Yara detected RedLine Stealer

Source: Yara match	File source: Kyuo21uNlG.exe, type: SAMPLE
Source: Yara match	File source: 0.0.Kyuo21uNlG.exe.420000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1673629570.0000000000422000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Kyuo21uNlG.exe PID: 7340, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior

Yara detected Credential Stealer

Source: Yara match	File source: Kyuo21uNlG.exe, type: SAMPLE
Source: Yara match	File source: 0.0.Kyuo21uNlG.exe.420000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1673629570.0000000000422000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Kyuo21uNlG.exe PID: 7340, type: MEMORYSTR

Remote Access Functionality

Yara detected RedLine Stealer

Source: Yara match	File source: Kyuo21uNlG.exe, type: SAMPLE
Source: Yara match	File source: 0.0.Kyuo21uNlG.exe.420000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1673629570.0000000000422000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Kyuo21uNlG.exe PID: 7340, type: MEMORYSTR

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
45.141.84.168	unknown	Russian Federation		206728	MEDIALAND-ASRU	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://45.141.84.168:9000/wbinjget?q=8587D7BC4236146899B093C1B42EFE08	true	Avira URL Cloud: safe	unknown

AV Detection

Antivirus / Scanner detection for submitted sample

Source: Kyuo21uNlG.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: Kyuo21uNlG.exe

ReversingLabs: Detection: 68%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: Kyuo21uNlG.exe

Joe Sandbox ML: detected

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_069ED5BC CryptUnprotectData,		0_2_069ED5BC
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_069EDDC0 CryptUnprotectData,		0_2_069EDDC0

Uses 32bit PE files

Source: Kyuo21uNlG.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe

Code function: 4x nop then jmp 06A2E15Dh

0_2_06A2DB35

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.4:49730 -> 45.141.84.168:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49734 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49738 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49743 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49753 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49732 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49735 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49739 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49755 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49736 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49752 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49749 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49747 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49731 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49744 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49759 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 45.141.84.168:15647 -> 192.168.2.4:49730
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49754 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49757 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49733 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49741 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49750 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49763 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49764 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49761 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49762 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49767 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49756 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49760 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49768 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49758 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49766 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49783 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49793 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49798 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49765 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49737 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49800 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49787 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49804 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49808 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49821 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49825 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49828 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49834 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49839 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49841 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49846 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49852 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49769 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49855 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49860 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49865 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49870 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49813 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49873 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49879 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49882 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.4:49890 -> 45.141.84.168:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49888 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49892 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49896 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.4:49901 -> 45.141.84.168:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49900 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.4:49906 -> 45.141.84.168:15647
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 45.141.84.168:15647 -> 192.168.2.4:49890
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49904 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 45.141.84.168:15647 -> 192.168.2.4:49906
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49909 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.4:49913 -> 45.141.84.168:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49912 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49914 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.4:49916 -> 45.141.84.168:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49917 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 45.141.84.168:15647 -> 192.168.2.4:49916
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 45.141.84.168:15647 -> 192.168.2.4:49913
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49919 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49915 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49918 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49920 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49921 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49922 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.4:49923 -> 45.141.84.168:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49924 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49925 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49926 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49927 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49929 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.4:49931 -> 45.141.84.168:15647
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 45.141.84.168:15647 -> 192.168.2.4:49923
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49930 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49933 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49934 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49935 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49936 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.4:49938 -> 45.141.84.168:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49937 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49939 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49940 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49941 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49942 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.4:49943 -> 45.141.84.168:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49944 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 45.141.84.168:15647 -> 192.168.2.4:49938
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49945 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49946 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49947 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49948 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 45.141.84.168:15647 -> 192.168.2.4:49943
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49949 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.4:49951 -> 45.141.84.168:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49950 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49953 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49954 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.4:49932 -> 45.141.84.168:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49955 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49956 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 45.141.84.168:15647 -> 192.168.2.4:49951
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49957 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 45.141.84.168:15647 -> 192.168.2.4:49932
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49958 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49959 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.4:49961 -> 45.141.84.168:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49960 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49962 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 45.141.84.168:15647 -> 192.168.2.4:49961
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49964 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49965 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49967 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49968 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49970 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49969 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49971 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.4:49973 -> 45.141.84.168:15647
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49974 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49972 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49975 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49977 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49978 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49963 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 45.141.84.168:15647 -> 192.168.2.4:49973
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49979 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49980 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49981 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49982 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49983 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49976 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49985 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49986 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49987 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49988 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49989 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49952 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49966 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49990 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49992 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49993 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49994 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49995 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49996 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49997 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49998 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49999 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:50000 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:50001 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:50002 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49984 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2052248 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET) : 192.168.2.4:49991 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2051910 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity : 192.168.2.4:49928 -> 45.141.84.168:15647
Source: Network traffic	Suricata IDS: 2029217 - Severity 1 - ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init : 45.141.84.168:15647 -> 192.168.2.4:49928

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 45.141.84.168 ports 9000,1,4,5,6,7,15647

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 49937 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 49948 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 49959 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 49982 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 49993 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50002

Detected TCP or UDP traffic on non-standard ports

Source: global traffic

TCP traffic: 192.168.2.4:49730 -> 45.141.84.168:15647

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: MEDIALAND-ASRU MEDIALAND-ASRU

Suricata IDS alerts with low severity for network traffic

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49739 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49736 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49752 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49749 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49744 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49741 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49761 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49758 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49766 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49765 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49800 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49804 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49825 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49834 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49839 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49841 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49846 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49852 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49769 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49855 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49860 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49865 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49870 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49813 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49879 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49882 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49904 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49909 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49919 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49915 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49922 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49930 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49936 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49939 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49940 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49944 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49950 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49953 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49956 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49967 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49971 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49972 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49985 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49996 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49997 -> 45.141.84.168:9000
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49999 -> 45.141.84.168:9000

Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168
Source: unknown	TCP traffic detected without corresponding DNS query: 45.141.84.168

Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wbinjget?q=8587D7BC4236146899B093C1B42EFE08 HTTP/1.1Host: 45.141.84.168:9000Connection: Keep-Alive

Source: Kyuo21uNlG.exe, 00000000.00000002.4125805350.00000000027F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://45.141.84.168:9000
Source: Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002892000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.00000000027F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://45.141.84.168:9000/wbinjget?q=8587D7BC4236146899B093C1B42EFE08
Source: Kyuo21uNlG.exe, 00000000.00000002.4125805350.00000000027F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A06000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002ADB000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A6A000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A63000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002AA3000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002C54000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002B38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A06000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002ADB000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A6A000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A63000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002AA3000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002C54000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002B38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A06000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002ADB000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A6A000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A63000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002AA3000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002C54000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002B38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A06000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002ADB000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A6A000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A63000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002AA3000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002C54000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002B38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A06000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002ADB000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A6A000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A63000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002AA3000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002C54000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002B38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A06000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002ADB000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A6A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A63000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002AA3000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002C54000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002B38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtabS
Source: Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A06000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002ADB000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A6A000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A63000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002AA3000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002C54000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002B38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: Kyuo21uNlG.exe, 00000000.00000002.4125805350.00000000027F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pastebin.com/raw/cLika3dt
Source: Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A06000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002ADB000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A6A000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A63000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002AA3000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002C54000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002B38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A06000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002ADB000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A6A000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002A63000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002AA3000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002C54000.00000004.00000800.00020000.00000000.sdmp, Kyuo21uNlG.exe, 00000000.00000002.4125805350.0000000002B38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality to register a low level keyboard hook

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe

Code function: 0_2_06A22260 SetWindowsHookExW 0000000D,00000000,?,?

0_2_06A22260

System Summary

Malicious sample detected (through community Yara rule)

Source: Kyuo21uNlG.exe, type: SAMPLE	Matched rule: Detects Arechclient2 RAT Author: ditekSHen
Source: 0.0.Kyuo21uNlG.exe.420000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Arechclient2 RAT Author: ditekSHen

Abnormal high CPU Usage

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe

Process Stats: CPU usage > 49%

Detected potential crypto function

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_00B0C880	0_2_00B0C880
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_00B0B01F	0_2_00B0B01F
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_00B01070	0_2_00B01070
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_00B0D110	0_2_00B0D110
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_00B015E0	0_2_00B015E0
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_00B0BD78	0_2_00B0BD78
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_00B0C833	0_2_00B0C833
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_00B0C843	0_2_00B0C843
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_00B0A908	0_2_00B0A908
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_00B0B09E	0_2_00B0B09E
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_00B0D0F3	0_2_00B0D0F3
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_00B01060	0_2_00B01060
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_00B015C3	0_2_00B015C3
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_00B0BD45	0_2_00B0BD45
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_0544E95F	0_2_0544E95F
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_0544F9E8	0_2_0544F9E8
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_054411B8	0_2_054411B8
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_05444CC0	0_2_05444CC0
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06875EC0	0_2_06875EC0
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06876E40	0_2_06876E40
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06878270	0_2_06878270
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06877780	0_2_06877780
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06870FA0	0_2_06870FA0
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_068763E8	0_2_068763E8
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06874838	0_2_06874838
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_0687E440	0_2_0687E440
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_0687A870	0_2_0687A870
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06875590	0_2_06875590
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_068795F0	0_2_068795F0
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_0687E95E	0_2_0687E95E
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06875EAF	0_2_06875EAF
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06870F90	0_2_06870F90
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_068763CE	0_2_068763CE
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06871315	0_2_06871315
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06870007	0_2_06870007
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06874829	0_2_06874829
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06870040	0_2_06870040
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_0687A860	0_2_0687A860
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06879D80	0_2_06879D80
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06879D89	0_2_06879D89
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_068795E0	0_2_068795E0
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_0687351C	0_2_0687351C
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06873538	0_2_06873538
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_0687557F	0_2_0687557F
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06879D7E	0_2_06879D7E
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_069E9E90	0_2_069E9E90
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_069EE8E7	0_2_069EE8E7
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_069E1C08	0_2_069E1C08
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_069E7050	0_2_069E7050
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_069E0040	0_2_069E0040
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_069E11F7	0_2_069E11F7
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_069E9E80	0_2_069E9E80
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_069E5A08	0_2_069E5A08
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_069E0FD0	0_2_069E0FD0
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_069E2B60	0_2_069E2B60
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_069EC8DB	0_2_069EC8DB
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_069EE0D0	0_2_069EE0D0
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_069EBCE5	0_2_069EBCE5
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_069E2838	0_2_069E2838
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_069EBD00	0_2_069EBD00
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A27E80	0_2_06A27E80
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A26798	0_2_06A26798
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A25468	0_2_06A25468
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A2BA70	0_2_06A2BA70
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A273F8	0_2_06A273F8
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A230B0	0_2_06A230B0
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A20828	0_2_06A20828
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A20040	0_2_06A20040
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A2E9EA	0_2_06A2E9EA
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A239E8	0_2_06A239E8
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A2CC28	0_2_06A2CC28
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A2CC38	0_2_06A2CC38
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A2DA99	0_2_06A2DA99
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A273E8	0_2_06A273E8
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A28B5A	0_2_06A28B5A
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A22880	0_2_06A22880
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A2309F	0_2_06A2309F
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A250E8	0_2_06A250E8
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A250D7	0_2_06A250D7
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A20007	0_2_06A20007
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A2081A	0_2_06A2081A
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_06A239D8	0_2_06A239D8
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_071A7360	0_2_071A7360
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_071AE470	0_2_071AE470
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_071AE480	0_2_071AE480
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_071A58B0	0_2_071A58B0

Sample file is different than original file name gathered from version info

Source: Kyuo21uNlG.exe, 00000000.00000002.4131587435.0000000006DE9000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameUNKNOWN_FILET vs Kyuo21uNlG.exe
Source: Kyuo21uNlG.exe, 00000000.00000002.4124968111.0000000000B6E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs Kyuo21uNlG.exe
Source: Kyuo21uNlG.exe, 00000000.00000000.1673629570.0000000000422000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamebluefin.exe" vs Kyuo21uNlG.exe
Source: Kyuo21uNlG.exe, 00000000.00000002.4125805350.00000000027F1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs Kyuo21uNlG.exe
Source: Kyuo21uNlG.exe	Binary or memory string: OriginalFilenamebluefin.exe" vs Kyuo21uNlG.exe

Uses 32bit PE files

Source: Kyuo21uNlG.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Yara signature match

Source: Kyuo21uNlG.exe, type: SAMPLE	Matched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
Source: 0.0.Kyuo21uNlG.exe.420000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/13@0/1

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe

File created: C:\Users\user\AppData\Local\Yandex

Jump to behavior

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Mutant created: NULL
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Mutant created: \Sessions\1\BaseNamedObjects\a381c7bea27345e09604787bfabaa590

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe

File created: C:\Users\user\AppData\Local\Temp\tmp6B02.tmp

Jump to behavior

Source: Kyuo21uNlG.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: Kyuo21uNlG.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Kyuo21uNlG.exe

ReversingLabs: Detection: 68%

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32

Jump to behavior

Source: Kyuo21uNlG.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_00B0EC5D push eax; iretd	0_2_00B0EC5E
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_069E7A34 push esp; retf	0_2_069E7A35
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_069E8552 push esp; ret	0_2_069E8559
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_071AC5DD push dword ptr [ecx+ecx-75h]; iretd	0_2_071AC5E3
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Code function: 0_2_071A0880 push es; ret	0_2_071A0890

Source: Kyuo21uNlG.exe

Static PE information: section name: .text entropy: 6.816467095523557

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 49937 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 49948 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 49959 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 49982 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 49993 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 50002

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Memory allocated: B00000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Memory allocated: 27F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Memory allocated: 47F0000 memory reserve \| memory write watch	Jump to behavior

Contains long sleeps (>= 3 min)

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 600000			Jump to behavior

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Window / User API: threadDelayed 2695			Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Window / User API: threadDelayed 6981			Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7364	Thread sleep time: -28592453314249787s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7364	Thread sleep time: -240000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7364	Thread sleep time: -59891s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7364	Thread sleep time: -59782s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7364	Thread sleep time: -59672s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -42901s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7364	Thread sleep time: -59563s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7364	Thread sleep time: -59453s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7364	Thread sleep time: -59344s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -36807s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7364	Thread sleep time: -59235s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -56014s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7364	Thread sleep time: -59125s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -58548s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7364	Thread sleep time: -59014s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -52909s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7364	Thread sleep time: -58907s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7364	Thread sleep time: -58793s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -39089s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7364	Thread sleep time: -58684s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -34074s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -40730s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -40495s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -51757s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -41174s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -42683s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -54993s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -31133s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -35473s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -45433s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -34951s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -45781s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -50458s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -57833s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7468	Thread sleep time: -420000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -31297s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -52741s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -47750s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -37200s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -55234s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7460	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -34005s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -57039s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe TID: 7344	Thread sleep time: -51041s >= -30000s	Jump to behavior

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 59891	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 59782	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 59672	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 42901	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 59563	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 59453	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 59344	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 36807	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 59235	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 56014	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 59125	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 58548	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 59014	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 52909	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 58907	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 58793	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 39089	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 58684	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 34074	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 40730	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 40495	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 51757	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 41174	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 42683	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 54993	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 31133	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 35473	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 45433	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 34951	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 45781	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 50458	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 57833	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 31297	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 52741	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 47750	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 37200	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 55234	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 34005	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 57039	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Thread delayed: delay time: 51041	Jump to behavior

Source: Kyuo21uNlG.exe, 00000000.00000002.4124968111.0000000000C02000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe

Process information queried: ProcessInformation

Jump to behavior

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe

Code function: 0_2_068729B8 LdrInitializeThunk,

0_2_068729B8

Enables debug privileges

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe

Memory allocated: page read and write | page guard

Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Queries volume information: C:\Users\user\Desktop\Kyuo21uNlG.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

AV process strings found (often used to terminate AV products)

Source: Kyuo21uNlG.exe, 00000000.00000002.4130405457.0000000005DA4000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

Stealing of Sensitive Information

Yara detected RedLine Stealer

Source: Yara match	File source: Kyuo21uNlG.exe, type: SAMPLE
Source: Yara match	File source: 0.0.Kyuo21uNlG.exe.420000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1673629570.0000000000422000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Kyuo21uNlG.exe PID: 7340, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\Kyuo21uNlG.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior

Yara detected Credential Stealer

Source: Yara match	File source: Kyuo21uNlG.exe, type: SAMPLE
Source: Yara match	File source: 0.0.Kyuo21uNlG.exe.420000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1673629570.0000000000422000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Kyuo21uNlG.exe PID: 7340, type: MEMORYSTR

Remote Access Functionality

Yara detected RedLine Stealer

Source: Yara match	File source: Kyuo21uNlG.exe, type: SAMPLE
Source: Yara match	File source: 0.0.Kyuo21uNlG.exe.420000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1673629570.0000000000422000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Kyuo21uNlG.exe PID: 7340, type: MEMORYSTR

ID:	1564529
Product:	CloudBasic
Start time:	13:38:10
Start date:	28.11.2024
Sample:	Kyuo21uNlG.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	2b209f07c6251e367835fbf30e7c348e
SHA1:	cd5534d4871aeba9351941cf548b2e63f492a609
SHA256:	a499adf007df84fc58178a1fd861138c078731760bea948501259c8e83e19783
Filetype:	Win32 Executable (generic) Net Framework (10011505/4) 49.80%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Temp\tmp1DFD.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11	41EA9A4112F057AE6BA17E2838AEAC26	F2B389103BFD1A1A050C4857A995B09FEAFE8903	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
C:\Users\user\AppData\Local\Temp\tmp3E61.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11	41EA9A4112F057AE6BA17E2838AEAC26	F2B389103BFD1A1A050C4857A995B09FEAFE8903	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
C:\Users\user\AppData\Local\Temp\tmp4338.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11	41EA9A4112F057AE6BA17E2838AEAC26	F2B389103BFD1A1A050C4857A995B09FEAFE8903	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
C:\Users\user\AppData\Local\Temp\tmp44D3.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11	41EA9A4112F057AE6BA17E2838AEAC26	F2B389103BFD1A1A050C4857A995B09FEAFE8903	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
C:\Users\user\AppData\Local\Temp\tmp5350.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11	41EA9A4112F057AE6BA17E2838AEAC26	F2B389103BFD1A1A050C4857A995B09FEAFE8903	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
C:\Users\user\AppData\Local\Temp\tmp6B02.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11	41EA9A4112F057AE6BA17E2838AEAC26	F2B389103BFD1A1A050C4857A995B09FEAFE8903	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
C:\Users\user\AppData\Local\Temp\tmp797A.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11	41EA9A4112F057AE6BA17E2838AEAC26	F2B389103BFD1A1A050C4857A995B09FEAFE8903	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
C:\Users\user\AppData\Local\Temp\tmp919.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11	41EA9A4112F057AE6BA17E2838AEAC26	F2B389103BFD1A1A050C4857A995B09FEAFE8903	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
C:\Users\user\AppData\Local\Temp\tmpC141.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11	41EA9A4112F057AE6BA17E2838AEAC26	F2B389103BFD1A1A050C4857A995B09FEAFE8903	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
C:\Users\user\AppData\Local\Temp\tmpE99F.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11	41EA9A4112F057AE6BA17E2838AEAC26	F2B389103BFD1A1A050C4857A995B09FEAFE8903	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
C:\Users\user\AppData\Local\Temp\tmpEA59.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11	41EA9A4112F057AE6BA17E2838AEAC26	F2B389103BFD1A1A050C4857A995B09FEAFE8903	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
C:\Users\user\AppData\Local\Temp\tmpEAB.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11	41EA9A4112F057AE6BA17E2838AEAC26	F2B389103BFD1A1A050C4857A995B09FEAFE8903	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
C:\Users\user\AppData\Local\Temp\tmpF4BA.tmp	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11	41EA9A4112F057AE6BA17E2838AEAC26	F2B389103BFD1A1A050C4857A995B09FEAFE8903	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB

Windows Analysis Report
Kyuo21uNlG.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel
Provided by

Signatures

AV Detection

Cryptography

Compliance

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted URLs

Windows Analysis Report Kyuo21uNlG.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel Provided by

Signatures

AV Detection

Cryptography

Compliance

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted URLs

Windows Analysis Report
Kyuo21uNlG.exe

Malware Threat Intel
Provided by