Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
6kK89mR2aq.exe

Overview

General Information

Sample name:6kK89mR2aq.exe
renamed because original name is a hash value
Original sample name:a5e9ab2933afc9101a7820d86782f4c53e7acf184b826fd6f2a00d2b783a8bdd.exe
Analysis ID:1590649
MD5:e84b8e2e0d95efe78553161d97a7ef11
SHA1:62f3f1d1abd3fc522dc0fbb757ea79de60afbf4a
SHA256:a5e9ab2933afc9101a7820d86782f4c53e7acf184b826fd6f2a00d2b783a8bdd
Tags:bot7135076584exeuser-JAMESWT_MHT
Infos:

Detection

Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Sigma detected: Potential Data Stealing Via Chromium Headless Debugging
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Sample file is different than original file name gathered from version info
Searches for user specific document files
Sigma detected: Browser Execution In Headless Mode
Sigma detected: Browser Started with Remote Debugging
Suricata IDS alerts with low severity for network traffic

Classification

Process Tree

  • System is w10x64
  • 6kK89mR2aq.exe (PID: 7608 cmdline: "C:\Users\user\Desktop\6kK89mR2aq.exe" MD5: E84B8E2E0D95EFE78553161D97A7EF11)
    • chrome.exe (PID: 7720 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9577 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 7940 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1532 --field-trial-handle=1480,i,10141797464930735019,2123259764486349599,262144 --disable-features=PaintHolding /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • msedge.exe (PID: 7292 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9414 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000 MD5: 69222B8101B0601CC6663F8381E7E00F)
      • msedge.exe (PID: 7352 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1508 --field-trial-handle=1460,i,2016451024205536265,1915293068079400894,262144 --disable-features=PaintHolding /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\netstandard.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
    C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

        Sigma Signatures

        System Summary

        barindex
        Sigma detected: Potential Data Stealing Via Chromium Headless Debugging
        Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9577 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000, CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9577 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000, CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\6kK89mR2aq.exe", ParentImage: C:\Users\user\Desktop\6kK89mR2aq.exe, ParentProcessId: 7608, ParentProcessName: 6kK89mR2aq.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9577 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000, ProcessId: 7720, ProcessName: chrome.exe
        Sigma detected: Browser Execution In Headless Mode
        Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9577 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000, CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9577 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000, CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\6kK89mR2aq.exe", ParentImage: C:\Users\user\Desktop\6kK89mR2aq.exe, ParentProcessId: 7608, ParentProcessName: 6kK89mR2aq.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9577 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000, ProcessId: 7720, ProcessName: chrome.exe
        Sigma detected: Browser Started with Remote Debugging
        Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9577 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000, CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9577 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000, CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\6kK89mR2aq.exe", ParentImage: C:\Users\user\Desktop\6kK89mR2aq.exe, ParentProcessId: 7608, ParentProcessName: 6kK89mR2aq.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9577 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000, ProcessId: 7720, ProcessName: chrome.exe

        Suricata Signatures

        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2025-01-14T12:47:02.642594+010028033053Unknown Traffic192.168.2.449754172.67.74.152443TCP
        2025-01-14T12:47:03.257020+010028033053Unknown Traffic192.168.2.449760172.67.74.152443TCP
        2025-01-14T12:47:03.804357+010028033053Unknown Traffic192.168.2.449762208.95.112.180TCP
        2025-01-14T12:47:04.452828+010028033053Unknown Traffic192.168.2.449768172.67.74.152443TCP
        2025-01-14T12:47:05.065334+010028033053Unknown Traffic192.168.2.449774172.67.74.152443TCP
        2025-01-14T12:47:05.226217+010028033053Unknown Traffic192.168.2.449762208.95.112.180TCP

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Multi AV Scanner detection for submitted file
        Source: 6kK89mR2aq.exeVirustotal: Detection: 38%Perma Link
        Source: 6kK89mR2aq.exeReversingLabs: Detection: 44%
        AI detected suspicious sample
        Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.0% probability
        Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.4:49754 version: TLS 1.2
        Source: 6kK89mR2aq.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XmlSerializer\Release\net8.0\System.Xml.XmlSerializer.pdbSHA256{2 source: System.Xml.XmlSerializer.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Thread\Release\net8.0\System.Threading.Thread.pdb source: System.Threading.Thread.dll.0.dr
        Source: Binary string: System.Net.Sockets.ni.pdb source: System.Net.Sockets.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Csp/Release/net8.0-windows/System.Security.Cryptography.Csp.pdbSHA256 source: System.Security.Cryptography.Csp.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.ProtectedData/Release/net8.0/System.Security.Cryptography.ProtectedData.pdb source: System.Security.Cryptography.ProtectedData.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XmlSerializer\Release\net8.0\System.Xml.XmlSerializer.pdb source: System.Xml.XmlSerializer.dll.0.dr
        Source: Binary string: E:\A\_work\410\s\bin\obj\Windows_NT.x64.Release\Native\sni\Release\sni.pdb@@@GCTL source: sni.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Metadata\Release\net8.0\System.Reflection.Metadata.pdb source: System.Reflection.Metadata.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit.Lightweight\Release\net8.0\System.Reflection.Emit.Lightweight.pdb source: System.Reflection.Emit.Lightweight.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Permissions/netcoreapp3.0-Release/System.Security.Permissions.pdbSHA256 source: System.Security.Permissions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Csp/Release/net8.0-windows/System.Security.Cryptography.Csp.pdb source: System.Security.Cryptography.Csp.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.Contracts\Release\net8.0\System.Diagnostics.Contracts.pdbSHA256 source: System.Diagnostics.Contracts.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.DiagnosticSource\Release\net8.0\System.Diagnostics.DiagnosticSource.pdbSHA256P?> source: System.Diagnostics.DiagnosticSource.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Security.Cryptography\Release\net8.0-windows\System.Security.Cryptography.pdb source: System.Security.Cryptography.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Collections.Immutable\Release\net8.0\System.Collections.Immutable.pdb source: System.Collections.Immutable.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime\Release\net8.0\System.Runtime.pdbSHA256 source: System.Runtime.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.VisualC\Release\net8.0\System.Runtime.CompilerServices.VisualC.pdb source: System.Runtime.CompilerServices.VisualC.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XDocument\Release\net8.0\System.Xml.XDocument.pdbSHA256 source: System.Xml.XDocument.dll.0.dr
        Source: Binary string: System.Net.Security.ni.pdb source: System.Net.Security.dll.0.dr
        Source: Binary string: System.ObjectModel.ni.pdb source: System.ObjectModel.dll.0.dr
        Source: Binary string: System.IO.MemoryMappedFiles.ni.pdb source: System.IO.MemoryMappedFiles.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Serialization.Formatters\Release\net8.0\System.Runtime.Serialization.Formatters.pdbSHA256 source: System.Runtime.Serialization.Formatters.dll.0.dr
        Source: Binary string: System.Private.Xml.Linq.ni.pdb source: System.Private.Xml.Linq.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.VisualC\Release\net8.0\System.Runtime.CompilerServices.VisualC.pdbSHA256= source: System.Runtime.CompilerServices.VisualC.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Principal/Release/net8.0-windows/System.Security.Principal.pdbSHA256 source: System.Security.Principal.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Principal/Release/net8.0-windows/System.Security.Principal.pdb source: System.Security.Principal.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Numerics.Vectors\Release\net8.0\System.Numerics.Vectors.pdbSHA256 source: System.Numerics.Vectors.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.CodeDom/Release/net8.0/System.CodeDom.pdb source: System.CodeDom.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Http\Release\net8.0-windows\System.Net.Http.pdbSHA256 source: System.Net.Http.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Loader\Release\net8.0\System.Runtime.Loader.pdb source: System.Runtime.Loader.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.SecureString/Release/net8.0-windows/System.Security.SecureString.pdb source: System.Security.SecureString.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Private.Uri\Release\net8.0\System.Private.Uri.pdb source: System.Private.Uri.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebProxy\Release\net8.0\System.Net.WebProxy.pdbSHA256<q source: System.Net.WebProxy.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Primitives\Release\net8.0-windows\System.Net.Primitives.pdb source: System.Net.Primitives.dll.0.dr
        Source: Binary string: C:\dev\sqlite\dotnet-private\System.Data.SQLite.Linq\obj\Release\netstandard2.1\System.Data.SQLite.EF6.pdbSHA256 source: System.Data.SQLite.EF6.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Dynamic.Runtime/Release/net8.0-windows/System.Dynamic.Runtime.pdb source: System.Dynamic.Runtime.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Numerics/Release/net8.0-windows/System.Numerics.pdbSHA256<t source: System.Numerics.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Drawing.Common/netcoreapp3.0-Windows_NT-Release/System.Drawing.Common.pdb source: System.Drawing.Common.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Runtime.CompilerServices.Unsafe/Release/net8.0-windows/System.Runtime.CompilerServices.Unsafe.pdb source: System.Runtime.CompilerServices.Unsafe.dll.0.dr
        Source: Binary string: System.Runtime.Serialization.Primitives.ni.pdb source: System.Runtime.Serialization.Primitives.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Reflection.Extensions/Release/net8.0-windows/System.Reflection.Extensions.pdb source: System.Reflection.Extensions.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading\Release\net8.0\System.Threading.pdb source: System.Threading.dll.0.dr
        Source: Binary string: System.Reflection.TypeExtensions.ni.pdb source: System.Reflection.TypeExtensions.dll.0.dr
        Source: Binary string: System.Net.Mail.ni.pdb source: System.Net.Mail.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Diagnostics.Tools/Release/net8.0-windows/System.Diagnostics.Tools.pdbSHA256 source: System.Diagnostics.Tools.dll.0.dr
        Source: Binary string: System.Text.RegularExpressions.ni.pdb source: System.Text.RegularExpressions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.IO.FileSystem.Primitives/Release/net8.0-windows/System.IO.FileSystem.Primitives.pdbSHA2563 source: System.IO.FileSystem.Primitives.dll.0.dr
        Source: Binary string: /_/artifacts/obj/Microsoft.Win32.SystemEvents/netcoreapp3.0-Windows_NT-Release/Microsoft.Win32.SystemEvents.pdb source: Microsoft.Win32.SystemEvents.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Runtime.InteropServices.RuntimeInformation/Release/net8.0-windows/System.Runtime.InteropServices.RuntimeInformation.pdbSHA256 source: System.Runtime.InteropServices.RuntimeInformation.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Linq.Parallel\Release\net8.0\System.Linq.Parallel.pdb source: System.Linq.Parallel.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Windows.Extensions/netcoreapp3.0-Windows_NT-Release/System.Windows.Extensions.pdb source: System.Windows.Extensions.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Serialization.Primitives\Release\net8.0\System.Runtime.Serialization.Primitives.pdbSHA256 source: System.Runtime.Serialization.Primitives.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.TextWriterTraceListener\Release\net8.0\System.Diagnostics.TextWriterTraceListener.pdb source: System.Diagnostics.TextWriterTraceListener.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Data.SqlClient/netcoreapp2.1-Windows_NT-Release/System.Data.SqlClient.pdbSHA256m source: System.Data.SqlClient.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.IO.UnmanagedMemoryStream/Release/net8.0-windows/System.IO.UnmanagedMemoryStream.pdb source: System.IO.UnmanagedMemoryStream.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Buffers/Release/net8.0-windows/System.Buffers.pdbSHA256v source: System.Buffers.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.ServicePoint\Release\net8.0\System.Net.ServicePoint.pdbSHA256 source: System.Net.ServicePoint.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Runtime.Extensions/Release/net8.0-windows/System.Runtime.Extensions.pdbSHA256v source: System.Runtime.Extensions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Runtime.Serialization/Release/net8.0-windows/System.Runtime.Serialization.pdb source: System.Runtime.Serialization.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit.Lightweight\Release\net8.0\System.Reflection.Emit.Lightweight.pdbSHA256 source: System.Reflection.Emit.Lightweight.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Runtime.InteropServices.JavaScript/Release/net8.0/System.Runtime.InteropServices.JavaScript.pdbSHA256, source: System.Runtime.InteropServices.JavaScript.dll.0.dr
        Source: Binary string: System.Threading.ni.pdb source: System.Threading.dll.0.dr
        Source: Binary string: System.Threading.Tasks.Parallel.ni.pdb source: System.Threading.Tasks.Parallel.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Net/Release/net8.0-windows/System.Net.pdb source: System.Net.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.ServiceProcess.ServiceController/Release/net8.0-windows/System.ServiceProcess.ServiceController.pdbSHA256] source: System.ServiceProcess.ServiceController.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Requests\Release\net8.0-windows\System.Net.Requests.pdb source: System.Net.Requests.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.InteropServices\Release\net8.0\System.Runtime.InteropServices.pdb source: System.Runtime.InteropServices.dll.0.dr
        Source: Binary string: System.Net.ServicePoint.ni.pdb source: System.Net.ServicePoint.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.IO.Compression.FileSystem/Release/net8.0-windows/System.IO.Compression.FileSystem.pdbSHA256a{ source: System.IO.Compression.FileSystem.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.ValueTuple/Release/net8.0-windows/System.ValueTuple.pdb source: System.ValueTuple.dll.0.dr
        Source: Binary string: System.Net.NetworkInformation.ni.pdb source: System.Net.NetworkInformation.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Xml/Release/net8.0-windows/System.Xml.pdbSHA256 source: System.Xml.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Mail\Release\net8.0-windows\System.Net.Mail.pdb source: System.Net.Mail.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Runtime.Extensions/Release/net8.0-windows/System.Runtime.Extensions.pdb source: System.Runtime.Extensions.dll.0.dr
        Source: Binary string: C:\dev\sqlite\dotnet-private\System.Data.SQLite.Linq\obj\Release\netstandard2.1\System.Data.SQLite.EF6.pdb source: System.Data.SQLite.EF6.dll.0.dr
        Source: Binary string: System.Net.WebProxy.ni.pdb source: System.Net.WebProxy.dll.0.dr
        Source: Binary string: System.Linq.Parallel.ni.pdb source: System.Linq.Parallel.dll.0.dr
        Source: Binary string: System.ComponentModel.Primitives.ni.pdb source: System.ComponentModel.Primitives.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.IO/Release/net8.0-windows/System.IO.pdb source: System.IO.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.NetworkInformation\Release\net8.0-windows\System.Net.NetworkInformation.pdb source: System.Net.NetworkInformation.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Resources.ResourceManager/Release/net8.0-windows/System.Resources.ResourceManager.pdb source: System.Resources.ResourceManager.dll.0.dr
        Source: Binary string: System.Runtime.Serialization.Formatters.ni.pdb source: System.Runtime.Serialization.Formatters.dll.0.dr
        Source: Binary string: Microsoft.VisualBasic.Core.ni.pdb source: Microsoft.VisualBasic.Core.dll.0.dr
        Source: Binary string: System.IO.Compression.ZipFile.ni.pdb source: System.IO.Compression.ZipFile.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Configuration/Release/net8.0-windows/System.Configuration.pdb source: System.Configuration.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Security\Release\net8.0-windows\System.Net.Security.pdbSHA256 source: System.Net.Security.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Pipes.AccessControl\Release\net8.0-windows\System.IO.Pipes.AccessControl.pdbSHA256 source: System.IO.Pipes.AccessControl.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Data/Release/net8.0-windows/System.Data.pdbSHA256 source: System.Data.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Requests\Release\net8.0-windows\System.Net.Requests.pdbSHA256sO source: System.Net.Requests.dll.0.dr
        Source: Binary string: System.Linq.Expressions.ni.pdb source: System.Linq.Expressions.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Overlapped\Release\net8.0\System.Threading.Overlapped.pdb source: System.Threading.Overlapped.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.Win32.Primitives\Release\net8.0\Microsoft.Win32.Primitives.pdb source: Microsoft.Win32.Primitives.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Diagnostics.EventLog/Release/net8.0-windows/System.Diagnostics.EventLog.pdb source: System.Diagnostics.EventLog.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Security\Release\net8.0-windows\System.Net.Security.pdb source: System.Net.Security.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Windows.Extensions/netcoreapp3.0-Windows_NT-Release/System.Windows.Extensions.pdbSHA256 source: System.Windows.Extensions.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Linq.Expressions\Release\net8.0\System.Linq.Expressions.pdbSHA256 source: System.Linq.Expressions.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebProxy\Release\net8.0\System.Net.WebProxy.pdb source: System.Net.WebProxy.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.MemoryMappedFiles\Release\net8.0-windows\System.IO.MemoryMappedFiles.pdb source: System.IO.MemoryMappedFiles.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Transactions/Release/net8.0-windows/System.Transactions.pdb source: System.Transactions.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebSockets.Client\Release\net8.0\System.Net.WebSockets.Client.pdb source: System.Net.WebSockets.Client.dll.0.dr
        Source: Binary string: /_/artifacts/obj/EntityFramework.SqlServer/Release/netstandard2.1/EntityFramework.SqlServer.pdbSHA256s source: EntityFramework.SqlServer.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Compression.Brotli\Release\net8.0-windows\System.IO.Compression.Brotli.pdb source: System.IO.Compression.Brotli.dll.0.dr
        Source: Binary string: System.Runtime.InteropServices.ni.pdb source: System.Runtime.InteropServices.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Runtime.InteropServices.JavaScript/Release/net8.0/System.Runtime.InteropServices.JavaScript.pdb source: System.Runtime.InteropServices.JavaScript.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Encoding/Release/net8.0-windows/System.Security.Cryptography.Encoding.pdb source: System.Security.Cryptography.Encoding.dll.0.dr
        Source: Binary string: System.Net.WebSockets.ni.pdb source: System.Net.WebSockets.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.FileSystem.Watcher\Release\net8.0-windows\System.IO.FileSystem.Watcher.pdb source: System.IO.FileSystem.Watcher.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Private.Xml.Linq\Release\net8.0\System.Private.Xml.Linq.pdbSHA256 source: System.Private.Xml.Linq.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.IO.FileSystem/Release/net8.0-windows/System.IO.FileSystem.pdb source: System.IO.FileSystem.dll.0.dr
        Source: Binary string: System.Console.ni.pdb source: System.Console.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Sockets\Release\net8.0-windows\System.Net.Sockets.pdb source: System.Net.Sockets.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Dynamic.Runtime/Release/net8.0-windows/System.Dynamic.Runtime.pdbSHA256 source: System.Dynamic.Runtime.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Intrinsics\Release\net8.0\System.Runtime.Intrinsics.pdb source: System.Runtime.Intrinsics.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Data.SqlClient/netcoreapp2.1-Windows_NT-Release/System.Data.SqlClient.pdb source: System.Data.SqlClient.dll.0.dr
        Source: Binary string: System.Net.Http.ni.pdb source: System.Net.Http.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Primitives\Release\net8.0\System.Reflection.Primitives.pdbSHA256 source: System.Reflection.Primitives.dll.0.dr
        Source: Binary string: System.IO.FileSystem.AccessControl.ni.pdb source: System.IO.FileSystem.AccessControl.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime\Release\net8.0\System.Runtime.pdb source: System.Runtime.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Private.Xml.Linq\Release\net8.0\System.Private.Xml.Linq.pdb source: System.Private.Xml.Linq.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Net/Release/net8.0-windows/System.Net.pdbSHA256 source: System.Net.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Globalization.Extensions/Release/net8.0-windows/System.Globalization.Extensions.pdbSHA256{= source: System.Globalization.Extensions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Resources.ResourceManager/Release/net8.0-windows/System.Resources.ResourceManager.pdbSHA256: source: System.Resources.ResourceManager.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Permissions/netcoreapp3.0-Release/System.Security.Permissions.pdb source: System.Security.Permissions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.IO.UnmanagedMemoryStream/Release/net8.0-windows/System.IO.UnmanagedMemoryStream.pdbSHA256 source: System.IO.UnmanagedMemoryStream.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.ServicePoint\Release\net8.0\System.Net.ServicePoint.pdb source: System.Net.ServicePoint.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.RegularExpressions\Release\net8.0\System.Text.RegularExpressions.pdb source: System.Text.RegularExpressions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Transactions/Release/net8.0-windows/System.Transactions.pdbSHA256 source: System.Transactions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Runtime.CompilerServices.Unsafe/Release/net8.0-windows/System.Runtime.CompilerServices.Unsafe.pdbSHA256 source: System.Runtime.CompilerServices.Unsafe.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.ReaderWriter\Release\net8.0\System.Xml.ReaderWriter.pdbSHA256I source: System.Xml.ReaderWriter.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.Tracing\Release\net8.0\System.Diagnostics.Tracing.pdbSHA256~\{^ source: System.Diagnostics.Tracing.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Pipes.AccessControl\Release\net8.0-windows\System.IO.Pipes.AccessControl.pdb source: System.IO.Pipes.AccessControl.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Json\Release\net8.0\System.Text.Json.pdb source: System.Text.Json.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Runtime.InteropServices.RuntimeInformation/Release/net8.0-windows/System.Runtime.InteropServices.RuntimeInformation.pdb source: System.Runtime.InteropServices.RuntimeInformation.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Compression.ZipFile\Release\net8.0-windows\System.IO.Compression.ZipFile.pdb source: System.IO.Compression.ZipFile.dll.0.dr
        Source: Binary string: Microsoft.Win32.Registry.ni.pdb source: Microsoft.Win32.Registry.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.TypeExtensions\Release\net8.0\System.Reflection.TypeExtensions.pdb source: System.Reflection.TypeExtensions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/mscorlib/Release/net8.0-windows/mscorlib.pdb source: mscorlib.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System/Release/net8.0-windows/System.pdbSHA2568^ source: System.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Intrinsics\Release\net8.0\System.Runtime.Intrinsics.pdbSHA256 source: System.Runtime.Intrinsics.dll.0.dr
        Source: Binary string: System.Runtime.InteropServices.JavaScript.ni.pdb source: System.Runtime.InteropServices.JavaScript.dll.0.dr
        Source: Binary string: System.Reflection.Metadata.ni.pdb source: System.Reflection.Metadata.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.IO.Compression.FileSystem/Release/net8.0-windows/System.IO.Compression.FileSystem.pdb source: System.IO.Compression.FileSystem.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Overlapped\Release\net8.0\System.Threading.Overlapped.pdbSHA256t source: System.Threading.Overlapped.dll.0.dr
        Source: Binary string: /_/artifacts/obj/EntityFramework.SqlServer/Release/netstandard2.1/EntityFramework.SqlServer.pdb source: EntityFramework.SqlServer.dll.0.dr
        Source: Binary string: System.IO.Compression.Brotli.ni.pdb source: System.IO.Compression.Brotli.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Reflection.Extensions/Release/net8.0-windows/System.Reflection.Extensions.pdbSHA256> source: System.Reflection.Extensions.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.NameResolution\Release\net8.0-windows\System.Net.NameResolution.pdb source: System.Net.NameResolution.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Primitives/Release/net8.0-windows/System.Security.Cryptography.Primitives.pdbSHA256 source: System.Security.Cryptography.Primitives.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XDocument\Release\net8.0\System.Xml.XDocument.pdb source: System.Xml.XDocument.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Xml.XmlDocument/Release/net8.0-windows/System.Xml.XmlDocument.pdbSHA256 source: System.Xml.XmlDocument.dll.0.dr
        Source: Binary string: System.Text.Json.ni.pdb source: System.Text.Json.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.Tracing\Release\net8.0\System.Diagnostics.Tracing.pdb source: System.Diagnostics.Tracing.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.ProtectedData/Release/net8.0/System.Security.Cryptography.ProtectedData.pdbSHA256 source: System.Security.Cryptography.ProtectedData.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.ValueTuple/Release/net8.0-windows/System.ValueTuple.pdbSHA256[ source: System.ValueTuple.dll.0.dr
        Source: Binary string: System.Diagnostics.TextWriterTraceListener.ni.pdb source: System.Diagnostics.TextWriterTraceListener.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Diagnostics.Tools/Release/net8.0-windows/System.Diagnostics.Tools.pdb source: System.Diagnostics.Tools.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Reflection/Release/net8.0-windows/System.Reflection.pdbSHA256r source: System.Reflection.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Threading.Tasks.Extensions/Release/net8.0-windows/System.Threading.Tasks.Extensions.pdb source: System.Threading.Tasks.Extensions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/mscorlib/Release/net8.0-windows/mscorlib.pdbSHA256) source: mscorlib.dll.0.dr
        Source: Binary string: System.Net.WebSockets.Client.ni.pdb source: System.Net.WebSockets.Client.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Xml/Release/net8.0-windows/System.Xml.pdb source: System.Xml.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.ReaderWriter\Release\net8.0\System.Xml.ReaderWriter.pdb source: System.Xml.ReaderWriter.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Tasks.Parallel\Release\net8.0\System.Threading.Tasks.Parallel.pdbSHA256 source: System.Threading.Tasks.Parallel.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit.ILGeneration\Release\net8.0\System.Reflection.Emit.ILGeneration.pdb source: System.Reflection.Emit.ILGeneration.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Threading.Tasks/Release/net8.0-windows/System.Threading.Tasks.pdbSHA256 source: System.Threading.Tasks.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.CodeDom/Release/net8.0/System.CodeDom.pdbSHA256 source: System.CodeDom.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.CSharp\Release\net8.0-windows\Microsoft.CSharp.pdb source: Microsoft.CSharp.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.FileSystem.AccessControl\Release\net8.0-windows\System.IO.FileSystem.AccessControl.pdb source: System.IO.FileSystem.AccessControl.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebSockets\Release\net8.0-windows\System.Net.WebSockets.pdb source: System.Net.WebSockets.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Globalization.Extensions/Release/net8.0-windows/System.Globalization.Extensions.pdb source: System.Globalization.Extensions.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Thread\Release\net8.0\System.Threading.Thread.pdbSHA256 source: System.Threading.Thread.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebClient\Release\net8.0\System.Net.WebClient.pdb source: System.Net.WebClient.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Data/Release/net8.0-windows/System.Data.pdb source: System.Data.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.ObjectModel\Release\net8.0\System.ObjectModel.pdb source: System.ObjectModel.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.TraceSource\Release\net8.0\System.Diagnostics.TraceSource.pdb source: System.Diagnostics.TraceSource.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Globalization/Release/net8.0-windows/System.Globalization.pdbSHA256 source: System.Globalization.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Data.DataSetExtensions/Release/net8.0-windows/System.Data.DataSetExtensions.pdbSHA256X source: System.Data.DataSetExtensions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/netstandard/Release/net8.0-windows/netstandard.pdb source: netstandard.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System/Release/net8.0-windows/System.pdb source: System.dll.0.dr
        Source: Binary string: System.Collections.Immutable.ni.pdb source: System.Collections.Immutable.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.IO/Release/net8.0-windows/System.IO.pdbSHA256 source: System.IO.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.MemoryMappedFiles\Release\net8.0-windows\System.IO.MemoryMappedFiles.pdbSHA2562R4c source: System.IO.MemoryMappedFiles.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Serialization.Formatters\Release\net8.0\System.Runtime.Serialization.Formatters.pdb source: System.Runtime.Serialization.Formatters.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Loader\Release\net8.0\System.Runtime.Loader.pdbSHA256i source: System.Runtime.Loader.dll.0.dr
        Source: Binary string: System.Net.NameResolution.ni.pdb source: System.Net.NameResolution.dll.0.dr
        Source: Binary string: /_/artifacts/obj/netstandard/Release/net8.0-windows/netstandard.pdbSHA256%# source: netstandard.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Data.DataSetExtensions/Release/net8.0-windows/System.Data.DataSetExtensions.pdb source: System.Data.DataSetExtensions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Reflection/Release/net8.0-windows/System.Reflection.pdb source: System.Reflection.dll.0.dr
        Source: Binary string: System.Diagnostics.DiagnosticSource.ni.pdb source: System.Diagnostics.DiagnosticSource.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Numerics.Vectors\Release\net8.0\System.Numerics.Vectors.pdb source: System.Numerics.Vectors.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Linq.Expressions\Release\net8.0\System.Linq.Expressions.pdb source: System.Linq.Expressions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Numerics/Release/net8.0-windows/System.Numerics.pdb source: System.Numerics.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.AppContext/Release/net8.0-windows/System.AppContext.pdbSHA256 source: System.AppContext.dll.0.dr
        Source: Binary string: E:\A\_work\410\s\bin\obj\Windows_NT.x64.Release\Native\sni\Release\sni.pdb source: sni.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Algorithms/Release/net8.0-windows/System.Security.Cryptography.Algorithms.pdbSHA256 source: System.Security.Cryptography.Algorithms.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Tasks.Parallel\Release\net8.0\System.Threading.Tasks.Parallel.pdb source: System.Threading.Tasks.Parallel.dll.0.dr
        Source: Binary string: System.Text.Encodings.Web.ni.pdb source: System.Text.Encodings.Web.dll.0.dr
        Source: Binary string: Microsoft.CSharp.ni.pdb source: Microsoft.CSharp.dll.0.dr
        Source: Binary string: System.Net.WebClient.ni.pdb source: System.Net.WebClient.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Compression\Release\net8.0-windows\System.IO.Compression.pdb source: System.IO.Compression.dll.0.dr
        Source: Binary string: System.Diagnostics.TraceSource.ni.pdb source: System.Diagnostics.TraceSource.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Security.AccessControl\Release\net8.0-windows\System.Security.AccessControl.pdb source: System.Security.AccessControl.dll.0.dr
        Source: Binary string: System.Private.Uri.ni.pdb source: System.Private.Uri.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.IO.FileSystem/Release/net8.0-windows/System.IO.FileSystem.pdbSHA256 source: System.IO.FileSystem.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Globalization/Release/net8.0-windows/System.Globalization.pdb source: System.Globalization.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.IO.FileSystem.Primitives/Release/net8.0-windows/System.IO.FileSystem.Primitives.pdb source: System.IO.FileSystem.Primitives.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.VisualBasic.Core\Release\net8.0-windows\Microsoft.VisualBasic.Core.pdb source: Microsoft.VisualBasic.Core.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Serialization.Primitives\Release\net8.0\System.Runtime.Serialization.Primitives.pdb source: System.Runtime.Serialization.Primitives.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Console\Release\net8.0-windows\System.Console.pdb source: System.Console.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\mscordac\mscordaccore.pdb source: 6kK89mR2aq.exe
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.Win32.Registry\Release\net8.0-windows\Microsoft.Win32.Registry.pdb source: Microsoft.Win32.Registry.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.ServiceProcess.ServiceController/Release/net8.0-windows/System.ServiceProcess.ServiceController.pdb source: System.ServiceProcess.ServiceController.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.DiagnosticSource\Release\net8.0\System.Diagnostics.DiagnosticSource.pdb source: System.Diagnostics.DiagnosticSource.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.OpenSsl/Release/net8.0-windows/System.Security.Cryptography.OpenSsl.pdb source: System.Security.Cryptography.OpenSsl.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Threading.Tasks/Release/net8.0-windows/System.Threading.Tasks.pdb source: System.Threading.Tasks.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Diagnostics.EventLog/Release/net8.0-windows/System.Diagnostics.EventLog.pdbSHA256 source: System.Diagnostics.EventLog.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Primitives\Release\net8.0\System.Reflection.Primitives.pdb source: System.Reflection.Primitives.dll.0.dr
        Source: Binary string: System.Runtime.CompilerServices.VisualC.ni.pdb source: System.Runtime.CompilerServices.VisualC.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Algorithms/Release/net8.0-windows/System.Security.Cryptography.Algorithms.pdb source: System.Security.Cryptography.Algorithms.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Encoding.Extensions\Release\net8.0\System.Text.Encoding.Extensions.pdbSHA2560 source: System.Text.Encoding.Extensions.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Encoding.CodePages\Release\net8.0-windows\System.Text.Encoding.CodePages.pdb source: System.Text.Encoding.CodePages.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Primitives/Release/net8.0-windows/System.Security.Cryptography.Primitives.pdb source: System.Security.Cryptography.Primitives.dll.0.dr
        Source: Binary string: System.IO.Compression.ni.pdb source: System.IO.Compression.dll.0.dr
        Source: Binary string: System.Security.Cryptography.ni.pdb source: System.Security.Cryptography.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.Contracts\Release\net8.0\System.Diagnostics.Contracts.pdb source: System.Diagnostics.Contracts.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.AppContext/Release/net8.0-windows/System.AppContext.pdb source: System.AppContext.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.SecureString/Release/net8.0-windows/System.Security.SecureString.pdbSHA256NX source: System.Security.SecureString.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.OpenSsl/Release/net8.0-windows/System.Security.Cryptography.OpenSsl.pdbSHA256 source: System.Security.Cryptography.OpenSsl.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Data.Common\Release\net8.0\System.Data.Common.pdb source: System.Data.Common.dll.0.dr
        Source: Binary string: System.Net.Requests.ni.pdb source: System.Net.Requests.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Encoding/Release/net8.0-windows/System.Security.Cryptography.Encoding.pdbSHA256#5 source: System.Security.Cryptography.Encoding.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Drawing.Common/netcoreapp3.0-Windows_NT-Release/System.Drawing.Common.pdbSHA256 source: System.Drawing.Common.dll.0.dr
        Source: Binary string: System.Text.Encoding.CodePages.ni.pdb source: System.Text.Encoding.CodePages.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\Corehost.Static\singlefilehost.pdb source: 6kK89mR2aq.exe
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Encodings.Web\Release\net8.0\System.Text.Encodings.Web.pdb source: System.Text.Encodings.Web.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Http\Release\net8.0-windows\System.Net.Http.pdb source: System.Net.Http.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Xml.XmlDocument/Release/net8.0-windows/System.Xml.XmlDocument.pdb source: System.Xml.XmlDocument.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit.ILGeneration\Release\net8.0\System.Reflection.Emit.ILGeneration.pdbSHA256 source: System.Reflection.Emit.ILGeneration.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.ComponentModel.Primitives\Release\net8.0\System.ComponentModel.Primitives.pdb source: System.ComponentModel.Primitives.dll.0.dr
        Source: Binary string: System.Security.AccessControl.ni.pdb source: System.Security.AccessControl.dll.0.dr
        Source: Binary string: System.IO.FileSystem.Watcher.ni.pdb source: System.IO.FileSystem.Watcher.dll.0.dr
        Source: Binary string: /_/artifacts/obj/Microsoft.Win32.SystemEvents/netcoreapp3.0-Windows_NT-Release/Microsoft.Win32.SystemEvents.pdbSHA256 source: Microsoft.Win32.SystemEvents.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Configuration/Release/net8.0-windows/System.Configuration.pdbSHA256 source: System.Configuration.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Buffers/Release/net8.0-windows/System.Buffers.pdb source: System.Buffers.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Threading.Tasks.Extensions/Release/net8.0-windows/System.Threading.Tasks.Extensions.pdbSHA256% source: System.Threading.Tasks.Extensions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Runtime.Serialization/Release/net8.0-windows/System.Runtime.Serialization.pdbSHA256 source: System.Runtime.Serialization.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Mail\Release\net8.0-windows\System.Net.Mail.pdbSHA256S source: System.Net.Mail.dll.0.dr
        Source: Binary string: System.Data.Common.ni.pdb source: System.Data.Common.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Encoding.Extensions\Release\net8.0\System.Text.Encoding.Extensions.pdb source: System.Text.Encoding.Extensions.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.Win32.Primitives\Release\net8.0\Microsoft.Win32.Primitives.pdbSHA256%B source: Microsoft.Win32.Primitives.dll.0.dr
        Source: Binary string: System.Net.Primitives.ni.pdb source: System.Net.Primitives.dll.0.dr

        Networking

        barindex
        Yara detected Generic Downloader
        Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\netstandard.dll, type: DROPPED
        Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.dll, type: DROPPED
        Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.dll, type: DROPPED
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
        Source: global trafficHTTP traffic detected: GET /json/8.46.123.189 HTTP/1.1Host: ip-api.com
        Source: global trafficHTTP traffic detected: GET /json/8.46.123.189 HTTP/1.1Host: ip-api.com
        Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
        Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
        Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
        Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49762 -> 208.95.112.1:80
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49754 -> 172.67.74.152:443
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49774 -> 172.67.74.152:443
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49768 -> 172.67.74.152:443
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49760 -> 172.67.74.152:443
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
        Source: global trafficHTTP traffic detected: GET /json/8.46.123.189 HTTP/1.1Host: ip-api.com
        Source: global trafficHTTP traffic detected: GET /json/8.46.123.189 HTTP/1.1Host: ip-api.com
        Source: global trafficDNS traffic detected: DNS query: api.ipify.org
        Source: global trafficDNS traffic detected: DNS query: ip-api.com
        Source: 6kK89mR2aq.exeString found in binary or memory: http://.css
        Source: 6kK89mR2aq.exeString found in binary or memory: http://.jpg
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
        Source: chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502eup.
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
        Source: msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
        Source: msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
        Source: msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
        Source: chrome.exe, 00000001.00000002.2029687403.00005254000A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625RT
        Source: msedge.exe, 00000007.00000002.2258013049.00005F8800280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625_
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
        Source: msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
        Source: msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906_
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
        Source: chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651eup.
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
        Source: chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036RT
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
        Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
        Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
        Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
        Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
        Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
        Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
        Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
        Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
        Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
        Source: 6kK89mR2aq.exeString found in binary or memory: http://html4/loose.dtd
        Source: msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
        Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: http://ocsp.digicert.com0
        Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: http://ocsp.digicert.com0A
        Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: http://ocsp.digicert.com0C
        Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: http://ocsp.digicert.com0X
        Source: msedge.exe, 00000007.00000002.2256933317.00005F8800058000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.chambersign.org1
        Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: http://www.digicert.com/CPS0
        Source: System.Runtime.Serialization.Formatters.dll.0.drString found in binary or memory: https://aka.ms/binaryformatter
        Source: 6kK89mR2aq.exeString found in binary or memory: https://aka.ms/dotnet-core-applaunch?
        Source: System.Security.Cryptography.dll.0.dr, Microsoft.VisualBasic.Core.dll.0.dr, System.Net.WebClient.dll.0.dr, System.Net.Primitives.dll.0.dr, System.Runtime.Serialization.Formatters.dll.0.dr, System.Data.Common.dll.0.dr, System.Linq.Expressions.dll.0.drString found in binary or memory: https://aka.ms/dotnet-warnings/
        Source: 6kK89mR2aq.exeString found in binary or memory: https://aka.ms/dotnet/app-launch-failed
        Source: 6kK89mR2aq.exeString found in binary or memory: https://aka.ms/dotnet/download
        Source: 6kK89mR2aq.exeString found in binary or memory: https://aka.ms/dotnet/download%s%sInstall
        Source: 6kK89mR2aq.exeString found in binary or memory: https://aka.ms/dotnet/info
        Source: 6kK89mR2aq.exeString found in binary or memory: https://aka.ms/dotnet/sdk-not-foundProbing
        Source: System.ServiceProcess.ServiceController.dll.0.dr, System.Reflection.Metadata.dll.0.dr, System.Diagnostics.EventLog.dll.0.dr, System.Data.Common.dll.0.drString found in binary or memory: https://aka.ms/serializationformat-binary-obsolete
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
        Source: msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369_
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
        Source: chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
        Source: chrome.exe, 00000001.00000003.1795950881.00001688002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1796045597.00001688002EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
        Source: System.Text.RegularExpressions.dll.0.drString found in binary or memory: https://github.com/dotnet/linker/issues/2715.
        Source: System.Xml.XmlSerializer.dll.0.dr, System.Reflection.Emit.Lightweight.dll.0.dr, System.Buffers.dll.0.dr, System.Runtime.Serialization.dll.0.dr, System.Reflection.TypeExtensions.dll.0.dr, System.Dynamic.Runtime.dll.0.dr, System.ComponentModel.Primitives.dll.0.dr, System.Diagnostics.Tracing.dll.0.dr, System.Threading.Tasks.Parallel.dll.0.dr, System.Diagnostics.TextWriterTraceListener.dll.0.dr, System.Text.Encodings.Web.dll.0.dr, System.IO.Compression.ZipFile.dll.0.dr, System.Runtime.Serialization.Primitives.dll.0.dr, System.Runtime.InteropServices.RuntimeInformation.dll.0.dr, System.Runtime.InteropServices.dll.0.dr, System.Security.Cryptography.ProtectedData.dll.0.dr, System.Configuration.dll.0.dr, System.Security.Cryptography.Algorithms.dll.0.dr, System.Resources.ResourceManager.dll.0.dr, System.Threading.dll.0.dr, System.ServiceProcess.ServiceController.dll.0.drString found in binary or memory: https://github.com/dotnet/runtime
        Source: System.Resources.ResourceManager.dll.0.drString found in binary or memory: https://github.com/dotnet/runtime=
        Source: System.Security.Cryptography.Encoding.dll.0.drString found in binary or memory: https://github.com/dotnet/runtimeA
        Source: System.AppContext.dll.0.drString found in binary or memory: https://github.com/dotnet/runtimeGk
        Source: System.ValueTuple.dll.0.drString found in binary or memory: https://github.com/dotnet/runtimeMY
        Source: System.IO.dll.0.drString found in binary or memory: https://github.com/dotnet/runtimeQ
        Source: System.Security.SecureString.dll.0.drString found in binary or memory: https://github.com/dotnet/runtimed
        Source: System.Transactions.dll.0.drString found in binary or memory: https://github.com/dotnet/runtimen;
        Source: System.Globalization.dll.0.drString found in binary or memory: https://github.com/dotnet/runtimeo
        Source: System.Buffers.dll.0.dr, System.Security.Cryptography.Algorithms.dll.0.drString found in binary or memory: https://github.com/dotnet/runtimet
        Source: System.Data.Common.dll.0.drString found in binary or memory: https://github.com/mono/linker/issues/1187
        Source: Microsoft.CSharp.dll.0.drString found in binary or memory: https://github.com/mono/linker/issues/1416.
        Source: Microsoft.VisualBasic.Core.dll.0.drString found in binary or memory: https://github.com/mono/linker/issues/1731
        Source: Microsoft.CSharp.dll.0.drString found in binary or memory: https://github.com/mono/linker/issues/1906.
        Source: System.Data.Common.dll.0.drString found in binary or memory: https://github.com/mono/linker/issues/1981
        Source: Microsoft.VisualBasic.Core.dll.0.drString found in binary or memory: https://github.com/mono/linker/issues/378
        Source: System.Linq.Expressions.dll.0.drString found in binary or memory: https://github.com/mono/linker/pull/2125.
        Source: msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
        Source: msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
        Source: msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
        Source: msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
        Source: msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
        Source: msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
        Source: msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
        Source: msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
        Source: msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
        Source: msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
        Source: msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
        Source: msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
        Source: msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
        Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: https://system.data.sqlite.org/
        Source: msedge.exe, 00000007.00000002.2257333645.00005F88000E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.catcert.net/verarrel
        Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: https://www.sqlite.org/lang_aggfunc.html
        Source: System.Data.SQLite.EF6.dll.0.drString found in binary or memory: https://www.sqlite.org/lang_corefunc.html
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
        Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
        Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
        Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.4:49754 version: TLS 1.2
        Source: 6kK89mR2aq.exeStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows
        Source: System.Text.Encodings.Web.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Collections.Immutable.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Security.Principal.Windows.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Diagnostics.FileVersionInfo.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Diagnostics.DiagnosticSource.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Text.Encoding.CodePages.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.IO.Compression.Brotli.dll.0.drStatic PE information: No import functions for PE file found
        Source: Microsoft.CSharp.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Console.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Collections.Concurrent.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Diagnostics.TraceSource.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.IO.Pipes.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Threading.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Diagnostics.TextWriterTraceListener.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.IO.FileSystem.AccessControl.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Security.AccessControl.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Text.Json.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.IO.MemoryMappedFiles.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Collections.Specialized.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.ComponentModel.EventBasedAsync.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.ComponentModel.TypeConverter.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Xml.XPath.XDocument.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.ComponentModel.Annotations.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Formats.Asn1.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Security.Cryptography.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Drawing.Primitives.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Threading.Tasks.Dataflow.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.ComponentModel.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Formats.Tar.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Security.Claims.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Threading.Channels.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Threading.Tasks.Parallel.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Collections.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Web.HttpUtility.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.IO.FileSystem.Watcher.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Diagnostics.Process.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.ComponentModel.Primitives.dll.0.drStatic PE information: No import functions for PE file found
        Source: Microsoft.Win32.Registry.dll.0.drStatic PE information: No import functions for PE file found
        Source: Microsoft.VisualBasic.Core.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Linq.Expressions.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.IO.IsolatedStorage.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Runtime.Serialization.Formatters.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Collections.NonGeneric.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.IO.Compression.ZipFile.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.IO.Compression.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Transactions.Local.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Runtime.Serialization.Primitives.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Data.Common.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Runtime.Numerics.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.IO.FileSystem.DriveInfo.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Text.RegularExpressions.dll.0.drStatic PE information: No import functions for PE file found
        Source: System.Diagnostics.StackTrace.dll.0.drStatic PE information: No import functions for PE file found
        Source: 6kK89mR2aq.exe, 00000000.00000000.1720601675.00007FF772DB8000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamemscordaccore.dll@ vs 6kK89mR2aq.exe
        Source: 6kK89mR2aq.exe, 00000000.00000000.1720601675.00007FF772DB8000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameoke.dll@ vs 6kK89mR2aq.exe
        Source: 6kK89mR2aq.exeBinary or memory string: OriginalFilenamemscordaccore.dll@ vs 6kK89mR2aq.exe
        Source: 6kK89mR2aq.exeBinary or memory string: OriginalFilenameoke.dll@ vs 6kK89mR2aq.exe
        Source: classification engineClassification label: mal72.troj.spyw.winEXE@13/198@2/3
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\Public\Documents\638724339740296301Jump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeMutant created: NULL
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.netJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: 6kK89mR2aq.exe, 00000000.00000003.2265290263.00000245EAC76000.00000004.00000020.00020000.00000000.sdmp, 6kK89mR2aq.exe, 00000000.00000003.2265347757.00000245EAC78000.00000004.00000020.00020000.00000000.sdmp, 6kK89mR2aq.exe, 00000000.00000003.2259555500.0000020551350000.00000004.00000020.00020000.00000000.sdmp, 6kK89mR2aq.exe, 00000000.00000003.2264540982.00000245EAC76000.00000004.00000020.00020000.00000000.sdmp, 6kK89mR2aq.exe, 00000000.00000003.2264378672.00000245EAC76000.00000004.00000020.00020000.00000000.sdmp, 6kK89mR2aq.exe, 00000000.00000003.2264726998.00000245EAC76000.00000004.00000020.00020000.00000000.sdmp, tmp5vbnla.tmp.0.dr, Default_LoginDataTemp.db.0.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
        Source: 6kK89mR2aq.exeVirustotal: Detection: 38%
        Source: 6kK89mR2aq.exeReversingLabs: Detection: 44%
        Source: 6kK89mR2aq.exeString found in binary or memory: overflow:hidden;img src="http://addEventListenerresponsible for s.js"></script>
        Source: 6kK89mR2aq.exeString found in binary or memory: Morph - Structs/AddrExp
        Source: 6kK89mR2aq.exeString found in binary or memory: @0x%x with loopPre-importprejittail.call and not BBINSTRExpand patchpointsPost-importImportationIndirect call transformProfile incorporationMorph - InitProfile instrumentation prepProfile instrumentationAllocate ObjectsRemove empty tryMorph - InliningMorph - Add internal blocksClone finallyUpdate finally target flagsRemove empty finallyMerge callfinally chainsEarly livenessPhysical promotionUpdate flow graph early passMorph - Structs/AddrExpMorph - ByRefsMorph - Promote StructsForward SubstitutionIdentify candidates for implicit byref copy omissionGS CookieCompute edge weights (1, false)Morph - GlobalMorph - FinishMerge throw blocksInvert loopsCreate EH funcletsTail mergeOptimize layoutCompute blocks reachabilityPost-morph tail mergeOptimize control flowFind loopsClone loopsSet block weightsRedundant zero InitsMorph array opsHoist loop codeUnroll loopsClear loop infoFind oper orderSet block orderMark local varsOptimize boolsSSA: Doms1SSA: livenessBuild SSA representationSSA: topological sortSSA: renameEarly Value PropagationSSA: DFSSA: insert phisOptimize Valnum CSEsVN based copy propDo value numberingOptimize index checksAssertion propIf conversionVN based intrinsic expansionRedundant branch optsCompute edge weights (2, false)Stress gtSplitTreeVN-based dead store removalUpdate flow graph opt passExpand TLS accessInsert GC PollsExpand runtime lookupsExpand static initDo 'simple' loweringLocal var livenessDetermine first cold blockRationalize IRGlobal local var livenessLowering decompositionLocal var liveness initPer block local var livenessLinear scan register allocLSRA build intervalsLowering nodeinfoCalculate stack level slotsPlace 'align' instructionsGenerate codeLSRA allocateLSRA resolvePost-EmitEmit codeEmit GC+EH tablesProcessor does not have a high-frequency timer.
        Source: 6kK89mR2aq.exeString found in binary or memory: GC initialization failed with error 0x%08XVirtualAlloc2kernelbase.dllMapViewOfFile3bad array new lengthstring too longUsing internal fxrApplication root path is empty. This shouldn't happenUsing internal hostpolicy--depsfilePath containing probing policy and assemblies to probe for.<path>--additionalprobingpath--fx-versionPath to <application>.runtimeconfig.json file.--runtimeconfigPath to <application>.deps.json file.<value>--roll-forwardVersion of the installed Shared Framework to use to run the application.<version>--roll-forward-on-no-candidate-fxPath to additional deps.json file.--additional-depsRoll forward to framework version (LatestPatch, Minor, LatestMinor, Major, LatestMajor, Disable)Parsed known arg %s = %ssdk<obsolete><n>Application '%s' is not a managed executable.Using the provided arguments to determine the application to execute. %s %-*s %sFailed to parse supported options or their values:--- Executing in split/FX mode...The application to execute does not exist: '%s'dotnet exec needs a managed .dll or .exe extension. The application specified was '%s'Application '%s' does not exist.staticexec--- Executing in muxer mode...--- Executing in a native executable mode...
        Source: 6kK89mR2aq.exeString found in binary or memory: %s --list-runtimes Display the installed runtimeshost-options: The path to an application .dll file to execute.path-to-application: --info Display .NET information. -h|--help Displays this help.Common Options: --list-sdks Display the installed SDKsinvalid hash bucket countunordered_map/set too longinvalid string positionvector too longInvalid startup info: host_path, dotnet_root, and app_path should not be null.A fatal error occurred while processing application bundlehostfxr_main_bundle_startupinfo--- Invoked %s [version: %s]hostfxr_main_startupinfoget-native-search-directories--list-runtimes--list-sdksUsing dotnet root path [%s]/?-?--help-hdotnet.dll The command could not be loaded, possibly because:
        Source: 6kK89mR2aq.exeString found in binary or memory: %s --list-runtimes Display the installed runtimeshost-options: The path to an application .dll file to execute.path-to-application: --info Display .NET information. -h|--help Displays this help.Common Options: --list-sdks Display the installed SDKsinvalid hash bucket countunordered_map/set too longinvalid string positionvector too longInvalid startup info: host_path, dotnet_root, and app_path should not be null.A fatal error occurred while processing application bundlehostfxr_main_bundle_startupinfo--- Invoked %s [version: %s]hostfxr_main_startupinfoget-native-search-directories--list-runtimes--list-sdksUsing dotnet root path [%s]/?-?--help-hdotnet.dll The command could not be loaded, possibly because:
        Source: 6kK89mR2aq.exeString found in binary or memory: https://aka.ms/dotnet/app-launch-failed
        Source: unknownProcess created: C:\Users\user\Desktop\6kK89mR2aq.exe "C:\Users\user\Desktop\6kK89mR2aq.exe"
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9577 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1532 --field-trial-handle=1480,i,10141797464930735019,2123259764486349599,262144 --disable-features=PaintHolding /prefetch:8
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9414 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1508 --field-trial-handle=1460,i,2016451024205536265,1915293068079400894,262144 --disable-features=PaintHolding /prefetch:3
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9577 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000Jump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9414 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000Jump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1532 --field-trial-handle=1480,i,10141797464930735019,2123259764486349599,262144 --disable-features=PaintHolding /prefetch:8Jump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1508 --field-trial-handle=1460,i,2016451024205536265,1915293068079400894,262144 --disable-features=PaintHolding /prefetch:3Jump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeSection loaded: icu.dllJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeSection loaded: dhcpcsvc6.dllJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeSection loaded: dhcpcsvc.dllJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeSection loaded: wshunix.dllJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeSection loaded: winrnr.dllJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeSection loaded: nlaapi.dllJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeSection loaded: wshbth.dllJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeSection loaded: devobj.dllJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeSection loaded: pnrpnsp.dllJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeSection loaded: napinsp.dllJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeSection loaded: mscoree.dllJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeSection loaded: gpapi.dllJump to behavior
        Source: 6kK89mR2aq.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
        Source: 6kK89mR2aq.exeStatic PE information: Image base 0x140000000 > 0x60000000
        Source: 6kK89mR2aq.exeStatic file information: File size 40355192 > 1048576
        Source: 6kK89mR2aq.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x61a800
        Source: 6kK89mR2aq.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x17c600
        Source: 6kK89mR2aq.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x14b800
        Source: 6kK89mR2aq.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
        Source: 6kK89mR2aq.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
        Source: 6kK89mR2aq.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
        Source: 6kK89mR2aq.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
        Source: 6kK89mR2aq.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
        Source: 6kK89mR2aq.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
        Source: 6kK89mR2aq.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
        Source: 6kK89mR2aq.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XmlSerializer\Release\net8.0\System.Xml.XmlSerializer.pdbSHA256{2 source: System.Xml.XmlSerializer.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Thread\Release\net8.0\System.Threading.Thread.pdb source: System.Threading.Thread.dll.0.dr
        Source: Binary string: System.Net.Sockets.ni.pdb source: System.Net.Sockets.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Csp/Release/net8.0-windows/System.Security.Cryptography.Csp.pdbSHA256 source: System.Security.Cryptography.Csp.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.ProtectedData/Release/net8.0/System.Security.Cryptography.ProtectedData.pdb source: System.Security.Cryptography.ProtectedData.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XmlSerializer\Release\net8.0\System.Xml.XmlSerializer.pdb source: System.Xml.XmlSerializer.dll.0.dr
        Source: Binary string: E:\A\_work\410\s\bin\obj\Windows_NT.x64.Release\Native\sni\Release\sni.pdb@@@GCTL source: sni.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Metadata\Release\net8.0\System.Reflection.Metadata.pdb source: System.Reflection.Metadata.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit.Lightweight\Release\net8.0\System.Reflection.Emit.Lightweight.pdb source: System.Reflection.Emit.Lightweight.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Permissions/netcoreapp3.0-Release/System.Security.Permissions.pdbSHA256 source: System.Security.Permissions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Csp/Release/net8.0-windows/System.Security.Cryptography.Csp.pdb source: System.Security.Cryptography.Csp.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.Contracts\Release\net8.0\System.Diagnostics.Contracts.pdbSHA256 source: System.Diagnostics.Contracts.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.DiagnosticSource\Release\net8.0\System.Diagnostics.DiagnosticSource.pdbSHA256P?> source: System.Diagnostics.DiagnosticSource.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Security.Cryptography\Release\net8.0-windows\System.Security.Cryptography.pdb source: System.Security.Cryptography.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Collections.Immutable\Release\net8.0\System.Collections.Immutable.pdb source: System.Collections.Immutable.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime\Release\net8.0\System.Runtime.pdbSHA256 source: System.Runtime.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.VisualC\Release\net8.0\System.Runtime.CompilerServices.VisualC.pdb source: System.Runtime.CompilerServices.VisualC.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XDocument\Release\net8.0\System.Xml.XDocument.pdbSHA256 source: System.Xml.XDocument.dll.0.dr
        Source: Binary string: System.Net.Security.ni.pdb source: System.Net.Security.dll.0.dr
        Source: Binary string: System.ObjectModel.ni.pdb source: System.ObjectModel.dll.0.dr
        Source: Binary string: System.IO.MemoryMappedFiles.ni.pdb source: System.IO.MemoryMappedFiles.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Serialization.Formatters\Release\net8.0\System.Runtime.Serialization.Formatters.pdbSHA256 source: System.Runtime.Serialization.Formatters.dll.0.dr
        Source: Binary string: System.Private.Xml.Linq.ni.pdb source: System.Private.Xml.Linq.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.VisualC\Release\net8.0\System.Runtime.CompilerServices.VisualC.pdbSHA256= source: System.Runtime.CompilerServices.VisualC.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Principal/Release/net8.0-windows/System.Security.Principal.pdbSHA256 source: System.Security.Principal.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Principal/Release/net8.0-windows/System.Security.Principal.pdb source: System.Security.Principal.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Numerics.Vectors\Release\net8.0\System.Numerics.Vectors.pdbSHA256 source: System.Numerics.Vectors.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.CodeDom/Release/net8.0/System.CodeDom.pdb source: System.CodeDom.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Http\Release\net8.0-windows\System.Net.Http.pdbSHA256 source: System.Net.Http.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Loader\Release\net8.0\System.Runtime.Loader.pdb source: System.Runtime.Loader.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.SecureString/Release/net8.0-windows/System.Security.SecureString.pdb source: System.Security.SecureString.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Private.Uri\Release\net8.0\System.Private.Uri.pdb source: System.Private.Uri.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebProxy\Release\net8.0\System.Net.WebProxy.pdbSHA256<q source: System.Net.WebProxy.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Primitives\Release\net8.0-windows\System.Net.Primitives.pdb source: System.Net.Primitives.dll.0.dr
        Source: Binary string: C:\dev\sqlite\dotnet-private\System.Data.SQLite.Linq\obj\Release\netstandard2.1\System.Data.SQLite.EF6.pdbSHA256 source: System.Data.SQLite.EF6.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Dynamic.Runtime/Release/net8.0-windows/System.Dynamic.Runtime.pdb source: System.Dynamic.Runtime.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Numerics/Release/net8.0-windows/System.Numerics.pdbSHA256<t source: System.Numerics.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Drawing.Common/netcoreapp3.0-Windows_NT-Release/System.Drawing.Common.pdb source: System.Drawing.Common.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Runtime.CompilerServices.Unsafe/Release/net8.0-windows/System.Runtime.CompilerServices.Unsafe.pdb source: System.Runtime.CompilerServices.Unsafe.dll.0.dr
        Source: Binary string: System.Runtime.Serialization.Primitives.ni.pdb source: System.Runtime.Serialization.Primitives.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Reflection.Extensions/Release/net8.0-windows/System.Reflection.Extensions.pdb source: System.Reflection.Extensions.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading\Release\net8.0\System.Threading.pdb source: System.Threading.dll.0.dr
        Source: Binary string: System.Reflection.TypeExtensions.ni.pdb source: System.Reflection.TypeExtensions.dll.0.dr
        Source: Binary string: System.Net.Mail.ni.pdb source: System.Net.Mail.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Diagnostics.Tools/Release/net8.0-windows/System.Diagnostics.Tools.pdbSHA256 source: System.Diagnostics.Tools.dll.0.dr
        Source: Binary string: System.Text.RegularExpressions.ni.pdb source: System.Text.RegularExpressions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.IO.FileSystem.Primitives/Release/net8.0-windows/System.IO.FileSystem.Primitives.pdbSHA2563 source: System.IO.FileSystem.Primitives.dll.0.dr
        Source: Binary string: /_/artifacts/obj/Microsoft.Win32.SystemEvents/netcoreapp3.0-Windows_NT-Release/Microsoft.Win32.SystemEvents.pdb source: Microsoft.Win32.SystemEvents.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Runtime.InteropServices.RuntimeInformation/Release/net8.0-windows/System.Runtime.InteropServices.RuntimeInformation.pdbSHA256 source: System.Runtime.InteropServices.RuntimeInformation.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Linq.Parallel\Release\net8.0\System.Linq.Parallel.pdb source: System.Linq.Parallel.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Windows.Extensions/netcoreapp3.0-Windows_NT-Release/System.Windows.Extensions.pdb source: System.Windows.Extensions.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Serialization.Primitives\Release\net8.0\System.Runtime.Serialization.Primitives.pdbSHA256 source: System.Runtime.Serialization.Primitives.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.TextWriterTraceListener\Release\net8.0\System.Diagnostics.TextWriterTraceListener.pdb source: System.Diagnostics.TextWriterTraceListener.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Data.SqlClient/netcoreapp2.1-Windows_NT-Release/System.Data.SqlClient.pdbSHA256m source: System.Data.SqlClient.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.IO.UnmanagedMemoryStream/Release/net8.0-windows/System.IO.UnmanagedMemoryStream.pdb source: System.IO.UnmanagedMemoryStream.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Buffers/Release/net8.0-windows/System.Buffers.pdbSHA256v source: System.Buffers.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.ServicePoint\Release\net8.0\System.Net.ServicePoint.pdbSHA256 source: System.Net.ServicePoint.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Runtime.Extensions/Release/net8.0-windows/System.Runtime.Extensions.pdbSHA256v source: System.Runtime.Extensions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Runtime.Serialization/Release/net8.0-windows/System.Runtime.Serialization.pdb source: System.Runtime.Serialization.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit.Lightweight\Release\net8.0\System.Reflection.Emit.Lightweight.pdbSHA256 source: System.Reflection.Emit.Lightweight.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Runtime.InteropServices.JavaScript/Release/net8.0/System.Runtime.InteropServices.JavaScript.pdbSHA256, source: System.Runtime.InteropServices.JavaScript.dll.0.dr
        Source: Binary string: System.Threading.ni.pdb source: System.Threading.dll.0.dr
        Source: Binary string: System.Threading.Tasks.Parallel.ni.pdb source: System.Threading.Tasks.Parallel.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Net/Release/net8.0-windows/System.Net.pdb source: System.Net.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.ServiceProcess.ServiceController/Release/net8.0-windows/System.ServiceProcess.ServiceController.pdbSHA256] source: System.ServiceProcess.ServiceController.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Requests\Release\net8.0-windows\System.Net.Requests.pdb source: System.Net.Requests.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.InteropServices\Release\net8.0\System.Runtime.InteropServices.pdb source: System.Runtime.InteropServices.dll.0.dr
        Source: Binary string: System.Net.ServicePoint.ni.pdb source: System.Net.ServicePoint.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.IO.Compression.FileSystem/Release/net8.0-windows/System.IO.Compression.FileSystem.pdbSHA256a{ source: System.IO.Compression.FileSystem.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.ValueTuple/Release/net8.0-windows/System.ValueTuple.pdb source: System.ValueTuple.dll.0.dr
        Source: Binary string: System.Net.NetworkInformation.ni.pdb source: System.Net.NetworkInformation.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Xml/Release/net8.0-windows/System.Xml.pdbSHA256 source: System.Xml.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Mail\Release\net8.0-windows\System.Net.Mail.pdb source: System.Net.Mail.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Runtime.Extensions/Release/net8.0-windows/System.Runtime.Extensions.pdb source: System.Runtime.Extensions.dll.0.dr
        Source: Binary string: C:\dev\sqlite\dotnet-private\System.Data.SQLite.Linq\obj\Release\netstandard2.1\System.Data.SQLite.EF6.pdb source: System.Data.SQLite.EF6.dll.0.dr
        Source: Binary string: System.Net.WebProxy.ni.pdb source: System.Net.WebProxy.dll.0.dr
        Source: Binary string: System.Linq.Parallel.ni.pdb source: System.Linq.Parallel.dll.0.dr
        Source: Binary string: System.ComponentModel.Primitives.ni.pdb source: System.ComponentModel.Primitives.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.IO/Release/net8.0-windows/System.IO.pdb source: System.IO.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.NetworkInformation\Release\net8.0-windows\System.Net.NetworkInformation.pdb source: System.Net.NetworkInformation.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Resources.ResourceManager/Release/net8.0-windows/System.Resources.ResourceManager.pdb source: System.Resources.ResourceManager.dll.0.dr
        Source: Binary string: System.Runtime.Serialization.Formatters.ni.pdb source: System.Runtime.Serialization.Formatters.dll.0.dr
        Source: Binary string: Microsoft.VisualBasic.Core.ni.pdb source: Microsoft.VisualBasic.Core.dll.0.dr
        Source: Binary string: System.IO.Compression.ZipFile.ni.pdb source: System.IO.Compression.ZipFile.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Configuration/Release/net8.0-windows/System.Configuration.pdb source: System.Configuration.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Security\Release\net8.0-windows\System.Net.Security.pdbSHA256 source: System.Net.Security.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Pipes.AccessControl\Release\net8.0-windows\System.IO.Pipes.AccessControl.pdbSHA256 source: System.IO.Pipes.AccessControl.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Data/Release/net8.0-windows/System.Data.pdbSHA256 source: System.Data.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Requests\Release\net8.0-windows\System.Net.Requests.pdbSHA256sO source: System.Net.Requests.dll.0.dr
        Source: Binary string: System.Linq.Expressions.ni.pdb source: System.Linq.Expressions.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Overlapped\Release\net8.0\System.Threading.Overlapped.pdb source: System.Threading.Overlapped.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.Win32.Primitives\Release\net8.0\Microsoft.Win32.Primitives.pdb source: Microsoft.Win32.Primitives.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Diagnostics.EventLog/Release/net8.0-windows/System.Diagnostics.EventLog.pdb source: System.Diagnostics.EventLog.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Security\Release\net8.0-windows\System.Net.Security.pdb source: System.Net.Security.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Windows.Extensions/netcoreapp3.0-Windows_NT-Release/System.Windows.Extensions.pdbSHA256 source: System.Windows.Extensions.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Linq.Expressions\Release\net8.0\System.Linq.Expressions.pdbSHA256 source: System.Linq.Expressions.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebProxy\Release\net8.0\System.Net.WebProxy.pdb source: System.Net.WebProxy.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.MemoryMappedFiles\Release\net8.0-windows\System.IO.MemoryMappedFiles.pdb source: System.IO.MemoryMappedFiles.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Transactions/Release/net8.0-windows/System.Transactions.pdb source: System.Transactions.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebSockets.Client\Release\net8.0\System.Net.WebSockets.Client.pdb source: System.Net.WebSockets.Client.dll.0.dr
        Source: Binary string: /_/artifacts/obj/EntityFramework.SqlServer/Release/netstandard2.1/EntityFramework.SqlServer.pdbSHA256s source: EntityFramework.SqlServer.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Compression.Brotli\Release\net8.0-windows\System.IO.Compression.Brotli.pdb source: System.IO.Compression.Brotli.dll.0.dr
        Source: Binary string: System.Runtime.InteropServices.ni.pdb source: System.Runtime.InteropServices.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Runtime.InteropServices.JavaScript/Release/net8.0/System.Runtime.InteropServices.JavaScript.pdb source: System.Runtime.InteropServices.JavaScript.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Encoding/Release/net8.0-windows/System.Security.Cryptography.Encoding.pdb source: System.Security.Cryptography.Encoding.dll.0.dr
        Source: Binary string: System.Net.WebSockets.ni.pdb source: System.Net.WebSockets.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.FileSystem.Watcher\Release\net8.0-windows\System.IO.FileSystem.Watcher.pdb source: System.IO.FileSystem.Watcher.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Private.Xml.Linq\Release\net8.0\System.Private.Xml.Linq.pdbSHA256 source: System.Private.Xml.Linq.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.IO.FileSystem/Release/net8.0-windows/System.IO.FileSystem.pdb source: System.IO.FileSystem.dll.0.dr
        Source: Binary string: System.Console.ni.pdb source: System.Console.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Sockets\Release\net8.0-windows\System.Net.Sockets.pdb source: System.Net.Sockets.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Dynamic.Runtime/Release/net8.0-windows/System.Dynamic.Runtime.pdbSHA256 source: System.Dynamic.Runtime.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Intrinsics\Release\net8.0\System.Runtime.Intrinsics.pdb source: System.Runtime.Intrinsics.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Data.SqlClient/netcoreapp2.1-Windows_NT-Release/System.Data.SqlClient.pdb source: System.Data.SqlClient.dll.0.dr
        Source: Binary string: System.Net.Http.ni.pdb source: System.Net.Http.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Primitives\Release\net8.0\System.Reflection.Primitives.pdbSHA256 source: System.Reflection.Primitives.dll.0.dr
        Source: Binary string: System.IO.FileSystem.AccessControl.ni.pdb source: System.IO.FileSystem.AccessControl.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime\Release\net8.0\System.Runtime.pdb source: System.Runtime.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Private.Xml.Linq\Release\net8.0\System.Private.Xml.Linq.pdb source: System.Private.Xml.Linq.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Net/Release/net8.0-windows/System.Net.pdbSHA256 source: System.Net.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Globalization.Extensions/Release/net8.0-windows/System.Globalization.Extensions.pdbSHA256{= source: System.Globalization.Extensions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Resources.ResourceManager/Release/net8.0-windows/System.Resources.ResourceManager.pdbSHA256: source: System.Resources.ResourceManager.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Permissions/netcoreapp3.0-Release/System.Security.Permissions.pdb source: System.Security.Permissions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.IO.UnmanagedMemoryStream/Release/net8.0-windows/System.IO.UnmanagedMemoryStream.pdbSHA256 source: System.IO.UnmanagedMemoryStream.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.ServicePoint\Release\net8.0\System.Net.ServicePoint.pdb source: System.Net.ServicePoint.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.RegularExpressions\Release\net8.0\System.Text.RegularExpressions.pdb source: System.Text.RegularExpressions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Transactions/Release/net8.0-windows/System.Transactions.pdbSHA256 source: System.Transactions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Runtime.CompilerServices.Unsafe/Release/net8.0-windows/System.Runtime.CompilerServices.Unsafe.pdbSHA256 source: System.Runtime.CompilerServices.Unsafe.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.ReaderWriter\Release\net8.0\System.Xml.ReaderWriter.pdbSHA256I source: System.Xml.ReaderWriter.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.Tracing\Release\net8.0\System.Diagnostics.Tracing.pdbSHA256~\{^ source: System.Diagnostics.Tracing.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Pipes.AccessControl\Release\net8.0-windows\System.IO.Pipes.AccessControl.pdb source: System.IO.Pipes.AccessControl.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Json\Release\net8.0\System.Text.Json.pdb source: System.Text.Json.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Runtime.InteropServices.RuntimeInformation/Release/net8.0-windows/System.Runtime.InteropServices.RuntimeInformation.pdb source: System.Runtime.InteropServices.RuntimeInformation.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Compression.ZipFile\Release\net8.0-windows\System.IO.Compression.ZipFile.pdb source: System.IO.Compression.ZipFile.dll.0.dr
        Source: Binary string: Microsoft.Win32.Registry.ni.pdb source: Microsoft.Win32.Registry.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.TypeExtensions\Release\net8.0\System.Reflection.TypeExtensions.pdb source: System.Reflection.TypeExtensions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/mscorlib/Release/net8.0-windows/mscorlib.pdb source: mscorlib.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System/Release/net8.0-windows/System.pdbSHA2568^ source: System.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Intrinsics\Release\net8.0\System.Runtime.Intrinsics.pdbSHA256 source: System.Runtime.Intrinsics.dll.0.dr
        Source: Binary string: System.Runtime.InteropServices.JavaScript.ni.pdb source: System.Runtime.InteropServices.JavaScript.dll.0.dr
        Source: Binary string: System.Reflection.Metadata.ni.pdb source: System.Reflection.Metadata.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.IO.Compression.FileSystem/Release/net8.0-windows/System.IO.Compression.FileSystem.pdb source: System.IO.Compression.FileSystem.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Overlapped\Release\net8.0\System.Threading.Overlapped.pdbSHA256t source: System.Threading.Overlapped.dll.0.dr
        Source: Binary string: /_/artifacts/obj/EntityFramework.SqlServer/Release/netstandard2.1/EntityFramework.SqlServer.pdb source: EntityFramework.SqlServer.dll.0.dr
        Source: Binary string: System.IO.Compression.Brotli.ni.pdb source: System.IO.Compression.Brotli.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Reflection.Extensions/Release/net8.0-windows/System.Reflection.Extensions.pdbSHA256> source: System.Reflection.Extensions.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.NameResolution\Release\net8.0-windows\System.Net.NameResolution.pdb source: System.Net.NameResolution.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Primitives/Release/net8.0-windows/System.Security.Cryptography.Primitives.pdbSHA256 source: System.Security.Cryptography.Primitives.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XDocument\Release\net8.0\System.Xml.XDocument.pdb source: System.Xml.XDocument.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Xml.XmlDocument/Release/net8.0-windows/System.Xml.XmlDocument.pdbSHA256 source: System.Xml.XmlDocument.dll.0.dr
        Source: Binary string: System.Text.Json.ni.pdb source: System.Text.Json.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.Tracing\Release\net8.0\System.Diagnostics.Tracing.pdb source: System.Diagnostics.Tracing.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.ProtectedData/Release/net8.0/System.Security.Cryptography.ProtectedData.pdbSHA256 source: System.Security.Cryptography.ProtectedData.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.ValueTuple/Release/net8.0-windows/System.ValueTuple.pdbSHA256[ source: System.ValueTuple.dll.0.dr
        Source: Binary string: System.Diagnostics.TextWriterTraceListener.ni.pdb source: System.Diagnostics.TextWriterTraceListener.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Diagnostics.Tools/Release/net8.0-windows/System.Diagnostics.Tools.pdb source: System.Diagnostics.Tools.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Reflection/Release/net8.0-windows/System.Reflection.pdbSHA256r source: System.Reflection.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Threading.Tasks.Extensions/Release/net8.0-windows/System.Threading.Tasks.Extensions.pdb source: System.Threading.Tasks.Extensions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/mscorlib/Release/net8.0-windows/mscorlib.pdbSHA256) source: mscorlib.dll.0.dr
        Source: Binary string: System.Net.WebSockets.Client.ni.pdb source: System.Net.WebSockets.Client.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Xml/Release/net8.0-windows/System.Xml.pdb source: System.Xml.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.ReaderWriter\Release\net8.0\System.Xml.ReaderWriter.pdb source: System.Xml.ReaderWriter.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Tasks.Parallel\Release\net8.0\System.Threading.Tasks.Parallel.pdbSHA256 source: System.Threading.Tasks.Parallel.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit.ILGeneration\Release\net8.0\System.Reflection.Emit.ILGeneration.pdb source: System.Reflection.Emit.ILGeneration.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Threading.Tasks/Release/net8.0-windows/System.Threading.Tasks.pdbSHA256 source: System.Threading.Tasks.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.CodeDom/Release/net8.0/System.CodeDom.pdbSHA256 source: System.CodeDom.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.CSharp\Release\net8.0-windows\Microsoft.CSharp.pdb source: Microsoft.CSharp.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.FileSystem.AccessControl\Release\net8.0-windows\System.IO.FileSystem.AccessControl.pdb source: System.IO.FileSystem.AccessControl.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebSockets\Release\net8.0-windows\System.Net.WebSockets.pdb source: System.Net.WebSockets.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Globalization.Extensions/Release/net8.0-windows/System.Globalization.Extensions.pdb source: System.Globalization.Extensions.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Thread\Release\net8.0\System.Threading.Thread.pdbSHA256 source: System.Threading.Thread.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebClient\Release\net8.0\System.Net.WebClient.pdb source: System.Net.WebClient.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Data/Release/net8.0-windows/System.Data.pdb source: System.Data.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.ObjectModel\Release\net8.0\System.ObjectModel.pdb source: System.ObjectModel.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.TraceSource\Release\net8.0\System.Diagnostics.TraceSource.pdb source: System.Diagnostics.TraceSource.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Globalization/Release/net8.0-windows/System.Globalization.pdbSHA256 source: System.Globalization.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Data.DataSetExtensions/Release/net8.0-windows/System.Data.DataSetExtensions.pdbSHA256X source: System.Data.DataSetExtensions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/netstandard/Release/net8.0-windows/netstandard.pdb source: netstandard.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System/Release/net8.0-windows/System.pdb source: System.dll.0.dr
        Source: Binary string: System.Collections.Immutable.ni.pdb source: System.Collections.Immutable.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.IO/Release/net8.0-windows/System.IO.pdbSHA256 source: System.IO.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.MemoryMappedFiles\Release\net8.0-windows\System.IO.MemoryMappedFiles.pdbSHA2562R4c source: System.IO.MemoryMappedFiles.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Serialization.Formatters\Release\net8.0\System.Runtime.Serialization.Formatters.pdb source: System.Runtime.Serialization.Formatters.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Loader\Release\net8.0\System.Runtime.Loader.pdbSHA256i source: System.Runtime.Loader.dll.0.dr
        Source: Binary string: System.Net.NameResolution.ni.pdb source: System.Net.NameResolution.dll.0.dr
        Source: Binary string: /_/artifacts/obj/netstandard/Release/net8.0-windows/netstandard.pdbSHA256%# source: netstandard.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Data.DataSetExtensions/Release/net8.0-windows/System.Data.DataSetExtensions.pdb source: System.Data.DataSetExtensions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Reflection/Release/net8.0-windows/System.Reflection.pdb source: System.Reflection.dll.0.dr
        Source: Binary string: System.Diagnostics.DiagnosticSource.ni.pdb source: System.Diagnostics.DiagnosticSource.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Numerics.Vectors\Release\net8.0\System.Numerics.Vectors.pdb source: System.Numerics.Vectors.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Linq.Expressions\Release\net8.0\System.Linq.Expressions.pdb source: System.Linq.Expressions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Numerics/Release/net8.0-windows/System.Numerics.pdb source: System.Numerics.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.AppContext/Release/net8.0-windows/System.AppContext.pdbSHA256 source: System.AppContext.dll.0.dr
        Source: Binary string: E:\A\_work\410\s\bin\obj\Windows_NT.x64.Release\Native\sni\Release\sni.pdb source: sni.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Algorithms/Release/net8.0-windows/System.Security.Cryptography.Algorithms.pdbSHA256 source: System.Security.Cryptography.Algorithms.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Tasks.Parallel\Release\net8.0\System.Threading.Tasks.Parallel.pdb source: System.Threading.Tasks.Parallel.dll.0.dr
        Source: Binary string: System.Text.Encodings.Web.ni.pdb source: System.Text.Encodings.Web.dll.0.dr
        Source: Binary string: Microsoft.CSharp.ni.pdb source: Microsoft.CSharp.dll.0.dr
        Source: Binary string: System.Net.WebClient.ni.pdb source: System.Net.WebClient.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Compression\Release\net8.0-windows\System.IO.Compression.pdb source: System.IO.Compression.dll.0.dr
        Source: Binary string: System.Diagnostics.TraceSource.ni.pdb source: System.Diagnostics.TraceSource.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Security.AccessControl\Release\net8.0-windows\System.Security.AccessControl.pdb source: System.Security.AccessControl.dll.0.dr
        Source: Binary string: System.Private.Uri.ni.pdb source: System.Private.Uri.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.IO.FileSystem/Release/net8.0-windows/System.IO.FileSystem.pdbSHA256 source: System.IO.FileSystem.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Globalization/Release/net8.0-windows/System.Globalization.pdb source: System.Globalization.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.IO.FileSystem.Primitives/Release/net8.0-windows/System.IO.FileSystem.Primitives.pdb source: System.IO.FileSystem.Primitives.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.VisualBasic.Core\Release\net8.0-windows\Microsoft.VisualBasic.Core.pdb source: Microsoft.VisualBasic.Core.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Serialization.Primitives\Release\net8.0\System.Runtime.Serialization.Primitives.pdb source: System.Runtime.Serialization.Primitives.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Console\Release\net8.0-windows\System.Console.pdb source: System.Console.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\mscordac\mscordaccore.pdb source: 6kK89mR2aq.exe
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.Win32.Registry\Release\net8.0-windows\Microsoft.Win32.Registry.pdb source: Microsoft.Win32.Registry.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.ServiceProcess.ServiceController/Release/net8.0-windows/System.ServiceProcess.ServiceController.pdb source: System.ServiceProcess.ServiceController.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.DiagnosticSource\Release\net8.0\System.Diagnostics.DiagnosticSource.pdb source: System.Diagnostics.DiagnosticSource.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.OpenSsl/Release/net8.0-windows/System.Security.Cryptography.OpenSsl.pdb source: System.Security.Cryptography.OpenSsl.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Threading.Tasks/Release/net8.0-windows/System.Threading.Tasks.pdb source: System.Threading.Tasks.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Diagnostics.EventLog/Release/net8.0-windows/System.Diagnostics.EventLog.pdbSHA256 source: System.Diagnostics.EventLog.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Primitives\Release\net8.0\System.Reflection.Primitives.pdb source: System.Reflection.Primitives.dll.0.dr
        Source: Binary string: System.Runtime.CompilerServices.VisualC.ni.pdb source: System.Runtime.CompilerServices.VisualC.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Algorithms/Release/net8.0-windows/System.Security.Cryptography.Algorithms.pdb source: System.Security.Cryptography.Algorithms.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Encoding.Extensions\Release\net8.0\System.Text.Encoding.Extensions.pdbSHA2560 source: System.Text.Encoding.Extensions.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Encoding.CodePages\Release\net8.0-windows\System.Text.Encoding.CodePages.pdb source: System.Text.Encoding.CodePages.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Primitives/Release/net8.0-windows/System.Security.Cryptography.Primitives.pdb source: System.Security.Cryptography.Primitives.dll.0.dr
        Source: Binary string: System.IO.Compression.ni.pdb source: System.IO.Compression.dll.0.dr
        Source: Binary string: System.Security.Cryptography.ni.pdb source: System.Security.Cryptography.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.Contracts\Release\net8.0\System.Diagnostics.Contracts.pdb source: System.Diagnostics.Contracts.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.AppContext/Release/net8.0-windows/System.AppContext.pdb source: System.AppContext.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.SecureString/Release/net8.0-windows/System.Security.SecureString.pdbSHA256NX source: System.Security.SecureString.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.OpenSsl/Release/net8.0-windows/System.Security.Cryptography.OpenSsl.pdbSHA256 source: System.Security.Cryptography.OpenSsl.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Data.Common\Release\net8.0\System.Data.Common.pdb source: System.Data.Common.dll.0.dr
        Source: Binary string: System.Net.Requests.ni.pdb source: System.Net.Requests.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Encoding/Release/net8.0-windows/System.Security.Cryptography.Encoding.pdbSHA256#5 source: System.Security.Cryptography.Encoding.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Drawing.Common/netcoreapp3.0-Windows_NT-Release/System.Drawing.Common.pdbSHA256 source: System.Drawing.Common.dll.0.dr
        Source: Binary string: System.Text.Encoding.CodePages.ni.pdb source: System.Text.Encoding.CodePages.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\Corehost.Static\singlefilehost.pdb source: 6kK89mR2aq.exe
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Encodings.Web\Release\net8.0\System.Text.Encodings.Web.pdb source: System.Text.Encodings.Web.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Http\Release\net8.0-windows\System.Net.Http.pdb source: System.Net.Http.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Xml.XmlDocument/Release/net8.0-windows/System.Xml.XmlDocument.pdb source: System.Xml.XmlDocument.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit.ILGeneration\Release\net8.0\System.Reflection.Emit.ILGeneration.pdbSHA256 source: System.Reflection.Emit.ILGeneration.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.ComponentModel.Primitives\Release\net8.0\System.ComponentModel.Primitives.pdb source: System.ComponentModel.Primitives.dll.0.dr
        Source: Binary string: System.Security.AccessControl.ni.pdb source: System.Security.AccessControl.dll.0.dr
        Source: Binary string: System.IO.FileSystem.Watcher.ni.pdb source: System.IO.FileSystem.Watcher.dll.0.dr
        Source: Binary string: /_/artifacts/obj/Microsoft.Win32.SystemEvents/netcoreapp3.0-Windows_NT-Release/Microsoft.Win32.SystemEvents.pdbSHA256 source: Microsoft.Win32.SystemEvents.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Configuration/Release/net8.0-windows/System.Configuration.pdbSHA256 source: System.Configuration.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Buffers/Release/net8.0-windows/System.Buffers.pdb source: System.Buffers.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Threading.Tasks.Extensions/Release/net8.0-windows/System.Threading.Tasks.Extensions.pdbSHA256% source: System.Threading.Tasks.Extensions.dll.0.dr
        Source: Binary string: /_/artifacts/obj/System.Runtime.Serialization/Release/net8.0-windows/System.Runtime.Serialization.pdbSHA256 source: System.Runtime.Serialization.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Mail\Release\net8.0-windows\System.Net.Mail.pdbSHA256S source: System.Net.Mail.dll.0.dr
        Source: Binary string: System.Data.Common.ni.pdb source: System.Data.Common.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Encoding.Extensions\Release\net8.0\System.Text.Encoding.Extensions.pdb source: System.Text.Encoding.Extensions.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.Win32.Primitives\Release\net8.0\Microsoft.Win32.Primitives.pdbSHA256%B source: Microsoft.Win32.Primitives.dll.0.dr
        Source: Binary string: System.Net.Primitives.ni.pdb source: System.Net.Primitives.dll.0.dr
        Source: 6kK89mR2aq.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
        Source: 6kK89mR2aq.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
        Source: 6kK89mR2aq.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
        Source: 6kK89mR2aq.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
        Source: 6kK89mR2aq.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
        Source: System.Runtime.Intrinsics.dll.0.drStatic PE information: 0xE6058D7B [Tue Apr 15 18:46:19 2092 UTC]
        Source: 6kK89mR2aq.exeStatic PE information: section name: .CLR_UEF
        Source: 6kK89mR2aq.exeStatic PE information: section name: .didat
        Source: 6kK89mR2aq.exeStatic PE information: section name: Section
        Source: 6kK89mR2aq.exeStatic PE information: section name: _RDATA
        Source: Microsoft.VisualBasic.Core.dll.0.drStatic PE information: section name: .text entropy: 6.80183570521227
        Source: System.Collections.Concurrent.dll.0.drStatic PE information: section name: .text entropy: 6.831761822928079
        Source: System.Text.Encoding.CodePages.dll.0.drStatic PE information: section name: .text entropy: 7.522718183898096
        Source: System.Text.RegularExpressions.dll.0.drStatic PE information: section name: .text entropy: 6.876591681699572
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Core.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Numerics.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Reflection.Emit.Lightweight.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.Serialization.Formatters.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Threading.Overlapped.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Drawing.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Xml.Linq.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Reflection.DispatchProxy.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.Http.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.EventLog.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Threading.Tasks.Dataflow.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.EventLog.Messages.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Linq.Queryable.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.HttpListener.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Resources.Reader.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.Cryptography.Csp.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.TextWriterTraceListener.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Reflection.Primitives.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.Principal.Windows.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.Process.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.WebClient.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Data.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.ComponentModel.EventBasedAsync.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.Compression.FileSystem.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Xml.Serialization.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.Http.Json.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.Debug.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.Pipes.AccessControl.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Reflection.Emit.ILGeneration.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Globalization.Calendars.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.FileVersionInfo.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.IsolatedStorage.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.WebHeaderCollection.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.ValueTuple.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.Cryptography.ProtectedData.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\SQLite.Interop.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Private.CoreLib.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.Claims.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\sni.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.Serialization.Xml.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Threading.Tasks.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Resources.ResourceManager.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.WebProxy.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.Compression.Brotli.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\oke.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.NameResolution.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.Cryptography.OpenSsl.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Transactions.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.FileSystem.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Text.Encoding.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.FileSystem.Primitives.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.Primitives.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Threading.Tasks.Extensions.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Globalization.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Globalization.Extensions.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.AccessControl.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Threading.Thread.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\Microsoft.Win32.SystemEvents.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\netstandard.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\Microsoft.VisualBasic.Core.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Windows.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.TraceSource.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Data.SQLite.EF6.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.ServiceProcess.ServiceController.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.Loader.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.ServicePoint.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.WebSockets.Client.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.Handles.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.InteropServices.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Xml.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.CompilerServices.VisualC.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.Pipes.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Data.DataSetExtensions.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.Cryptography.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.AppContext.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Dynamic.Runtime.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.Serialization.Json.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Text.Encoding.CodePages.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Collections.Concurrent.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Linq.Parallel.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.FileSystem.DriveInfo.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.ComponentModel.Annotations.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Data.SQLite.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Threading.ThreadPool.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Private.DataContractSerialization.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.ComponentModel.TypeConverter.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Collections.Immutable.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.ComponentModel.Primitives.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\EntityFramework.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Data.SqlClient.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\Microsoft.Win32.Registry.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.Compression.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.Cryptography.Encoding.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.FileSystem.Watcher.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.ObjectModel.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Web.HttpUtility.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.UnmanagedMemoryStream.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.Principal.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.Security.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.ServiceProcess.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Private.Uri.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.Tracing.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Text.Encodings.Web.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.StackTrace.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.ComponentModel.DataAnnotations.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Linq.Expressions.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.CodeDom.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.Quic.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.Intrinsics.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.Ping.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.Requests.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\Newtonsoft.Json.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Drawing.Primitives.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Xml.ReaderWriter.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Linq.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Windows.Extensions.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\WindowsBase.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Xml.XPath.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Reflection.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.Extensions.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Private.Xml.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.Mail.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.NetworkInformation.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.InteropServices.JavaScript.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Management.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Numerics.Vectors.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.Contracts.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Resources.Writer.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.FileSystem.AccessControl.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Reflection.Extensions.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.Cryptography.Algorithms.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Reflection.Emit.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.DiagnosticSource.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.Cryptography.Cng.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Text.Json.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Formats.Asn1.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.ComponentModel.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Reflection.TypeExtensions.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Xml.XDocument.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.MemoryMappedFiles.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Formats.Tar.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Drawing.Common.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\EntityFramework.SqlServer.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Threading.Channels.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.WebSockets.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Memory.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Threading.Timer.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Reflection.Metadata.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.Cryptography.X509Certificates.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.Compression.ZipFile.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.Serialization.Primitives.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Buffers.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Collections.Specialized.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Threading.Tasks.Parallel.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\mscorlib.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Configuration.ConfigurationManager.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Data.Common.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Text.Encoding.Extensions.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Collections.NonGeneric.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Xml.XmlSerializer.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.Cryptography.Primitives.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Console.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.Sockets.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Xml.XmlDocument.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Private.Xml.Linq.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.SecureString.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Web.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\Microsoft.CSharp.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Text.RegularExpressions.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Transactions.Local.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.Permissions.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.ServiceModel.Web.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\Microsoft.VisualBasic.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Collections.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Configuration.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.Tools.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Xml.XPath.XDocument.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.Numerics.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Threading.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\Microsoft.Win32.Primitives.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile created: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.Serialization.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeMemory allocated: 2054F660000 memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeWindow / User API: threadDelayed 527Jump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeWindow / User API: threadDelayed 986Jump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeWindow / User API: threadDelayed 3447Jump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Numerics.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Core.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Reflection.Emit.Lightweight.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.Serialization.Formatters.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Threading.Overlapped.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Drawing.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Xml.Linq.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Reflection.DispatchProxy.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.EventLog.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.Http.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.EventLog.Messages.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Threading.Tasks.Dataflow.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Linq.Queryable.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.HttpListener.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Resources.Reader.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Reflection.Primitives.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.Cryptography.Csp.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.TextWriterTraceListener.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.Principal.Windows.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.Process.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.WebClient.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Data.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.ComponentModel.EventBasedAsync.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.Compression.FileSystem.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Xml.Serialization.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.Http.Json.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.Debug.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Reflection.Emit.ILGeneration.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.Pipes.AccessControl.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Globalization.Calendars.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.WebHeaderCollection.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.IsolatedStorage.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.FileVersionInfo.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.ValueTuple.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\SQLite.Interop.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.Cryptography.ProtectedData.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Private.CoreLib.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.Claims.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\sni.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.Serialization.Xml.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Resources.ResourceManager.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Threading.Tasks.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.WebProxy.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.Compression.Brotli.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\oke.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.NameResolution.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.Cryptography.OpenSsl.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Transactions.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.FileSystem.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.Primitives.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Text.Encoding.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.FileSystem.Primitives.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Threading.Tasks.Extensions.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Globalization.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Globalization.Extensions.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.AccessControl.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Threading.Thread.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\Microsoft.Win32.SystemEvents.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\netstandard.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\Microsoft.VisualBasic.Core.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Windows.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.TraceSource.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.ServiceProcess.ServiceController.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Data.SQLite.EF6.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.Loader.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.ServicePoint.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.WebSockets.Client.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.Handles.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.InteropServices.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Xml.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.CompilerServices.VisualC.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.Pipes.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.AppContext.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Dynamic.Runtime.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Data.DataSetExtensions.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.Cryptography.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Text.Encoding.CodePages.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.Serialization.Json.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Linq.Parallel.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Collections.Concurrent.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.FileSystem.DriveInfo.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.ComponentModel.Annotations.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Data.SQLite.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Private.DataContractSerialization.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Threading.ThreadPool.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.ComponentModel.TypeConverter.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Collections.Immutable.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Data.SqlClient.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.ComponentModel.Primitives.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\EntityFramework.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\Microsoft.Win32.Registry.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.Compression.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.Cryptography.Encoding.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.FileSystem.Watcher.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.ObjectModel.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Web.HttpUtility.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.UnmanagedMemoryStream.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.Principal.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.Security.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.ServiceProcess.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Private.Uri.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.Tracing.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Text.Encodings.Web.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.StackTrace.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.ComponentModel.DataAnnotations.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Linq.Expressions.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.CodeDom.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.Quic.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.Requests.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.Intrinsics.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.Ping.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\Newtonsoft.Json.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Drawing.Primitives.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Xml.ReaderWriter.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Linq.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Windows.Extensions.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\WindowsBase.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Xml.XPath.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Reflection.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.Extensions.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Private.Xml.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.InteropServices.JavaScript.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.NetworkInformation.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.Mail.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Management.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Numerics.Vectors.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.Contracts.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Resources.Writer.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Reflection.Extensions.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.FileSystem.AccessControl.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Reflection.Emit.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.Cryptography.Algorithms.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.DiagnosticSource.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Formats.Asn1.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.Cryptography.Cng.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Text.Json.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.ComponentModel.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Reflection.TypeExtensions.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Xml.XDocument.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.MemoryMappedFiles.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Drawing.Common.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Formats.Tar.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\EntityFramework.SqlServer.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.WebSockets.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Threading.Channels.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Memory.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Threading.Timer.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Reflection.Metadata.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.Compression.ZipFile.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.Cryptography.X509Certificates.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.Serialization.Primitives.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Buffers.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Collections.Specialized.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Threading.Tasks.Parallel.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Configuration.ConfigurationManager.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\mscorlib.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Data.Common.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Collections.NonGeneric.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Xml.XmlSerializer.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Text.Encoding.Extensions.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.Cryptography.Primitives.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Console.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.Sockets.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Xml.XmlDocument.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Private.Xml.Linq.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.SecureString.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Web.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\Microsoft.CSharp.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Transactions.Local.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Text.RegularExpressions.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.Permissions.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.ServiceModel.Web.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\Microsoft.VisualBasic.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Collections.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Xml.XPath.XDocument.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Configuration.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.Tools.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Threading.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.Numerics.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\Microsoft.Win32.Primitives.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.Serialization.dllJump to dropped file
        Source: C:\Users\user\Desktop\6kK89mR2aq.exe TID: 7704Thread sleep count: 175 > 30Jump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exe TID: 7704Thread sleep count: 43 > 30Jump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exe TID: 7712Thread sleep count: 169 > 30Jump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exe TID: 7684Thread sleep count: 49 > 30Jump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exe TID: 7716Thread sleep count: 148 > 30Jump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exe TID: 7700Thread sleep count: 527 > 30Jump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exe TID: 7716Thread sleep count: 108 > 30Jump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exe TID: 7700Thread sleep count: 986 > 30Jump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exe TID: 7700Thread sleep count: 3447 > 30Jump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exe TID: 7680Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: 6kK89mR2aq.exe, 00000000.00000003.2063114868.000002055303D000.00000004.00000020.00020000.00000000.sdmp, 6kK89mR2aq.exe, 00000000.00000003.2259857092.000002055302F000.00000004.00000020.00020000.00000000.sdmp, 6kK89mR2aq.exe, 00000000.00000003.1883590100.000002055303D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll8
        Source: chrome.exe, 00000001.00000002.2028000984.0000026A4A5CE000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2254610618.000001C71402B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeMemory allocated: page read and write | page guardJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9577 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000Jump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9414 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000Jump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Stealing of Sensitive Information

        barindex
        Tries to harvest and steal browser information (history, passwords, etc)
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shmJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-walJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDirectory queried: C:\Users\user\Documents\DVWHKMNFNNJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDirectory queried: C:\Users\user\Documents\HTAGVDFUIEJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDirectory queried: C:\Users\Public\Documents\638724339740296301\FilesJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDirectory queried: C:\Users\Public\Documents\638724339740296301\Files\DJump to behavior
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeDirectory queried: C:\Users\Public\Documents\638724339740296301\Files\DJump to behavior

        Remote Access Functionality

        barindex
        Attempt to bypass Chrome Application-Bound Encryption
        Source: C:\Users\user\Desktop\6kK89mR2aq.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9577 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
        Command and Scripting Interpreter        		1
        DLL Side-Loading        		11
        Process Injection        		1
        Masquerading        		1
        OS Credential Dumping        		1
        Security Software Discovery        		Remote Services11
        Data from Local System        		1
        Encrypted Channel        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
        DLL Side-Loading        		1
        Disable or Modify Tools        		LSASS Memory1
        Process Discovery        		Remote Desktop ProtocolData from Removable Media1
        Remote Access Software        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)31
        Virtualization/Sandbox Evasion        		Security Account Manager31
        Virtualization/Sandbox Evasion        		SMB/Windows Admin SharesData from Network Shared Drive1
        Ingress Tool Transfer        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
        Process Injection        		NTDS1
        Application Window Discovery        		Distributed Component Object ModelInput Capture2
        Non-Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Obfuscated Files or Information        		LSA Secrets1
        File and Directory Discovery        		SSHKeylogging3
        Application Layer Protocol        		Scheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
        Software Packing        		Cached Domain Credentials2
        System Information Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
        Timestomp        		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
        DLL Side-Loading        		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        6kK89mR2aq.exe38%VirustotalBrowse
        6kK89mR2aq.exe45%ReversingLabsWin64.Trojan.Giant

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\EntityFramework.SqlServer.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\EntityFramework.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\Microsoft.CSharp.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\Microsoft.VisualBasic.Core.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\Microsoft.VisualBasic.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\Microsoft.Win32.Primitives.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\Microsoft.Win32.Registry.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\Microsoft.Win32.SystemEvents.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\Newtonsoft.Json.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\SQLite.Interop.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.AppContext.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Buffers.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.CodeDom.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Collections.Concurrent.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Collections.Immutable.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Collections.NonGeneric.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Collections.Specialized.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Collections.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.ComponentModel.Annotations.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.ComponentModel.DataAnnotations.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.ComponentModel.EventBasedAsync.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.ComponentModel.Primitives.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.ComponentModel.TypeConverter.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.ComponentModel.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Configuration.ConfigurationManager.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Configuration.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Console.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Core.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Data.Common.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Data.DataSetExtensions.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Data.SQLite.EF6.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Data.SQLite.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Data.SqlClient.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Data.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.Contracts.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.Debug.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.DiagnosticSource.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.EventLog.Messages.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.EventLog.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.FileVersionInfo.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.Process.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.StackTrace.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.TextWriterTraceListener.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.Tools.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.TraceSource.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.Tracing.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Drawing.Common.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Drawing.Primitives.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Drawing.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Dynamic.Runtime.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Formats.Asn1.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Formats.Tar.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Globalization.Calendars.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Globalization.Extensions.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Globalization.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.Compression.Brotli.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.Compression.FileSystem.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.Compression.ZipFile.dll0%ReversingLabs

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        http://anglebug.com/3625_0%Avira URL Cloudsafe
        http://anglebug.com/7036RT0%Avira URL Cloudsafe
        http://anglebug.com/6651eup.0%Avira URL Cloudsafe
        http://anglebug.com/3502eup.0%Avira URL Cloudsafe
        http://anglebug.com/5906_0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        api.ipify.org
        		172.67.74.152
        		truefalse
          		high
          ip-api.com
          		208.95.112.1
          		truefalse
            		high

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://anglebug.com/7036RTchrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://github.com/mono/linker/issues/1731Microsoft.VisualBasic.Core.dll.0.drfalse
              		high
              http://anglebug.com/6651chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                https://anglebug.com/6574chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  https://anglebug.com/4830chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    http://anglebug.com/6651eup.chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://aka.ms/dotnet/info6kK89mR2aq.exefalse
                      		high
                      http://anglebug.com/2970chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://anglebug.com/4633chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://anglebug.com/7382chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://issuetracker.google.com/284462263msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.chambersign.org1msedge.exe, 00000007.00000002.2256933317.00005F8800058000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://aka.ms/dotnet/app-launch-failed6kK89mR2aq.exefalse
                                  		high
                                  http://anglebug.com/3625_msedge.exe, 00000007.00000002.2258013049.00005F8800280000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://anglebug.com/8162chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://anglebug.com/8280chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://issuetracker.google.com/220069903msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://anglebug.com/7308chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://anglebug.com/2162chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://anglebug.com/7714chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://anglebug.com/5430chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://anglebug.com/4901chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://anglebug.com/3498chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://anglebug.com/6248chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://anglebug.com/6929chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://www.sqlite.org/lang_corefunc.htmlSystem.Data.SQLite.EF6.dll.0.drfalse
                                                          		high
                                                          http://anglebug.com/5281chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://anglebug.com/4966chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://anglebug.com/7319chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://issuetracker.google.com/255411748msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://anglebug.com/5421msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://anglebug.com/7047chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://anglebug.com/7246chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://anglebug.com/7369chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://anglebug.com/7489chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://issuetracker.google.com/274859104msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://aka.ms/dotnet/download%s%sInstall6kK89mR2aq.exefalse
                                                                                		high
                                                                                http://anglebug.com/6878chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://anglebug.com/6755chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://anglebug.com/6876chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://anglebug.com/7724chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://github.com/dotnet/runtimen;System.Transactions.dll.0.drfalse
                                                                                          		high
                                                                                          https://issuetracker.google.com/161903006msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://anglebug.com/7172chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://github.com/dotnet/runtimetSystem.Buffers.dll.0.dr, System.Security.Cryptography.Algorithms.dll.0.drfalse
                                                                                                		high
                                                                                                https://github.com/dotnet/runtimeoSystem.Globalization.dll.0.drfalse
                                                                                                  		high
                                                                                                  https://anglebug.com/7899chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://anglebug.com/7279chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://anglebug.com/3078chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://anglebug.com/7036chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://anglebug.com/7553chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://anglebug.com/5375chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://anglebug.com/6860chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://www.catcert.net/verarrelmsedge.exe, 00000007.00000002.2257333645.00005F88000E0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://anglebug.com/5371chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://aka.ms/dotnet/sdk-not-foundProbing6kK89mR2aq.exefalse
                                                                                                                      		high
                                                                                                                      http://anglebug.com/4722chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://anglebug.com/5658chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://anglebug.com/5535chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://anglebug.com/4324chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://anglebug.com/5906_msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              http://anglebug.com/7556chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://github.com/dotnet/runtimeMYSystem.ValueTuple.dll.0.drfalse
                                                                                                                                  		high
                                                                                                                                  https://issuetracker.google.com/187425444msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://aka.ms/dotnet/download6kK89mR2aq.exefalse
                                                                                                                                      		high
                                                                                                                                      http://html4/loose.dtd6kK89mR2aq.exefalse
                                                                                                                                        		high
                                                                                                                                        http://anglebug.com/3584chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://github.com/dotnet/runtime=System.Resources.ResourceManager.dll.0.drfalse
                                                                                                                                            		high
                                                                                                                                            http://anglebug.com/3502eup.chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                            		unknown
                                                                                                                                            http://anglebug.com/4551chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://anglebug.com/5881chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://anglebug.com/6692chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://github.com/mono/linker/pull/2125.System.Linq.Expressions.dll.0.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://issuetracker.google.com/258207403msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://issuetracker.google.com/253522366msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://anglebug.com/3502chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://anglebug.com/3623msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://anglebug.com/3625msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://anglebug.com/3624msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://anglebug.com/3586chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://anglebug.com/5007chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://github.com/dotnet/runtimeASystem.Security.Cryptography.Encoding.dll.0.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://anglebug.com/3862chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://issuetracker.google.com/184850002msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://anglebug.com/4836chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://issuetracker.google.com/issues/166475273msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://.css6kK89mR2aq.exefalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://aka.ms/dotnet-core-applaunch?6kK89mR2aq.exefalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://anglebug.com/5845chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://github.com/dotnet/runtimeSystem.Xml.XmlSerializer.dll.0.dr, System.Reflection.Emit.Lightweight.dll.0.dr, System.Buffers.dll.0.dr, System.Runtime.Serialization.dll.0.dr, System.Reflection.TypeExtensions.dll.0.dr, System.Dynamic.Runtime.dll.0.dr, System.ComponentModel.Primitives.dll.0.dr, System.Diagnostics.Tracing.dll.0.dr, System.Threading.Tasks.Parallel.dll.0.dr, System.Diagnostics.TextWriterTraceListener.dll.0.dr, System.Text.Encodings.Web.dll.0.dr, System.IO.Compression.ZipFile.dll.0.dr, System.Runtime.Serialization.Primitives.dll.0.dr, System.Runtime.InteropServices.RuntimeInformation.dll.0.dr, System.Runtime.InteropServices.dll.0.dr, System.Security.Cryptography.ProtectedData.dll.0.dr, System.Configuration.dll.0.dr, System.Security.Cryptography.Algorithms.dll.0.dr, System.Resources.ResourceManager.dll.0.dr, System.Threading.dll.0.dr, System.ServiceProcess.ServiceController.dll.0.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://anglebug.com/5750chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://anglebug.com/4384chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://anglebug.com/6048chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://anglebug.com/3452chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://anglebug.com/6041chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://aka.ms/dotnet-warnings/System.Security.Cryptography.dll.0.dr, Microsoft.VisualBasic.Core.dll.0.dr, System.Net.WebClient.dll.0.dr, System.Net.Primitives.dll.0.dr, System.Runtime.Serialization.Formatters.dll.0.dr, System.Data.Common.dll.0.dr, System.Linq.Expressions.dll.0.drfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://github.com/dotnet/runtimedSystem.Security.SecureString.dll.0.drfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://anglebug.com/4428chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://anglebug.com/3970chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://anglebug.com/8229chrome.exe, 00000001.00000003.1816842614.00005254001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2030131841.0000525400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.2029498897.000052540000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2258179174.00005F88002D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000002.2257963951.00005F8800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000007.00000003.2035177248.00005F88002C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high

                                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                                                          Public IPs

                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                          208.95.112.1
                                                                                                                                                                                                          		ip-api.comUnited States
                                                                                                                                                                                                          		53334TUT-ASUSfalse
                                                                                                                                                                                                          172.67.74.152
                                                                                                                                                                                                          		api.ipify.orgUnited States
                                                                                                                                                                                                          		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                                          Private

                                                                                                                                                                                                          IP
                                                                                                                                                                                                          127.0.0.1

                                                                                                                                                                                                          General Information

                                                                                                                                                                                                          Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                                          Analysis ID:1590649
                                                                                                                                                                                                          Start date and time:2025-01-14 12:45:11 +01:00
                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                          Overall analysis duration:0h 7m 50s
                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                          Number of analysed new started processes analysed:10
                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                          Sample name:6kK89mR2aq.exe
                                                                                                                                                                                                          renamed because original name is a hash value
                                                                                                                                                                                                          Original Sample Name:a5e9ab2933afc9101a7820d86782f4c53e7acf184b826fd6f2a00d2b783a8bdd.exe
                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                          Classification:mal72.troj.spyw.winEXE@13/198@2/3
                                                                                                                                                                                                          EGA Information:Failed
                                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                                                                                          • Number of executed functions: 0
                                                                                                                                                                                                          • Number of non-executed functions: 0
                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                          • Found application associated with file extension: .exe

                                                                                                                                                                                                          Warnings

                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 184.28.90.27, 4.175.87.197, 13.107.246.45
                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                                          Simulations

                                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                                          No simulations

                                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                                          IPs

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          208.95.112.1#U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • ip-api.com/json/8.46.123.189
                                                                                                                                                                                                          rordendecompra_.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                          • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                          findme.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                                          • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                          tasAgNgjbJ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • ip-api.com/json/?fields=61439
                                                                                                                                                                                                          Solara.exeGet hashmaliciousPython Stealer, Exela Stealer, XmrigBrowse
                                                                                                                                                                                                          • ip-api.com/json
                                                                                                                                                                                                          resembleC2.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                                                                                                                                                                                                          • ip-api.com/json/?fields=225545
                                                                                                                                                                                                          F0DgoRk0p1.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                          • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                          fpY3HP2cnH.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                          • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                          4287eV6mBc.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                          • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                          aik1mr9TOq.exeGet hashmaliciousPredatorBrowse
                                                                                                                                                                                                          • ip-api.com/json/
                                                                                                                                                                                                          172.67.74.152jgbC220X2U.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • api.ipify.org/?format=text
                                                                                                                                                                                                          malware.exeGet hashmaliciousTargeted Ransomware, TrojanRansomBrowse
                                                                                                                                                                                                          • api.ipify.org/
                                                                                                                                                                                                          Simple1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • api.ipify.org/
                                                                                                                                                                                                          Simple2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • api.ipify.org/
                                                                                                                                                                                                          systemConfigChecker.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • api.ipify.org/
                                                                                                                                                                                                          systemConfigChecker.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • api.ipify.org/
                                                                                                                                                                                                          2b7cu0KwZl.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • api.ipify.org/
                                                                                                                                                                                                          Zc9eO57fgF.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • api.ipify.org/
                                                                                                                                                                                                          67065b4c84713_Javiles.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                                                                                                                                          • api.ipify.org/
                                                                                                                                                                                                          Yc9hcFC1ux.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • api.ipify.org/

                                                                                                                                                                                                          Domains

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          ip-api.com#U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                          rordendecompra_.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                          findme.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                          tasAgNgjbJ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                          Solara.exeGet hashmaliciousPython Stealer, Exela Stealer, XmrigBrowse
                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                          resembleC2.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                          F0DgoRk0p1.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                          fpY3HP2cnH.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                          4287eV6mBc.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                          aik1mr9TOq.exeGet hashmaliciousPredatorBrowse
                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                          api.ipify.org#U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 104.26.13.205
                                                                                                                                                                                                          009.vbeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                          • 104.26.12.205
                                                                                                                                                                                                          http://bebizicon.com/Campususa/index.xml#?email=b2xpdmllci5kb3phdEBpbm5vY2FwLmNvbQ==Get hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                                                                                                                                                          • 172.67.74.152
                                                                                                                                                                                                          https://runescape.games/usernames.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 104.26.13.205
                                                                                                                                                                                                          rRef6010273.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                          • 172.67.74.152
                                                                                                                                                                                                          invnoIL438805.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                          • 172.67.74.152
                                                                                                                                                                                                          Shipping Docs Waybill No 2009 xxxx 351.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                          • 104.26.13.205
                                                                                                                                                                                                          rCHARTERREQUEST.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                          • 104.26.12.205
                                                                                                                                                                                                          http://clumsy-sulky-helium.glitch.me/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 104.26.12.205
                                                                                                                                                                                                          gem1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                                                                          • 104.26.13.205

                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          TUT-ASUS#U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                          rordendecompra_.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                          findme.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                          tasAgNgjbJ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                          Solara.exeGet hashmaliciousPython Stealer, Exela Stealer, XmrigBrowse
                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                          resembleC2.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                          F0DgoRk0p1.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                          fpY3HP2cnH.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                          4287eV6mBc.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                          aik1mr9TOq.exeGet hashmaliciousPredatorBrowse
                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                          CLOUDFLARENETUS#U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 104.26.13.205
                                                                                                                                                                                                          http://www.pentamx.com/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                                                                          • 1.1.1.1
                                                                                                                                                                                                          PO 2025918 pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                          ABG Draft.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                          • 104.21.64.1
                                                                                                                                                                                                          RENH3RE2025QUOTE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                          • 104.21.80.1
                                                                                                                                                                                                          https://web.oncentrl.com/#/index/action?entityType=PUBLISHEDQUESTIONNAIRE&entityId=134955&actionType=PUBLISH&context=CLIENT_MGMT&recieverUserInfoId=68822Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 104.17.25.14
                                                                                                                                                                                                          random.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                          • 104.21.96.1
                                                                                                                                                                                                          https://akirapowered84501.emlnk.com/lt.php?x=3DZy~GDLVnab5KCs-Nu4WOae1qEoiN9xvxk1XaPMVXahD5B9-Uy.xuG-142imNHGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 104.17.205.31
                                                                                                                                                                                                          https://clients.dedicatedservicesusa.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 1.1.1.1
                                                                                                                                                                                                          Scanned-IMGS_from NomanGroup IDT.scr.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                          • 104.21.3.193

                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          3b5074b1b5d032e5620f69f9f700ff0e#U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 172.67.74.152
                                                                                                                                                                                                          pdf_2025 QUOTATION - #202401146778.pdf (83kb).com.exeGet hashmaliciousPureLog Stealer, QuasarBrowse
                                                                                                                                                                                                          • 172.67.74.152
                                                                                                                                                                                                          12.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 172.67.74.152
                                                                                                                                                                                                          https://cys-bombasml.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 172.67.74.152
                                                                                                                                                                                                          UoEDaAjHGW.exeGet hashmaliciousPureLog Stealer, QuasarBrowse
                                                                                                                                                                                                          • 172.67.74.152
                                                                                                                                                                                                          009.vbeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                          • 172.67.74.152
                                                                                                                                                                                                          RFQ.exeGet hashmaliciousQuasar, PureLog StealerBrowse
                                                                                                                                                                                                          • 172.67.74.152
                                                                                                                                                                                                          PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                          • 172.67.74.152
                                                                                                                                                                                                          https://performancemanager10.successfactors.com/sf/hrisworkflowapprovelink?workflowRequestId=V4-0-a1-iHQRWD3bQis7XhhWNKzjfWwnvURbEsN0CxUc27Zt3ml0ag&company=oceanagoldT2&username=dave.oliver@oceanagold.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 172.67.74.152
                                                                                                                                                                                                          https://imtcoken.im/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 172.67.74.152

                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\Microsoft.CSharp.dllPDF-523.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                            pkt1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              dr0p.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                http://23.27.51.244/dr0p.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\EntityFramework.dllConsole.dll.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\EntityFramework.SqlServer.dllConsole.dll.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                                      C:\Users\Public\Documents\638724339740296301\Browser\Firefox\fqs92o4p.default-release\Cookies.json

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Reputation:high, very likely benign file
                                                                                                                                                                                                                      Preview:[]

                                                                                                                                                                                                                      C:\Users\Public\Documents\638724339740296301\Default_LoginDataTemp.db

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):40960
                                                                                                                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Reputation:high, very likely benign file
                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\Public\Documents\638724339740296301\Files\D\hwcompat.txt

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):751624
                                                                                                                                                                                                                      Entropy (8bit):4.941596949315087
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:5CgixLwQcUHW0tKouM4kD+nRzkSv9N+VYuhras4V:AgixLIUHW0tK7MmkSv9w/tas4
                                                                                                                                                                                                                      MD5:FBF37B8B1EE4640B1C470F2F07A80E4A
                                                                                                                                                                                                                      SHA1:B239C5499FA63D397C3DD35A7F605CE86D91B44B
                                                                                                                                                                                                                      SHA-256:E21DB717F31F9465420E6354BAA5AFAEAA3521DEB885ED46BC90530AEE9FFD20
                                                                                                                                                                                                                      SHA-512:F9439E2D7B63825FE812EE380F1EF8B277D50EED706B6ABE4B8563423891FF425A00083E88626084EE493376F1DA742ECD73B6B5F892E001C4F9048C7D3AC36C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                      Preview:HwCompat V4....1394.inf:..PCI\CC_0C0010..PCI\VEN_10CF&CC_0C0010..PCI\VEN_11C1&CC_0C0010..PCI\VEN_100B&DEV_000F..PCI\VEN_100B&CC_0C0010..PCI\VEN_1033&DEV_0063..PCI\VEN_1033&CC_0C0010..PCI\VEN_1180&CC_0C0010..PCI\VEN_104D&DEV_8039..PCI\VEN_104D&DEV_8039&REV_03..PCI\VEN_104C&DEV_8009..PCI\VEN_104C&DEV_8019..PCI\VEN_104C&CC_0C0010..PCI\VEN_104C&DEV_8009&SUBSYS_8032104D..PCI\VEN_1106&DEV_3044..PCI\VEN_1106&CC_0C0010....3ware.inf:..PCI\VEN_13C1&DEV_1010&SUBSYS_000113C1....55fpgafirmware.inf:..UEFI\RES_{C907D5F6-BBE9-47EE-B76B-5E28C7F9FC63}....55niosfirmware.inf:..UEFI\RES_{06B75ADA-B0E1-46BA-BB3B-4D6E4A0F2CB1}....55smcappfirmware.inf:..UEFI\RES_{364D032C-0041-48A6-A26F-62388D97FC6C}....55smcbootfirmware.inf:..UEFI\RES_{DA50CBA0-8F33-4B66-8A3A-08F84015C33F}....55stguestfirmware.inf:..UEFI\RES_{4E11B2F5-AF26-49D5-A549-72AE52345E22}....55stoutfirmware.inf:..UEFI\RES_{7E2BEABF-4BE5-4C10-AF9C-4C1A69E06033}....55stpcfirmware.inf:..UEFI\RES_{296EFE23-EB18-42EE-8B12-51489B27232A}....55sttouchbackgue

                                                                                                                                                                                                                      C:\Users\Public\Documents\Backup_[United States]_8.46.123.189_[1401].zip

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):105245
                                                                                                                                                                                                                      Entropy (8bit):7.988507155271616
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:qZBYo7zUAvQlAXKqhaz+Z+Qx/qhCbWweL2ZS/MPXbr:qzYo7QlA61z+Z+Q4hCyuQ/Mv
                                                                                                                                                                                                                      MD5:66E57C31EECA7E22FDE5AAE53C43A54E
                                                                                                                                                                                                                      SHA1:EAE45CC40F2F8999419917FD4587B7EEC0D36E25
                                                                                                                                                                                                                      SHA-256:E070D529B20BAB82F0E782B8C7F4FCF89B5AD77A4120EAEC3C9A6F910EDC4068
                                                                                                                                                                                                                      SHA-512:033611008BEE16733823E21A6692FB61F8705029FFAA0CA3A114B2C67F54C4CA7FCB9C153BE1EF5A175ED984AE7A63A094724AAEE836B7E19E02843C63970F63
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:PK........d.(U.8n~.....x......Files/D/hwcompat.txt..ks.7.&......_.g...*...~z.*.....n..":(..x,^B.l.N..?.uMt'PY.......-.$.............?....~.............Eq......Uuq.>..~.t.......y^}Df.A.......x<.]6l./H-.-&c$....KY..L............0q.s/j`.....p.....w.M.T....}..i@........O...} ./.z.a[...*R/..:Z.y..t\U.<..EX........-.....+./..0+.E.U.BG9|.A..eT..U.........g+. .%.Q..<...,Zd*......Lc.Q1r....jeUf.W.H. X.<..I.d./....a..u......;+].~..p..*Z..P..XeU......VO...J.U...*\....eZ.W.....|...o.|T.Uu..E...B+h.$..".u..*V...>......o~....... L."/.e.x........yU.^.=/.......8.2^.a..4.."..h.4N.$..:....8......dQ...[.U....E..Tu..u.0..$...8.}.<U..(.A'2..A.N G...%...Z)(..k(d\..T.....(.<..6o.vv."(..D|.A/Z. .A.3.D5..t.%m.'z...~.F...I.6..,. .>.Fu...=l...D.Be.....^.**!S.Z$:.uPVa.....DI..a.f.(.A....~\,T..~Q.U.F.+W'.1...;.V.*R(^T,. .....z....F.{Q.e~R..4...8..i...(.UU&..j...S..."/.q.)...t.m.,.......s.#.~..ARBu.PG.N..+..u.eyV.A.d.<.....+..D...+S.....X..Q..0..m..AP.*..E.. .:R.4.q.........

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):280
                                                                                                                                                                                                                      Entropy (8bit):0.7403664744478247
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:FiWXlv9U:Lv
                                                                                                                                                                                                                      MD5:99BBE027A67D5B8E84C910F7C77709D2
                                                                                                                                                                                                                      SHA1:372EFA7431F8EECFC4247C810131CB6928E50AC3
                                                                                                                                                                                                                      SHA-256:0F27051CF1DA3BBA983425A45ED2DE291E43491E0A982844D92C5B92AF34FCAE
                                                                                                                                                                                                                      SHA-512:E3970DEFF941FE95016F731651C7C234FF4AD27B54317BE44B4292F050E2A4B9ACACFF103837ADFC94999F9B534098231204C26D9BBDF47412CFE09C50F77BE7
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:sdPC......................5.y&.K.?....................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\DevToolsActivePort

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                                      Size (bytes):59
                                                                                                                                                                                                                      Entropy (8bit):4.416044320328267
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:gIS2ISuyQHt35ce8BUG4B4H:g5X5Nt3qBUDK
                                                                                                                                                                                                                      MD5:A9D80133BAA29044F32CA9ED52D207CE
                                                                                                                                                                                                                      SHA1:904A8B0E0CF1C1E0CCB363B65E2472333D14BA3F
                                                                                                                                                                                                                      SHA-256:E2EAA677CBE6E860E21AB2110653F62212F08B4DF870BD27BDFAC08BFA34DF10
                                                                                                                                                                                                                      SHA-512:E1E1E130D31FEE1F37EC0F9BB7DB7055DE018747EC705333D64CDB72872313AD77E330A5BA225F87FE06CE3BA438EFFBD3F3295CD877C888706684CB57AD0866
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:9414./devtools/browser/db43e6a4-f20a-466d-9977-b9f81ca4de8b

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\EntityFramework.SqlServer.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):591440
                                                                                                                                                                                                                      Entropy (8bit):6.06924298598343
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6144:CTiRnMqz14Oc9CxCTROMKahag9QQB6FHK13z6kuyPQG2puGeqVmjaVmnS4bfu65V:RnMqz14OcksHuAu65V
                                                                                                                                                                                                                      MD5:949A71C816089308551D32BC4BFFEA26
                                                                                                                                                                                                                      SHA1:D53C2BA8ED7571BF5F60759D67CC7CAE1ECBCA00
                                                                                                                                                                                                                      SHA-256:BE2BCDC9C0FF4A2865C8E5296F6A3C87C22411FF268E5EFF30FDCF5F8B2561E2
                                                                                                                                                                                                                      SHA-512:9FAD72A10898AE253CC8EC5F708B0856B649528B9CDD0F6851930264BA7246E41C0E13DDC72A1A4550823E3030E15C9D320412DF80B3A968D1056DB0065AD6C3
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                      • Filename: Console.dll.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$............" ..0.................. ........... .......................@............`.................................{...O.......t...............P$... ..........T............................................ ............... ..H............text........ ...................... ..`.rsrc...t...........................@..@.reloc....... ......................@..B........................H...........`...........8....]............................................{0...*..{1...*V.(2.....}0.....}1...*...0..;........u......,/(3....{0....{0...o4...,.(5....{1....{1...o6...*.*. #'p )UU.Z(3....{0...o7...X )UU.Z(5....{1...o8...X*.0..X........r...p......%..{0............-.&.+.......o9....%..{1............-.&.+.......o9....(:...*:.(2.....}....*..*J.......s;...(...+*J.......s<...(...+*........s=...(...+%-.&.......s=...(...+*J.......s>...(...+*J.......s=...(...+*.(....s?..

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\EntityFramework.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):4977744
                                                                                                                                                                                                                      Entropy (8bit):6.096478054710026
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:49152:+VEvjTmOH5S1w66gqvcWLxPkKOeI2y3BzwNZEnq:WEvjPGw8qPLxPnI6P
                                                                                                                                                                                                                      MD5:6999777A429B6A0EFD83AC3115F531CD
                                                                                                                                                                                                                      SHA1:158644373AA9A2C33032C5C07E430A120D7D3754
                                                                                                                                                                                                                      SHA-256:EADBAC604EFE1EA0272D1285F48E358541978AA1D198EF0420B0E522C793B8B4
                                                                                                                                                                                                                      SHA-512:EE21E3203C063950867B8710407130CA40D9FE5F1C07A2D0754D0673EAC0486B80A4286B3D385E35F78FDAEF089DDAF3391085E3DC4117410D654957D2020591
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                      • Filename: Console.dll.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0...K..........KK.. ....L...... .......................@L.....n.L...`..................................JK.O.....L.$.............K.P$... L......IK.T............................................ ............... ..H............text.....K.. ....K................. ..`.rsrc...$.....L.......K.............@..@.reloc....... L.......K.............@..B.................JK.....H.......<...,.).........h.A.....`IK.......................................{)...*..{*...*V.(+.....}).....}*...*...0..;........u......,/(,....{)....{)...o-...,.(.....{*....{*...o/...*.*. dL.. )UU.Z(,....{)...o0...X )UU.Z(.....{*...o1...X*.0..X........r...p......%..{)............-.&.+.......o2....%..{*........z...-.&.+...z...o2....(3...*..{4...*..{5...*V.(+.....}4.....}5...*...0..;........u......,/(,....{4....{4...o-...,.(.....{5....{5...o/...*.*. ...z )UU.Z(,....{4...o0...X )UU

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\Microsoft.CSharp.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1005840
                                                                                                                                                                                                                      Entropy (8bit):6.7186531276890715
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:24576:06dJq30vVE6z8LpeNY+9whtbShFtHVu9yHesCGDUD3I1i:FQ34VEYKaY++tbiHVu9yHFgrt
                                                                                                                                                                                                                      MD5:9B2A6ABE569D6BFF344CF07D3DF523A3
                                                                                                                                                                                                                      SHA1:2856F7F922F70A44132D02C0723EC2FA91E1FEDB
                                                                                                                                                                                                                      SHA-256:099BC112DC645BC4A1FC453E3B4C1FC93A164BFAF69E84C85C2B6EFAC0F7FAAB
                                                                                                                                                                                                                      SHA-512:B649400460CF236197ED168702707FB7E81FE4AA3D2542EDC07B1D3E1C520C6ECA54F77F7ABDB2DB297AEA0BC82E7A07ABF99A89CB958FEC138CDEE4FDEC5E79
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                      • Filename: PDF-523.msi, Detection: malicious, Browse
                                                                                                                                                                                                                      • Filename: pkt1.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      • Filename: dr0p.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...[............." ..... ...................................................0............`...@......@............... ..................................d....*..TQ...0...)...........;..p...........................................................h...H............text............ .................. ..`.data........0.......0..............@....reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\Microsoft.VisualBasic.Core.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1247496
                                                                                                                                                                                                                      Entropy (8bit):6.749340069071408
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:24576:psvPzOPj/l89Sk2f+/eOUCxRepC3/Rk3isQFqULFL:psvPzOP7ymf+/TZq3id
                                                                                                                                                                                                                      MD5:B3D3DA24C19B47259D6C23F753AFBD8A
                                                                                                                                                                                                                      SHA1:923B52256967DCF9AE35406B803304CB97B5510C
                                                                                                                                                                                                                      SHA-256:816DE66126C5EFA65483B583F6A320C284E47FC7030F8CBD7DBED745FEDCD656
                                                                                                                                                                                                                      SHA-512:D959B6AFE6561084757F1E685167BFECCD94D44F41ADF98D8DF8AEED22296DC16C3484EFABF2EBBA7988825BE5772D51E1E179C91C8B52F024EFCDDAC77DFBEA
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...Y............." ................................................................Gx....`...@......@............... ..........................................d_.......)...........>..p...............................................................H............text............................... ..`.data...............................@....reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\Microsoft.VisualBasic.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):17712
                                                                                                                                                                                                                      Entropy (8bit):6.610099146248559
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:6ku3cV6HxWmH639QdWSdX6HRN72YMTR9zUMq:ruMV/oWDg9za
                                                                                                                                                                                                                      MD5:3B3C142639335F9B615C0DE17BACB2D0
                                                                                                                                                                                                                      SHA1:C599AA74C3D0916D6E0BAF0949C5A6894145C6F2
                                                                                                                                                                                                                      SHA-256:BD36D4FD23D717FE88F2AFEB563EC6034D7FA482278156D99EF3CBF11EC2A5D5
                                                                                                                                                                                                                      SHA-512:87A3D33BE2DD049D906EEA8266FA4EE4694A81E3EE07F8205CACACC75B141605DDA2D454905BA0196FE26B8C7E68F9F2469AF2AEB4DD92FFA4A65F4C026AEBEF
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...J............." ..0.............B1... ...@....... ...................................`..................................0..O....@..................0)...`.......0..T............................................ ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................#1......H.......P ..4..................../......................................BSJB............v4.0.30319......l.......#~..,...t...#Strings............#US.........#GUID...........#Blob......................3................................K.....C.................................J.....~...........b...........G...........c.....................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\Microsoft.Win32.Primitives.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):15624
                                                                                                                                                                                                                      Entropy (8bit):6.833706261769825
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:eiBpXxu0xtWhPMpWfpWjA6Kr4PFHnhWgN7acWtNfKUSIX01k9z3AGxdUK9:eiLBPWhPMpWfYA6VFHRN7Gh2IR9zJn
                                                                                                                                                                                                                      MD5:9B22CFB5BED886C6969E9C2BCA6AC35C
                                                                                                                                                                                                                      SHA1:10136331C4C4C97581055C94AE57D96DAA050FC7
                                                                                                                                                                                                                      SHA-256:150CE7473F17D708E846CCAFD9BEEAB9C341C28A130F6E37630ACAA622754A8B
                                                                                                                                                                                                                      SHA-512:E0C31B87191F833492149D9E17FB0CEB6FE15E0E053FD5959223835719F727B9524D6FA4E33EA167FF26CD912096AA455F0E6EA16BD377722D7BF9F2400B760F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...<.|..........."!..0..............)... ........@.. ..............................=.....`..................................)..V....@...................)...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H........ ......................P ......................................$.....,X.k..C..9.......q..C.m...:...Qr.......Ia.Gz..@.|.s.ERw+.Y..wUD...Ks=S..2>D].o7.Qc.-.w.N.5.._.X...p.|..$...2.KHs....BSJB............v4.0.30319......`.......#~..(.......#Strings............#GUID... .......#Blob......................3................................................"...........;.l.........f.....!.E.....E.....>.................E...[.E.....E.....E.....E...B.E...O.E...v.............

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\Microsoft.Win32.Registry.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):121128
                                                                                                                                                                                                                      Entropy (8bit):6.1482993626679106
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:hR1cNXwrxM7wECif70JSvEVcULVi+Ril1dPC:iNIcFC270JSvEVzvC1
                                                                                                                                                                                                                      MD5:C2DC11B82A094AFCE0E4810E4FA50723
                                                                                                                                                                                                                      SHA1:769A8C969BB7EC7CA893C1939D2500BB367CF565
                                                                                                                                                                                                                      SHA-256:19EAB1189558EFEFB90F34B012B8182DFD3C707463F5E0D4F5C0D810156A5ED8
                                                                                                                                                                                                                      SHA-512:0083FFF0E424FF80B3F8A632F139AD267A14D1419ABD1B68BAF1FC84BD2E5739E805ADF10EC79D7FA325BAC553CF7F0D84C846425638292C550CA3957AF46DAB
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .....p...0......................................................5.....`...@......@............... .......................................4..........()..........8...p...............................................................H............text...[h.......p.................. ..`.data...a........ ..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\Microsoft.Win32.SystemEvents.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):50248
                                                                                                                                                                                                                      Entropy (8bit):6.289462537946871
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:zSXwygO6T53MF09ipSJkKFZGf9PTIG57raN8q8j76P5:zS596T53MoipSlZsVTIMvaN8Hj76P5
                                                                                                                                                                                                                      MD5:EF50BD977976ED929FABEAF6C9241C45
                                                                                                                                                                                                                      SHA1:AD004278F0C66CF0086C1024CE46B04852DE6ECA
                                                                                                                                                                                                                      SHA-256:1D5BBFB227F20E866CF25F649A059B61C3F35336F69EBD19B8EDE7B6E14A7414
                                                                                                                                                                                                                      SHA-512:5ED13DEBF26F120C80C09DF572571B3BB05FCABEE7B1C7D945D2D767B13A2FE1C5861CAD4FA1FEA1658357FB025F9237F7AE2DE510DB120CFF6EF4041D5F6707
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...6)q..........." ..0.............:.... ........... ...............................X....`....................................O.......................H$.............T............................................ ............... ..H............text...@.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........;..pt..................d.........................................*..0..1.......(....,..%-.&.*..(.....o.......&...,...o....,..*.*....................(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*...(....*.(....,.r...p......%...%...%...(....*....(....*.(....,"r...p......%...%...%...%....(....*......( ...

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\Newtonsoft.Json.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):712464
                                                                                                                                                                                                                      Entropy (8bit):5.960816598800232
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12288:mFIM0KteTMN4Or4D3OdmZg5WHEaEDIGBBjgrIQtD+tVqDMW:6zMTMNNd+g5Wk78GBBjgrIQtDF
                                                                                                                                                                                                                      MD5:ADF3E3EECDE20B7C9661E9C47106A14A
                                                                                                                                                                                                                      SHA1:F3130F7FD4B414B5AEC04EB87ED800EB84DD2154
                                                                                                                                                                                                                      SHA-256:22C649F75FCE5BE7C7CCDA8880473B634EF69ECF33F5D1AB8AD892CAF47D5A07
                                                                                                                                                                                                                      SHA-512:6A644BFD4544950ED2D39190393B716C8314F551488380EC8BD35B5062AA143342DFD145E92E3B6B81E80285CAC108D201B6BBD160CB768DC002C49F4C603C0B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....)..........." ..0.............>.... ........... ....................... .......m....`.....................................O......................../..............T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............9............................................................(....*^.(...........%...}....*:.(......}....*:.(......}....*.(.........*....}.....(......{.....X.....}....*....0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..o....aX...X...o....2.....cY.....cY....cY..{......{...._..+&.{|..

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\SQLite.Interop.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):2005688
                                                                                                                                                                                                                      Entropy (8bit):6.582595751983885
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:49152:tQ/IZ0sF2Ou+pqnX3lJ1nCHmWbk8d7hLJ:tQ/rHnkJ
                                                                                                                                                                                                                      MD5:4930777866B1FDAED2AB80B0FB8793B6
                                                                                                                                                                                                                      SHA1:E2686B9AC7C3867C644902805142F1F42BAE7645
                                                                                                                                                                                                                      SHA-256:1111916DC329A13BD627B2CD90C9B2263DE9923FD0BB6059C69C52332F360C37
                                                                                                                                                                                                                      SHA-512:D294E9D638FB6D579FDFD69A9F098B2D8087FC6C1C240496CC99804980284352299B52B9A2D6B1D1289FFDC5F5ECF364E67EB32E7B4A9A8DDF20C723F9FA28D5
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$................................:..........!.....!.....!......I....w.(....-p.......6...=!.....=!.....8!.....=!.....Rich............PE..d....Q.f.........." .........d......................................................M.....`..........................................u..8...8...x....p....... ...>...F...T..............p...........................p................................................text...o........................... ..`.rdata.............................@..@.data....p.......R..................@....pdata...>... ...@..................@..@.gfids.......`......."..............@..@.rsrc........p.......$..............@..@.reloc..............................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.AppContext.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):15664
                                                                                                                                                                                                                      Entropy (8bit):6.754633849646731
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:FYjgxACvaW+S7WFlWxNzx95jmHnhWgN7aIW+/yaYHnsTX01k9z3A1dcdL:Fk+NaW+S7WFGX6HRN7BnYMTR9zUdAL
                                                                                                                                                                                                                      MD5:CA56A8F20FBC0DC300136A7F52CE5448
                                                                                                                                                                                                                      SHA1:3BC48E9E7EBFFCBDE4A0018ABEE27077AA22C90B
                                                                                                                                                                                                                      SHA-256:1EE0C49348E8F269D65096B2A749E81E06ABED0796BE768D5383F174B3EBED61
                                                                                                                                                                                                                      SHA-512:2EC0A88FE112AC840DFBC7992028B85FF216AFF944483F1FC518A5E5E3822A6E7A2E7995E22464A07E3089680664D87124A1F1B1C3036C0F19B643FDF16F5D50
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............(... ...@....... ..............................w'....`..................................(..O....@..h...............0)...`.......'..T............................................ ............... ..H............text........ ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B.................(......H.......P ......................('......................................BSJB............v4.0.30319......l.......#~......<...#Strings....H.......#US.L.......#GUID...\...|...#Blob......................3......................................................x.....3...........^.................I....._.................w.................G...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Buffers.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):15656
                                                                                                                                                                                                                      Entropy (8bit):6.745504174553825
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:/XlE3V0WYZ2Wh8pWjA6Kr4PFHnhWgN7aIWH9qLrRGhFKeX01k9z3AB+Bf5e:99WYZ2WCYA6VFHRN7Cu0R9zI+1
                                                                                                                                                                                                                      MD5:CAA67B5CB207447441AF97F77A8D28EE
                                                                                                                                                                                                                      SHA1:00321E60DB8F53DAAB0AF1D86F090B6B77CA2F0B
                                                                                                                                                                                                                      SHA-256:49BD03FF5EF094D48ACE745D8F5C81077D28551CCA08B16D4C4DFAFAA352E43A
                                                                                                                                                                                                                      SHA-512:4F886B2E093397A857F69B1635BF3B6ABDD181D17FF21F19AD99916894A684AA35D834FDD03EFEF846AEA6BC99E42D4FBAA7E50EF2400CB818A301A285841B8E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....F7..........." ..0..............(... ...@....... ....................................`..................................(..O....@..X...............()...`.......'..T............................................ ............... ..H............text........ ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B.................(......H.......P ......................,'......................................BSJB............v4.0.30319......l.......#~......@...#Strings....L.......#US.P.......#GUID...`...|...#Blob......................3............................................................?.....!.....j.....%...........U.....k.....:.......................!.....S...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.CodeDom.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):183576
                                                                                                                                                                                                                      Entropy (8bit):5.938875075706144
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:bMKminLBDcR+s0sK1eW0F5PIlwbrebRYSH+lTWh1vQ44:3LBk0s3hebCSKisF
                                                                                                                                                                                                                      MD5:3F5C6DDD8CC2B92E7BB742ADDB3EA650
                                                                                                                                                                                                                      SHA1:677800EB1BC1D5EFB1F77D4ACB4164A10A7DA0D9
                                                                                                                                                                                                                      SHA-256:8D9C04FED7926CD1332DCCCE32E65BC32D19A5DF7737EDE981BD136A0EA372B8
                                                                                                                                                                                                                      SHA-512:F58C9C034DBD33BA3196DAFF5D4B2F53A6CBBD8D2E350C4944A8B883D858B991614651444762B62D90BC10863A41EF73F3A9E4B689673D190BA15C033091A737
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....LP..........." ..0.................. ........... ..............................{.....`.................................i...O.......X................)..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...X...........................@..@.reloc..............................@..B........................H.......`Q...W..........................................................z.(....-..(....,.r...p.(2...*.*"..(....*2~.....o3...*..o4..../..*..o5...._3...o5...._3...o5...._.....*.*.0.............(6...,..*..8......o5.....(7.....E................................................................................+...+..,..._...*..+..,....(....-..*..X...o4...?l....*....0..s.........>5T..$YE....0...7...0...7...7...7...0...0...0...0...0.....:YE........................+...[....]....`..+...

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Collections.Concurrent.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):276744
                                                                                                                                                                                                                      Entropy (8bit):6.728786186995529
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6144:3PA2HHj4tByYOTblcFe4khyO2bIykwXLbn:3I2Hj4tBypHfhD2bIrEXn
                                                                                                                                                                                                                      MD5:B9B20837FC21F3B6C7DC96118F58A584
                                                                                                                                                                                                                      SHA1:A1E60495DA508FACB76031996ABCA51306078142
                                                                                                                                                                                                                      SHA-256:4CC75A63FED0A6388C95628EFBEA788408E4167595D8F3980BCD2BEB9B439541
                                                                                                                                                                                                                      SHA-512:720FC092603432E3640C9B4C71C969403D2BF400E1C2F7EF1F0C46D85E8A31147113C0A191A1A3180D9FE26337C3E1D0F6BA38505BC8146156A88841F8FFBECF
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....(..........." .........P.......................................................#....`...@......@............... ...................................... n...........)..............p...............................................................H............text.............................. ..`.data...h=.......@..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Collections.Immutable.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):837928
                                                                                                                                                                                                                      Entropy (8bit):6.723068549493689
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12288:arJR+uRoPwKMeN8/98vTU4dQEE3k0T9YLVgHr4iuGvNgllggskj:m+u68abw+CMiz2llas
                                                                                                                                                                                                                      MD5:B55D4397AF5909E22B8B50E6D6E35385
                                                                                                                                                                                                                      SHA1:0335B1040CC5339FFAA7833842FDCB1424A19B30
                                                                                                                                                                                                                      SHA-256:6446E921CF1D5E9B7E9CCE08E1061206129A1D29407B59FF48CBB44ADDBC082A
                                                                                                                                                                                                                      SHA-512:5A2B196A715BD4334F8A35A61E09C5EA620B710185B18A6DC93E7496367FCA292F3492663C0AC5739BDEB3090E472543F50729C3394FF7B133AB582FCB9E8270
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...1Y............" .....@...P............................................................`...@......@............... ..........................................Hr......()..........( ..p...............................................................H............text...P0.......@.................. ..`.data...L$...P...0...P..............@....reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Collections.NonGeneric.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):104752
                                                                                                                                                                                                                      Entropy (8bit):5.951214543616432
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:XHs0tJVDX9LOIbwNC5IQ7XVrMZqz9AOWSUdbWKvzd8:XM0dzNOIc+IQLGZqzKOOZR8
                                                                                                                                                                                                                      MD5:D8E1F2706EDBBB0D5283E866FD6B5A68
                                                                                                                                                                                                                      SHA1:5893B4B685A2172D37DF5519AD00F02B5132DB50
                                                                                                                                                                                                                      SHA-256:891A7B6BAA99B3A98D33947E69CB35F415BF735D9515DA628D6624BD64595BBE
                                                                                                                                                                                                                      SHA-512:82F5FCA1138885BF890EA262B7B453E05C76095A7C80F66D2F90CAC91B374153A7E53B4F0C215B389BDAFF63F91DC52912382960E24C646429E12908AB2FECA5
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...c............." .....0...0...............................................p............`...@......@............... ......................................H0.......p..0)...`..........p...............................................................H............text...:+.......0.................. ..`.data........@... ...@..............@....reloc.......`.......`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Collections.Specialized.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):104760
                                                                                                                                                                                                                      Entropy (8bit):6.023688556329198
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:/AKdRfAUP9WSJLeI620hCYCARk4YIAO8xocgO50/d0VIOXWShzpS:/AKfASpeJDPAOSocgOa/OBXhhE
                                                                                                                                                                                                                      MD5:408636AD69D82964450D11E2BC2B063E
                                                                                                                                                                                                                      SHA1:C6701A74D0993B7E8242DC45C73C47CF38A8CF1C
                                                                                                                                                                                                                      SHA-256:B2EABD2CC9923818F6D1BDFB3E9CFE02A54D6327DCC4AECCF61F895E0E02E67A
                                                                                                                                                                                                                      SHA-512:FC252CB0E6B778E410856C1D8B2E00A925C8C6A31E8622687D56D641DC54DAD004507AF4A23406448D1410CB618F7689704E0D504B55A68BA2BD6BD05E8254A5
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....<..........." .....0...0...............................................p.......y....`...@......@............... ......................................x1.......p..8)...`......@...p...............................................................H............text...1).......0.................. ..`.data........@... ...@..............@....reloc.......`.......`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Collections.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):260400
                                                                                                                                                                                                                      Entropy (8bit):6.618537900857936
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6144:unxoXLUDXDiKNYX8qTKfAyryS1rIgD3lgT:mxCUDXDiQ+jTURrhFLlY
                                                                                                                                                                                                                      MD5:F79C5255B5A8113246917AE7681E4A24
                                                                                                                                                                                                                      SHA1:CC1B9BED6269BB109657A3BBEC56F54C31444B0E
                                                                                                                                                                                                                      SHA-256:5B20181EE4E188AA6B328C107FEE9506E63EFE3A4F9D2C3517EF2972B6AA1211
                                                                                                                                                                                                                      SHA-512:731AB48B1913FC9BA4F8D25EB497EF860796FFCA7364AC91D18BE2DCB243CDA6BAE0BD141CD6B8CB77C940253FE642BD44D85999003DD5701BE9242A6BDAB5BB
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....;..........." .....p...P......................................................7.....`...@......@............... ..................................t....[..8.......0)..............p...........................................................x...H............text....g.......p.................. ..`.data....>.......@..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.ComponentModel.Annotations.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):203048
                                                                                                                                                                                                                      Entropy (8bit):6.207009954800782
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:Fyzc/yxHdJdq+4dCLLe6Yfn33wmMWQArD5/oE5bF6fLUV/Yqp:omyx9env3wzWQArcUV/Yy
                                                                                                                                                                                                                      MD5:60AC5526E44A9F031F87CD84CEC7140F
                                                                                                                                                                                                                      SHA1:4DFF306D8D13C393EB5924BACF4788397FE29B03
                                                                                                                                                                                                                      SHA-256:7ABBB89A3B170A9DB8894B7B6E24A6CE99340F6938E1B78A1DE0A941B8B5BB61
                                                                                                                                                                                                                      SHA-512:18F1B98E350D32DB9269CCB8B650D9E433BC18CE5CBC69B37082E182B3793900616D60814215FE6C5B39C2811A5A9153B6D0BCFD8BB00DA499AB8CA76410CB78
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...er............" .........P............................................................`...@......@............... ......................................8I..p.......()......L....!..p...............................................................H............text............................... ..`.data...M9.......@..................@....reloc..L...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.ComponentModel.DataAnnotations.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):17176
                                                                                                                                                                                                                      Entropy (8bit):6.675054821557407
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:BjpmblJeIeGXxlkGl0Wu+XWEtX6HRN7klMR9zPyjO:BLc/Wk69zKjO
                                                                                                                                                                                                                      MD5:F8ADC8C164B2D4E9D87DCABCBDA95B44
                                                                                                                                                                                                                      SHA1:2D78A2C285FD096612530ED90BF7FBA8A2AE1392
                                                                                                                                                                                                                      SHA-256:E49B3F50FDB62357C70C944EF84DBCDE9DA86D2833882EA08AC28B1D3DA0EBBB
                                                                                                                                                                                                                      SHA-512:254E544BE19F32F0DF65627F80EF5D456B52FE38DCA7F1B498839649318CC6A60EC0B81984548BBB20A39753EC4904EC74AD057D2DE2D128CAB81E1FE5444143
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...a.g..........." ..0.................. ...@....... ..............................1.....`.....................................O....@...................)...`.......-..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B........................H.......P ...................... -......................................BSJB............v4.0.30319......l.......#~..l.......#Strings....,.......#US.0.......#GUID...@.......#Blob......................3................................+.....S...........................3.......9...O.............}.........}...........$.....A.....d.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.ComponentModel.EventBasedAsync.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):47368
                                                                                                                                                                                                                      Entropy (8bit):5.343354931264753
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:fWvPwWlrTB3PadWBj/Dqhzq1c8dgfL9ikyr46JXfCvDXxO88+aEZ4jIwVPBvAN4x:MflmYlkB9n88IVJg86FClUU9zwa
                                                                                                                                                                                                                      MD5:8118646098B1A4570BB29A5D867A1983
                                                                                                                                                                                                                      SHA1:58787C4A3E3285BA9C7E7B7574C552467FD96F6F
                                                                                                                                                                                                                      SHA-256:6C2BA61732037024199D6CB5841E41A51370399ED8E9402D20D378C4C79DCCDC
                                                                                                                                                                                                                      SHA-512:2CA167E4AA6DEC9B3C811F22DE33FF92DDA58E170EBD322DE54D1725AB6A47403DA7D595A18BE7F72DB2C28C03E620F2505992B29E32BA731E5E442AEE9DF023
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...AM............" .....`... .......................................................$....`...@......@............... ...................................................)..............p...............................................................H............text....W.......`.................. ..`.data........p.......p..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.ComponentModel.Primitives.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):80136
                                                                                                                                                                                                                      Entropy (8bit):5.846320393478092
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:MI5/UZMu4Thd+Cv8A/oqevD2olsmIbktDinxze:Mr4X+S85qKD2ommIiOK
                                                                                                                                                                                                                      MD5:BC478FC2764A94C56E69E9E38A51452A
                                                                                                                                                                                                                      SHA1:1C199BF6064992A5A81472B091A01F45B4442889
                                                                                                                                                                                                                      SHA-256:304635DBC025B5C3BFF78DF48C19980E9B52C632A7D3C145B61288F546293BF7
                                                                                                                                                                                                                      SHA-512:AE81A6CE5E66CDDE1B074474459DB6081C627B8B38E0F959EBCDEE02AE935BB022E66F39A4451989AA59E3EBB15CE3052CC23DDEE4C9DB5E6649D33EAEE484B6
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....N............" ......... ....................................................../l....`...@......@............... ......................................<&..X........)..........x...p...............................................................H............text............................... ..`.data...............................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.ComponentModel.TypeConverter.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):747824
                                                                                                                                                                                                                      Entropy (8bit):6.643641560609559
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12288:8tbWtrTblAqmrIofhCXvdb+/ipZ76GaEFBiXMSuD7QLohk+xLRxw5:81WtrFlmrNfhCXvdb+/ipeEFBiEDMSk1
                                                                                                                                                                                                                      MD5:DB6BCFE78A5A8BA98D4042A2567933F2
                                                                                                                                                                                                                      SHA1:463D999211CCE7B669437DF3935BE627DCDE8E7B
                                                                                                                                                                                                                      SHA-256:CD7E2EF84253D24807DD61EF644F5AD8042656340DD02830E3F22E6A7EAB8D06
                                                                                                                                                                                                                      SHA-512:FD099BFB3C1328602458C6F2C4F7C9FD470CBB0ED78CEADBE70F92E4860701AF956504A4C18443DCCBA63A819D764F1FD3CD3E82A21214FC5189EE2BD0D1C8A5
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....s..........." .....P...................................................@.......&....`...@......@............... ......................................p....X...@..0)...0......x<..p...............................................................H............text...L@.......P.................. ..`.data........`.......`..............@....reloc.......0.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.ComponentModel.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):30984
                                                                                                                                                                                                                      Entropy (8bit):4.326509735182786
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:+W4I1Wzqib+d0PMpYA6VFHRN7UYJ2R9zU3:XF5FClhK9z6
                                                                                                                                                                                                                      MD5:040F8D89AA869EBAE8DD21141ED326B0
                                                                                                                                                                                                                      SHA1:DD4B5B58DFE497F76F61891B8E62695310262896
                                                                                                                                                                                                                      SHA-256:0BF9E3E6C8327B7DB4372F27507A71BF0EF06B22F042BBACF4A860F0922BE1FE
                                                                                                                                                                                                                      SHA-512:6AD73EBE3CB5FE756D5BBACDF6BA09D490D619A1067DC2B6945871F6B7EE5C8901C45B491A26B23E74B8911F396F61EA9A88DE4B2F6BACD1CBF9E20496EF527A
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....X............" ..... ... ...............................................P......)+....`...@......@............... ..........................................0....P...)...@......8...p...............................................................H............text...1........ .................. ..`.data........0.......0..............@....reloc.......@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Configuration.ConfigurationManager.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):375912
                                                                                                                                                                                                                      Entropy (8bit):5.984458134179533
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6144:b28/xHM7l2JzUcq0RmVyiyYWu5nhezpmQiKyTgQ+2/NVQ8GLa0Uh55T3lEC/IOPv:b2ORklOELVIuJhel3Q+2/NVQ8GLa0UhB
                                                                                                                                                                                                                      MD5:70E81BFC1DCCE3AA3AB30C3ABAF3EA53
                                                                                                                                                                                                                      SHA1:2132451E6DC8B1C18568181DDB5D697A491EF7FA
                                                                                                                                                                                                                      SHA-256:4668F89524FCB4D71950E0AD7E0D56E5E5DB2C70E395AD49F7DB6A8164CC50D6
                                                                                                                                                                                                                      SHA-512:37B143C9FF3D06D87B07BD2118A22B48F7DA590E5AE0C03D40A9B9BBBE45A184F091A23FB6CB7CF0FF8BA68E06815078D8E0738CAA4529666E2C98C6F7F057A0
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....@..........." ..0.................. ........... ....................................`.................................0...O.......4...............h$.......... ...T............................................ ............... ..H............text... .... ...................... ..`.rsrc...4...........................@..@.reloc..............................@..B................d.......H......../..T................{............................................((...*..((...*..*..0..1.......(....,..%-.&.*..(.....o)......&...,...o*...,..*.*....................(....,.r...p......%...%...(+...*..(,...*.(....,.r...p......%...%...%...(+...*...(-...*.(....,!r...p......%...%...%...%...(+...*....(....*..,&(....,..r...pr...p.(+...(/...*..(0...*.*.(....,.r...p......%...%...(+...*...(1...*.(....,.r...p......%...%...%...(+...*....(2...*.(....,"r...p......%...%...%...%....(

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Configuration.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):19760
                                                                                                                                                                                                                      Entropy (8bit):6.50388265626174
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:TMXTSv/fUNRvGZYdf3zyP/weP+YHTWvANWxRX6HRN7h9bt5R9zExRK:qQPVKWjx9zsK
                                                                                                                                                                                                                      MD5:96C347B57AAA9AB1CFA8365585E9C9A1
                                                                                                                                                                                                                      SHA1:17B2B2F1019CC93ED1AEF0BE445CB1053C01341B
                                                                                                                                                                                                                      SHA-256:19C65DDFD1C484306C928BB8AE838215F7A689E757326791E50FD3C488CD1284
                                                                                                                                                                                                                      SHA-512:EC1DC25698B055F2C72A435F7C62B93635959A09C142D8908C2B03CEDF45B2E138A27DD227F4CAFA701897B8A305071346056DFE9017A1E0229C6A640B36660A
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...=#............" ..0.............v8... ...@....... ....................................`.................................!8..O....@...............$..0)...`......87..T............................................ ............... ..H............text...|.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................U8......H.......P ..h....................6......................................BSJB............v4.0.30319......l...h...#~..........#Strings............#US.........#GUID...........#Blob......................3................................h.................2...%.2.........R.......b.....U.....U.....,.....U.....U.....U.....U...3.U.....U.....U.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Console.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):174376
                                                                                                                                                                                                                      Entropy (8bit):6.280397830530098
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:zqPlmXCzdfd6+Vfz5mDVV9evshARZvgL4OUgZjZXR1BB1GlKi7:uPoXifd6qwV9eEh2ZvgmQ9bB2KG
                                                                                                                                                                                                                      MD5:E58A5726978B1DFD94B6B4CB38102340
                                                                                                                                                                                                                      SHA1:D1A561662830FD01351341CA862BB93191095338
                                                                                                                                                                                                                      SHA-256:8469DEB8C7D532E8857F5C68DEB291035103DEE3698BF5005F4E08C5BD05775A
                                                                                                                                                                                                                      SHA-512:2D7B698720D7AB2E8535A68AFA3ABA41D39A888D05E59454CB7E35EE04E9E3CAEF52EA9BE46BCD8E28C7EF4E4098F168D7D0580347A9F980893198995301A388
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..._.>..........." .....0...@......................................................c.....`...@......@............... ..................................T....<..........()...p......`...p...........................................................X...H............text...}!.......0.................. ..`.data...."...@...0...@..............@....reloc.......p.......p..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Core.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):23848
                                                                                                                                                                                                                      Entropy (8bit):6.307580885714362
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:/S9H4Ay0l9Jr3OzFPhoact/iKMePLexkrW1rU1ZXt5zElfWXJ2WoYA6VFHRN7kxJ:K9H4Ay0l9Jr34FPhoact/iKMePLAxivR
                                                                                                                                                                                                                      MD5:85A20E6FF4565669D120A52C00B12775
                                                                                                                                                                                                                      SHA1:4C648D4161C9FD6C7FAABCDE1ED7F45A68E98A50
                                                                                                                                                                                                                      SHA-256:CC23F980E20FCED097A234AEB379D9C9C1F5235B93126709199815E96D8F2217
                                                                                                                                                                                                                      SHA-512:96DCADABD7A73584BB58459404ECD011F088AFE6BF92E413BBE69F9EC329B651415405838100513358DBF09A3EDEC23792A6C54C9BDDFDBE74870BCF74421180
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..*...........H... ...`....... ....................................`.................................wH..O....`..8............4..()...........G..T............................................ ............... ..H............text....(... ...*.................. ..`.rsrc...8....`.......,..............@..@.reloc...............2..............@..B.................H......H.......P ...&.................. G......................................BSJB............v4.0.30319......l...<...#~..........#Strings.....$......#US..$......#GUID....$......#Blob......................3......................................................i.......G...........................:.n...J.t.....t...P.................C.....`...............................................).....1.....9.....A.....Q... .Y.....a.....i.....q.....y.....................I.....R.....q...#.z...+.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Data.Common.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):2861368
                                                                                                                                                                                                                      Entropy (8bit):6.795825527603884
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:49152:9flMLj5HODx+ncGZUG3k+mywJOHPxIyiNgnssolXWMW03Rz7F5hBh0TX1G:lOCOZIunssolXWMW03Rz7+Tw
                                                                                                                                                                                                                      MD5:38154C0B1654E7B38878A8D20A804979
                                                                                                                                                                                                                      SHA1:EAE6B02D412B61A64E9FE87B62B77B0A940CC899
                                                                                                                                                                                                                      SHA-256:85614A082FDB244379E34EDEA86AE8B7DAA71EFB61E52868675E5DA7685FB72F
                                                                                                                                                                                                                      SHA-512:1E487C6AF8DEF70C168B86843113BE3B0DF15CD978C68FBDC65A0F371276428731241EF315C192E85BE27234CFA6EB1072E48778C36B8845C8DA86E9614CAA73
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...h.w..........." .....@)..0................................................+.......,...`...@......@............... ..................................t.............+.8)...P+..-......p...........................................................x...H............text....8)......@)................. ..`.data........P)......P).............@....reloc...-...P+..0...P+.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Data.DataSetExtensions.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16184
                                                                                                                                                                                                                      Entropy (8bit):6.666464376103628
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:gmoHF/wAisWaS7W5hWxNzx95jmHnhWgN7a0WO8flXefqg7i1X01k9z3Axpzu8:HoVWaS7W5KX6HRN7QYR7i1R9zORu8
                                                                                                                                                                                                                      MD5:9783A0CCD5A64883445821E1F071076F
                                                                                                                                                                                                                      SHA1:C710BFBB818BF9F27F123F07E90DE7DC98C9F6D8
                                                                                                                                                                                                                      SHA-256:55E5BD120160DDD157A2F11C8D8F9AD99972BAF1FA78C37647B0A34F268AC0DC
                                                                                                                                                                                                                      SHA-512:23052276DD8F811D240A277FE3C7C77743FAEADC54548E4EE712D5AC4DB7921988406E66B9CEA24A0AF1D73A4D31AFA14E2ED81E87C1F874EFC36C7DF4FDE785
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....[@..........." ..0..............*... ...@....... ....................................`..................................)..O....@..................8)...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ......................8(......................................BSJB............v4.0.30319......l...0...#~......@...#Strings............#US.........#GUID...........#Blob......................3................................................E.............|...............i.)...'.).....".....)...~.).....).....).....)...e.).....).....E...........v.....v.....v...).v...1.v...9.v...A.v...I.v...Q.v...Y.v...a.v...i.v...q.v...y.v.......:.....C.....b...#.k...+.....+.....3.....;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Data.SQLite.EF6.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):206520
                                                                                                                                                                                                                      Entropy (8bit):6.121139897829129
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:olRykDX+8KI7qTvPAIdF5/UO6KP8cyRL0LB:o/yf84DXn6KP8cz
                                                                                                                                                                                                                      MD5:0F3EE51C596E7557ED49BDDD1E57F7C9
                                                                                                                                                                                                                      SHA1:6B9E56A3F1A4847D1756F7F352EBD695D375BE27
                                                                                                                                                                                                                      SHA-256:4F7CB99BED4C0C2E0E221A9487C7697F8C882E7288FFB993908E592FFF5446D5
                                                                                                                                                                                                                      SHA-512:520BCCE956E752EEF6EF6FDEA1685D4F3A311BAB1BBE9B4DB20EE5F199EA76444D538C6588AE4250ADC2A9E14B1073699C4B41940E6554BE0BEFA04835CEC63C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....O.f.........." ..0.................. ........... .......................@......Z.....`.....................................O........................T... ......4...8............................................ ............... ..H............text...(.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......................DW..p............................................0..,.......~....s .......o!......r...psn.....r...po"...&.o#...o$....o%....o&...&...r/..po"...&.o'...o(....+A.o)...t.....,...+..r9..po"...&%o*....o%....r?..po"...&o+....o%....o....-....,..o......,*.........or........o,...o"...&.rG..po"...&.o&...&.rQ..po"...&.o-....o%....r_..po....&....o!....(......oo...Q.o/...*......_.M........0..n.......~....s ...%..rc..psn....%r...po"...&.o#...o$....o%...%o&...&%rQ..po"

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Data.SQLite.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):446136
                                                                                                                                                                                                                      Entropy (8bit):6.166664458043378
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12288:x87lv7mxYhdYzX8/4uqBIbQGEZnFNFfcaFeFOFwcGF6cmFWc0FWc8cIcKcUFJFpA:efhdYzX8/dbMXA
                                                                                                                                                                                                                      MD5:2CD89BD306B2E852F70CBF49C2DD1C92
                                                                                                                                                                                                                      SHA1:8D37E741238CF895E59DD73911F6D6883F9A469E
                                                                                                                                                                                                                      SHA-256:FA3D7678272B10DFA0BE3D959F0AEA38A58B75CAF1BBA06D6781218CED489620
                                                                                                                                                                                                                      SHA-512:CED25645B62D531E5E6CD629BE8DF0BD7859FF2FB52E80C67836A5C50DB011F4EEA017B34EB5005C64CB0E792ED11B716778D1C24D756508F555E42EB758C11F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....O.f.........." ..0..p............... ........... ....................................`.................................7...O.......p............z...T..............8............................................ ............... ..H............text....o... ...p.................. ..`.rsrc...p............r..............@..@.reloc...............x..............@..B................k.......H........n...x..................<.......................................:.(9.....}....*..{....*:.(9.....}....*..{....*...0..........(:.....-..*.o;...*...0..T.......~&.........(<....)...(=...-.~'...(>....(?...s@....)....)...(A.......,..(B....&...*.*........;C..........MM.......~,...._...*.0..(.......~&.........(<....+............,..(B....*.................0..........~&.........(<....+...(=...,.........,..(B.....9....(C...r...p......%.(..........(....(D...(E...&.8.(C...r...p...

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Data.SqlClient.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1023360
                                                                                                                                                                                                                      Entropy (8bit):6.148689002721556
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12288:9SqIAB+KyECe4rnKwJyjyIcAL07LgUulGC9337lTQaf60FhFoFmF8cjcsc4FEFbZ:9SqIAB+KyECe4bNyjyIcALCgUud7lT
                                                                                                                                                                                                                      MD5:0AEBC8E926BD1F1269E5A053B6B541DD
                                                                                                                                                                                                                      SHA1:B40671A4D2973A1E4D71DC674308B8883EBE58F9
                                                                                                                                                                                                                      SHA-256:5F79C075D83904AC64510C3DC77E45980EA38B82204E39C3913531BFFF78585B
                                                                                                                                                                                                                      SHA-512:AB5D8F401F86C911DE64D8083E507C63012D9CED7AF32FD28414104E4C2E89305FBE09C49EBE9F1B2AE45FE1F45C9179BCFA4A2324D8DA1201769FAEB11F1A45
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@)............" ..0..p...........{... ........... ..............................,.....`.................................1{..O....................z...#..........<z..T............................................ ............... ..H............text....n... ...p.................. ..`.rsrc................r..............@..@.reloc...............x..............@..B................e{......H.......@...$...........d"..XW...y........................................{E...*..{F...*..{G...*..{H...*..(I.....}E.....}F.....}G......}H...*....0..k........u......,_(J....{E....{E...oK...,G(L....{F....{F...oM...,/(N....{G....{G...oO...,.(P....{H....{H...oQ...*.*..0..b....... .e.V )UU.Z(J....{E...oR...X )UU.Z(L....{F...oS...X )UU.Z(N....{G...oT...X )UU.Z(P....{H...oU...X*...0...........r...p......%..{E....................-.q.............-.&.+.......oV....%..{F................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Data.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):25384
                                                                                                                                                                                                                      Entropy (8bit):6.290197216885165
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:DWAAaFiTCmM82SuxDJQqMWioFWNwYA6VFHRN7IYMTR9zUQ5:CpaFiTCm0DJQsywFClVg9zR5
                                                                                                                                                                                                                      MD5:7AA4CC0823A68484980CCB05380826C4
                                                                                                                                                                                                                      SHA1:7A74462318DDB1B472CA7DD9BB30B05AF2C38CB4
                                                                                                                                                                                                                      SHA-256:04C204B1FC3B287A1C236AE14A6B397FB32BAB493FCEA64EBA78C8BB234FA37B
                                                                                                                                                                                                                      SHA-512:D7A58F21889D0CBE1AF6BDF1F009D00EA66B79512F05613EE429964CE6C789FACA1B5CEF6DDFB463D607C498A7BE671601DDC18474124E2A184049222F543C9A
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....w,..........." ..0..0...........O... ...`....... ...............................q....`..................................O..O....`..8............:..()...........N..T............................................ ............... ..H............text..../... ...0.................. ..`.rsrc...8....`.......2..............@..@.reloc...............8..............@..B.................O......H.......P ...-..................LN......................................BSJB............v4.0.30319......l...T...#~...... ...#Strings.....+......#US..+......#GUID....+......#Blob......................3................................<.....H.........~.......................).r.........;.................Y.......................B....._...................#...........................).....1.....9.....A.....Q... .Y.....a.....i.....q.....y.....................R.....[.....z...#.....+.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.Contracts.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16664
                                                                                                                                                                                                                      Entropy (8bit):6.674104191430389
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:meVamI4NZKxZ88W6Z2WIW1AWxNzx95jmHnhWgN7acWnFx6RMySX01k9z3AcyFaZr:DVae+y8W6Z2WVRX6HRN7SuMR9zPyoa0
                                                                                                                                                                                                                      MD5:53A5965A6A8EA3D8EC5FA56EB53A88A4
                                                                                                                                                                                                                      SHA1:669AF6E47FFE94CC600E21A4EB052C05F65BFF01
                                                                                                                                                                                                                      SHA-256:F8179EF7837F7BF555720B9FA8C49243365794C28D2F7381E612BFC548681DF7
                                                                                                                                                                                                                      SHA-512:BBA0CE25676F1B97E4442EEF0FF0410E67DAA780AD18FFBEB61462ECB6846AA82C3AD5806656A4048111807096BF359951E2D628EF77D5923ABCEE57FC855156
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."!..0..............+... ........@.. ....................................`..................................+..N....@...................)...`.......*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H........ ......................P ......................................=......mO9Y.F.&w.(6....?.8.EG..;.J..B.j-........<Z>R._......d|Y...!.tv.k.|;mV..b.^2.<...p........4.......2.\x?.LJ]f.l.&?....BSJB............v4.0.30319......`.......#~......H...#Strings....4.......#GUID...D.......#Blob......................3......................................Z.........9.........................,...5.............{.........F.............................#.....p.........................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.Debug.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16176
                                                                                                                                                                                                                      Entropy (8bit):6.74420130921519
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:jXfMxA3wKbW25mWHWWxNzx95jmHnhWgN7aIWN4uvpGX01k9z3Af/8ROnkxh:jCIW25mWHdX6HRN7yxpGR9zqCOSh
                                                                                                                                                                                                                      MD5:200A2EF8039A866C29F6646C08C916A0
                                                                                                                                                                                                                      SHA1:D9AFB3DCF376FDF153D5B0F1AE6167660DFB1FEB
                                                                                                                                                                                                                      SHA-256:F587E4D5F4347D8851FE63FD165FF3AF6F0A0D7EDB22DC9EC13878CC5342AB2B
                                                                                                                                                                                                                      SHA-512:51BEB0733A184397ED605D483D0EF47F7A6B6DA05666DB5175CBDB8CDEFB90E4D6BFDB0C59E118796E9851108D590F2EADF3CF07944424C05276BD9F8A64E25C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....+............" ..0..............*... ...@....... ..............................+.....`..................................*..O....@..................0)...`.......)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ......................$)......................................BSJB............v4.0.30319......l...H...#~..........#Strings....<.......#US.@.......#GUID...P.......#Blob......................3..................................................W...R.W...g.D...w...........0.....w.......................>...........................................>.....>.....>...).>...1.>...9.>...A.>...I.>...Q.>...Y.>...a.>...i.>...q.>...y.>.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.DiagnosticSource.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):416056
                                                                                                                                                                                                                      Entropy (8bit):6.650016678777876
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6144:bsuTEcoc/FGNasNt2l4ru2jKw6xtQ7/tvjETqCZ03EdZbj4MKpW:QuTf/FGcsNtM4q2jStgjTy4MD
                                                                                                                                                                                                                      MD5:ADD4BC84418AEC1011BB4AD7EDF12B00
                                                                                                                                                                                                                      SHA1:A1D54AA744C20733AAAD9CA4F219B05FA8245981
                                                                                                                                                                                                                      SHA-256:9444173233A16F1C5508DDBCA2DC674DCFCFF91DAE321CBC8AC3A01527A6688B
                                                                                                                                                                                                                      SHA-512:5A0FC3CF99BE67F49870DA7E487BA880F3624A441548EE76557C355FAC369831DFAB833C8718C986F89B4A77AA7065C9CEEFC95A40794AE1818FBFBC967FA807
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........................................................0......S/....`...@......@............... ...........................................)...0..8)... ...... )..p...............................................................H............text............................... ..`.data...............................@....reloc....... ....... ..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.EventLog.Messages.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):801064
                                                                                                                                                                                                                      Entropy (8bit):1.7803430746056426
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:56irCgZC4pWjA6Kr4PFHnhWgN7aIWn1odzxOhJNlOCgX01k9z3AEu3e:5xrXNYA6VFHRN7AodzxIPaR9zlu3e
                                                                                                                                                                                                                      MD5:CE7A27E8775F2BF4491F6B6668ED375C
                                                                                                                                                                                                                      SHA1:6F1F27913AC6E8C83E82E693B3CD16D2B07174E9
                                                                                                                                                                                                                      SHA-256:AA8CB35D10093FE4BDA643ACD30EFB70AB539B7D079249414340F03AA8D641E3
                                                                                                                                                                                                                      SHA-512:0B0F582F7B614C8DE77D4628EAB775D01761972AB35397BB6A67409144D85EFCD68F06D70BD8E0B663F18285E9C36880A2365671AEF1323A16051A166BD560B7
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............&)... ...@....... ..............................>.....`..................................(..O....@..l...............()...`.......'..T............................................ ............... ..H............text...,.... ...................... ..`.rsrc...l....@......................@..@.reloc.......`......................@..B.................)......H.......P ......................H'......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID.......`...#Blob......................3..............................................-.....-...0.....M.................R.................h.....7...........[.....x...........D...................................).....1.....9.....I... .Q.....Y.....a.....i.....q.....y...............................#.....#.....+.....3.X...

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.EventLog.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):173856
                                                                                                                                                                                                                      Entropy (8bit):6.126378443583661
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:BfKizhWKG5GTrXhcJPJ7K3SU1884kr+EIuVLgQAW+o8URJ:5bzvG5GqU1x4kr14nXu
                                                                                                                                                                                                                      MD5:FBD961CBBF04C45472C7194E2A317B9B
                                                                                                                                                                                                                      SHA1:EC111E72AEB04ED6751BEF1A83559CB54700353B
                                                                                                                                                                                                                      SHA-256:1501AD59E05DB6CD73D82426C73D14D6DDC72403713DBE4099CD6C1A650A8A46
                                                                                                                                                                                                                      SHA-512:365C7FA8C2317AAC6FFF937D7D353C3EC6BFA56A6D3172187608AED26023E2F90DD293E770EEEB56BA766E5DFB15C20D4929089CD7A050F95E8C45128D5CF33E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....j............" ..0..t............... ........... ....................................`.....................................O....................~.. )..............T............................................ ............... ..H............text....s... ...t.................. ..`.rsrc................v..............@..@.reloc...............|..............@..B.......................H.......4...p............x......,.........................................j ....n_ ....n3..*. ...._ ....`*...0...................(3..............(4....(5...........(5............(6....(7........(&....(8.....................(9.....(:.......,...(;.....(<.....(=....*.(....+.-X..........?]..........`v.......0..g...............................(4......(4.....(6......(6....(7........('...(8............(<.....(<.....(=....*.........;P.......0...........................(3.............

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.FileVersionInfo.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):47384
                                                                                                                                                                                                                      Entropy (8bit):5.386361519950313
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:7ky9wsP/QEBuk3bqUghj9zk6KPivxbzY17tFAX+0foWIl9zApn:7ky9wsP/QEBuk3bqUghjVXKPipb017tc
                                                                                                                                                                                                                      MD5:CC68F9E56A287662C705302068EF4994
                                                                                                                                                                                                                      SHA1:DB038C3BC9434359367D4AA7801C605D2D61CFCF
                                                                                                                                                                                                                      SHA-256:AB5638A08516771F08F7CCA49D9C43FB90E5937CB1D6F03C307A5EBFAAAB5BD4
                                                                                                                                                                                                                      SHA-512:1609A29259407CD37627B9786897206FCC229DF4955317CD60AC71A9AF175BE866AF456B08C76401CE2083D67E837E37D5AF7B24F61ABB392D2DE44CB71CED23
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....^..........." .....`... ......................................................S3....`...@......@............... ...................................................)......H...h...p...............................................................H............text....X.......`.................. ..`.data........p.......p..............@....reloc..H...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.Process.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):338216
                                                                                                                                                                                                                      Entropy (8bit):6.547091859291254
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6144:PZkDfqaP75HL9eEIdanhOe9jb3b41PlmFFVZTdiX2JD:P2DfqweDdSo8D
                                                                                                                                                                                                                      MD5:634FEF75870C6C036FB4132A4E4D5B63
                                                                                                                                                                                                                      SHA1:9020E99507A27D3009B5914F0E73C91F39C1AA1E
                                                                                                                                                                                                                      SHA-256:7BBCA593ED7F5B8F8650ECD5E597190D7D55BC4B1B9D8A992C7A1F887E65DCC2
                                                                                                                                                                                                                      SHA-512:03B92B87E25344F425AB05475845B14BD8B320E8C09E5B55D94F8FD284097F5226A99720988DDCAE025B92C60847F04AD60D74C0E4E90BAD380EB0A5390251DC
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........p............................................................`...@......@............... .......................................w..."......()...........%..p...............................................................H............text...+s.......................... ..`.data....S.......`..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.StackTrace.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):47416
                                                                                                                                                                                                                      Entropy (8bit):5.395594314778358
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:dc6qXYiTR+DUnWzE8vk6Y4mPFWg0WhQ9zK6:d0XYiTYDUnW/c/4mAg0WmzK6
                                                                                                                                                                                                                      MD5:48E2A256B5D7FC2BB74B5046AF715072
                                                                                                                                                                                                                      SHA1:EC1854323EDB9C462A2A967C1C06759C3261CCFD
                                                                                                                                                                                                                      SHA-256:2911FCAD2139490432F3FA96FFB3A50A90E06F84C60E45DF60E6DEB4126B16B9
                                                                                                                                                                                                                      SHA-512:2D0196C98EAA40759ACCD38C5410F482CFBFC83B79CDC629E0297A3B590B1FDD3FB77299F38A1F1414DBBB71475C6CEF744BB2FD7D695E9D3177BF7817F80C68
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....Y............" .....`... ............................................................`...@......@............... ..........................................8.......8)..............p...............................................................H............text....V.......`.................. ..`.data........p.......p..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.TextWriterTraceListener.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):67896
                                                                                                                                                                                                                      Entropy (8bit):6.071077935827304
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:CFtHMfPA85VU9QbAoqxfxGSC0e+LRnugRxFjyGw3/slSdoF31s7YiNL2OSkkkUPM:2GQ4EoLmpzFYU4WCzj9
                                                                                                                                                                                                                      MD5:7AEC30A9E458C5C0025FBFA3A940B791
                                                                                                                                                                                                                      SHA1:E7AED5DDD43AC6D7EF1D474229EDC9FEDFBF1DF6
                                                                                                                                                                                                                      SHA-256:1A1CB8D5807BF6EF60EE749AF2A7D485A581FC7C03CED44E947E08699566B2AD
                                                                                                                                                                                                                      SHA-512:0D18CA8444DF6C74CCFD74344B59F6B965783592AA4E674478ADDD5ABACF0518C4C0060BB07E7471BF550A909F50E8DC6B6C779922E58EB870FBCF2E0F298757
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...B............." ......... ......................................................O.....`...@......@............... ..................................4...<(..........8)......0.......p...........................................................8...H............text............................... ..`.data...............................@....reloc..0...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.Tools.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):15664
                                                                                                                                                                                                                      Entropy (8bit):6.8080160066573665
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:PAmShxA/HmWQzUWUdWxNzx95jmHnhWgN7aIW5Y3YHnsTX01k9z3A1GUST:PlexWQzUWUeX6HRN7GgYMTR9zUDST
                                                                                                                                                                                                                      MD5:6D8E075425E16A234FC8F5463C11BEB0
                                                                                                                                                                                                                      SHA1:97D419FD390DFBF214FB7CFCA029A3458554F55E
                                                                                                                                                                                                                      SHA-256:383907734CD3DD76969A359423AEF226CA131AD085FEFDE4943F9B6BB9B28102
                                                                                                                                                                                                                      SHA-512:45B57EC21B8E618E83E0B0B790A6C5964054D50C3DB8D88A7B564201BD693746C555A0203C50F7DEBB6888222A0BE8307598C6451AA1FDF254E48D1CF5A1A795
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............)... ...@....... ....................................`.................................Q)..O....@..................0)...`......`(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..(.......#Strings............#US.........#GUID...........#Blob......................3................................................F.h.....h.....U.................%...(.%...........%.....%.....%.....%.....%...f.%.....%.................O.....O.....O...).O...1.O...9.O...A.O...I.O...Q.O...Y.O...a.O...i.O...q.O...y.O.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.TraceSource.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):145712
                                                                                                                                                                                                                      Entropy (8bit):6.215648320789539
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:gHiUYBgRTeY0dpwQn60x7cftbgZ7eInKT5DFN3+M9:tBgcY6aQn60x7cftbgUHl7z9
                                                                                                                                                                                                                      MD5:E65ABBCA33F2ACA899D9F5106D6C4CE6
                                                                                                                                                                                                                      SHA1:27E9980354458C7EE097F752874C1F6D95EA66A9
                                                                                                                                                                                                                      SHA-256:CC685536EB2061DD6CAF225E353334AA9179AFAEEC105836CBE3B84B88E3BF1A
                                                                                                                                                                                                                      SHA-512:C7614E260036828F863764FE41920DCB46055928DD5274628C317C3997C95161D131A02358ADC1B7E3E25928AC24434FCFCF49DE5A6DDE5C5A3FB2B947265F95
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...-Z............" .........0......................................................J.....`...@......@............... .......................................B..........0)......|.......p...............................................................H............text...g........................... ..`.data............ ..................@....reloc..|...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Diagnostics.Tracing.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16680
                                                                                                                                                                                                                      Entropy (8bit):6.732264017448511
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:QJ+yQNWbKDWdQYA6VFHRN7XblAcGkELRPR9zjOZP:7DVFClruyQ9zKl
                                                                                                                                                                                                                      MD5:3DE56E93F4E1D8D189EEB58D935D39B6
                                                                                                                                                                                                                      SHA1:1534FDD929DF529AB29EA4DBD1E9E9D3EC51C949
                                                                                                                                                                                                                      SHA-256:07990D092B8200A012C83B871324F18AC8C42D335EDFD570A1D6A695D55E43E7
                                                                                                                                                                                                                      SHA-512:893F5F8D72AB2F0C48E33C7A38864380571D57E162A371B2B4E4ED879CFC37F220117860C7DA324EC5BF57F683B70A78D3BCDE010ED67A7AAAB553D5C9AC4C6A
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#X9..........."!..0.............n-... ........@.. ...............................G....`..................................-..V....@..................()...`.......,..T............................................ ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P-......H........ ..L...................P ......................................../e5.)5a..7.......C....V...D1.<t..I.@.......@K..T.H...._.F|..;9.j..TIKLL.tV...=.R?....../{..X....J?....i.M.d..]....w.(.I^BSJB............v4.0.30319......`...x...#~..........#Strings............#GUID...........#Blob......................3................................ .....................O.......................c....._...........}...........6...........B...........................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Drawing.Common.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):414280
                                                                                                                                                                                                                      Entropy (8bit):5.92089676794765
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6144:xCBivlueKi3O567Rf25THDAbPvFsPdBXP2hpqW0/nx0q:xCaKi1HF4BfNx
                                                                                                                                                                                                                      MD5:DDD24ED9FE3B256AB955554893D832C6
                                                                                                                                                                                                                      SHA1:DDF4603FC7AB70F5E49C3CC7F7C691977EF82DD0
                                                                                                                                                                                                                      SHA-256:DF409DE7822EBE4871AADEF1F8E4A553406395C8D692704037781777BA650300
                                                                                                                                                                                                                      SHA-512:F1497BB0CB39A325923BD13314A8C8125B06978BD2D6BDB7387F4E838D27AD0E735461C8BC2584E421E9C9E8DA2AAEDC6757CAD6F6678EC5BCED41A81E8D0E34
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..$..........:C... ...`....... ....................................`..................................B..O....`..................H$...........A..T............................................ ............... ..H............text....#... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............,..............@..B.................C......H.......8...................h...pA......................................"..(0...*2.{1...(@...*Br...p.....(....*Bre..p.....(....*Z.J./..*.J.1..*..(....*..0.............(2.....-..(.....r...p..(2...&.-...-..+..T.*F.r!..p(3...,..*.*..*..0..1.......(....,..%-.&.*..(.....o4......&...,...o5...,..*.*............... ....(....,.r...p......%...%...(6...*..(7...*.(....,.r...p......%...%...%...(6...*...(8...*.(....,!r...p......%...%...%...%...(6...*....(9...*..,&(....,..r...pr...p.(6...(:

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Drawing.Primitives.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):133424
                                                                                                                                                                                                                      Entropy (8bit):6.077871799095023
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:DN8FFc4yeP4SyuvmH00N6no5WvCIp4oRcreUiY:eFFEimpjHo4eA
                                                                                                                                                                                                                      MD5:9436B672EF85B0060E417B93E6F4CD05
                                                                                                                                                                                                                      SHA1:589C7567B4B9FBCFC69048DF509A8F401F31B49E
                                                                                                                                                                                                                      SHA-256:FA7D94825EC7ADEF2171952CE5A176B74CF97CB3C7A792A83A0CC03EB4A3B071
                                                                                                                                                                                                                      SHA-512:A322D1D8D45CF3E5DEA7288BA1C192D5792D0C409A6F0140846A302AF5C33BC4AFC0D11DEC81384B7CCFF8F9B66BFF1F1C20B6A357B3D6AA95A91B1A06BD3E50
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....|............" .........0.......................................................'....`...@......@............... .......................................-..........0)......<...H...p...............................................................H............text............................... ..`.data............ ..................@....reloc..<...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Drawing.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):20776
                                                                                                                                                                                                                      Entropy (8bit):6.428726027972037
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:v8iP7uC8MYITetNPBw7vaWxAtWdYA6VFHRN7DkELRPR9zjOmxk:vRMPD8FClQQ9zKl
                                                                                                                                                                                                                      MD5:72E86E777EB37C25309D9CA02FB173D2
                                                                                                                                                                                                                      SHA1:958DBEA0B0EC16624B24F05A13633642D929A3C0
                                                                                                                                                                                                                      SHA-256:4EF5CE2DAFC66D495B9D075EB30AA5DC5C32A84FBFB2903E57E514A7BB4ACC96
                                                                                                                                                                                                                      SHA-512:E15CA60C6D30BF4A661B51D7034E055224A89B108CEBA7FEF13C9246391E46DC05D35E6F46AD6FB0D115CAE7DE6371F6CCAA71695D56A84C9FB9DEFEFC8FAA36
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............b=... ...@....... ....................................`..................................=..O....@..X............(..()...`......0<..T............................................ ............... ..H............text...h.... ...................... ..`.rsrc...X....@....... ..............@..@.reloc.......`.......&..............@..B................A=......H.......P ..`....................;......................................BSJB............v4.0.30319......l...\...#~..........#Strings............#US.........#GUID...........#Blob......................3................................................s.#...C.#...~.....C...........d.`...U.`.........*.`.....`...!.`.....`.....`.....`.....`.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Dynamic.Runtime.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16680
                                                                                                                                                                                                                      Entropy (8bit):6.6920378205912305
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:8YwoCMWs1CWSYA6VFHRN7xo0yzxIPaR9zEs4M:8ToF+FCl+0yzxOW9zFh
                                                                                                                                                                                                                      MD5:61F1E563B3D2F94B3392CD568254FCE8
                                                                                                                                                                                                                      SHA1:E5F006FBC73D470081D92C2DFD47C13382D78438
                                                                                                                                                                                                                      SHA-256:9E24A4F9235027AB72D2480FA54EB291AC46E86354F240426CD8FA0FDB2BF197
                                                                                                                                                                                                                      SHA-512:4CFA20B326B7729D1483CB1AEBBD261A4B6FCC46948C91C4EC844D34038ECBF94C84AD6959AE499AD8C7F05D72C2CF1A19A1C09BC5D25B1B98A81A51B8712357
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z.,..........." ..0..............,... ...@....... ..............................L.....`.................................e,..O....@..................()...`......x+..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P .......................*......................................BSJB............v4.0.30319......l...<...#~......h...#Strings............#US.........#GUID...$.......#Blob......................3......................................&.........W.............................j.Z...9.Z.....A.....Z.....Z.....Z.....Z.....Z...w.Z.....Z.....#...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Formats.Asn1.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):244000
                                                                                                                                                                                                                      Entropy (8bit):6.507233565279823
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:IgsUsdJHsqVpPq+Pu1Nr7tXAjsEpN0Qif+H7zgiuG4krZAuZAt0/+9MyQ4UjIPKx:zTs/Hsq7Pq+67qjhp+QifaCtz9VTKp
                                                                                                                                                                                                                      MD5:CDF076CA69511E705F6F5B753098F9AF
                                                                                                                                                                                                                      SHA1:90D319A2C2206528DDC216C4B7A55F3011EBBAF8
                                                                                                                                                                                                                      SHA-256:689C8742BA53CD02774B1E7A94C9C9F15767C4BF4FCBCE2B801B916329BAB51A
                                                                                                                                                                                                                      SHA-512:1ADABCFBB98CAE2AEF81ECC4C7E3E423E02955691FF0B6FA0733EC764CD94DEA6CA9A3F2797D60760E28FE053F7797F77F3DC8B854A627836C020B569B05E13D
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...,............." .....@...@......................................................h.....`...@......@............... .......................................P.......... )......h.... ..p...............................................................H............text....=.......@.................. ..`.data....*...P...0...P..............@....reloc..h...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Formats.Tar.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):272664
                                                                                                                                                                                                                      Entropy (8bit):6.5102889309866585
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:OhWQ+7dHwUJgHKaDh3ZQDQKEtS5SQTc3XPOsu1t4jnX4Sly4cv8zq/xv642ucUpX:Y5+7NIHCEJ9ly4DW/2NfpgzAmR
                                                                                                                                                                                                                      MD5:41A6F214168ABD16EB912C85ACC09E6E
                                                                                                                                                                                                                      SHA1:29441BB9FA6E8B7A3F058FD511490025C920246B
                                                                                                                                                                                                                      SHA-256:4AAA042DA8CCF199E8131429FBE28B71A8547B3CB8ED20D3B6962BA6D45770F5
                                                                                                                                                                                                                      SHA-512:B977AC9C155CEE618739A115A495EB92EF270A5B0DCA1DAAE4C78B836BE3A7D3EC06B030180AED0AD116C4DA6A98AE7185D919FE141A667AF6FEEADA0C72030C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....!............" .........p......................................................Q.....`...@......@............... ..................................t....f...........)......L....%..p...........................................................x...H............text....|.......................... ..`.data....V.......`..................@....reloc..L...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Globalization.Calendars.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16168
                                                                                                                                                                                                                      Entropy (8bit):6.766379214654712
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:c0sRqXWDRq4oRqm0Rq7WSYA6VFHRN7XgJ8KER9zly1O:9mqKq5qmuqFFClwJ8R9z01O
                                                                                                                                                                                                                      MD5:D21C365011A6420D58FE6EBB86C5784E
                                                                                                                                                                                                                      SHA1:7EEA87877D56968A80A940C5FDD72E7416CB666D
                                                                                                                                                                                                                      SHA-256:C016FF9595BF28A1D507A8058BE786FD0EEA635569EAE5E27D8F7B0B8D2DE0F2
                                                                                                                                                                                                                      SHA-512:FE74960971E974771D86195B317A5096412868654F151CA2BB1FF4E058EC8315AA19613C2423597A6C02F88BFFA4E6C05360C1143FE09306955DA48DEF5C9477
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c............." ..0.............>+... ...@....... ..............................H.....`..................................*..O....@..................()...`.......)..T............................................ ............... ..H............text...D.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P ......................l)......................................BSJB............v4.0.30319......l...p...#~..........#Strings....|.......#US.........#GUID...........#Blob......................3..................................................;...x.;...3.(...[.....^.................I....._.................w.................G..................."....."....."...)."...1."...9."...A."...I."...Q."...Y."...a."...i."...q."...y.".......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Globalization.Extensions.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):15656
                                                                                                                                                                                                                      Entropy (8bit):6.821063767728242
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:2gKxRPWYRg7Rp0RjWCXYA6VFHRN7HoJR9zgwmL:2gKnN+putXFClA9zA
                                                                                                                                                                                                                      MD5:0DEE67964FCB385F9FA8B7C3828ABCDD
                                                                                                                                                                                                                      SHA1:831A65D098049E4260A24B7C6AF40B1F97E4D598
                                                                                                                                                                                                                      SHA-256:07C60EF102AA7DFAD2BC691A9B4B9D827C40934C4E88029E19E9694267B93465
                                                                                                                                                                                                                      SHA-512:277719C8981D6EE5F86E58FD6F1D554E9044B397A0598C4FABF7B7E6F8243A86C96114EA3DCAA80EF9942F47C60D0CB27DABF8CA081437A20A94312C4155DC52
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...`............." ..0..............)... ...@....... ..............................5.....`.................................o)..O....@..................()...`......p(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..4.......#Strings............#US.........#GUID...........#Blob......................3..................................................8...x.8...3.%...X.....^.................I....._.................w.................G...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Globalization.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16160
                                                                                                                                                                                                                      Entropy (8bit):6.706885767315989
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:9D3RLWdRMCRA0RHW7lX6HRN7U3GiNbZR9zBd6o34:9Dh0jAuSFWmFT9zz34
                                                                                                                                                                                                                      MD5:1104F40E8469C5590E7EFF79F7CA7D20
                                                                                                                                                                                                                      SHA1:D156ECD4719973DCD81AA14D1A5E25C403506E66
                                                                                                                                                                                                                      SHA-256:B5809B99963888AA99A958A22982CDDD7235C09053466F2922C3AB120CBDE456
                                                                                                                                                                                                                      SHA-512:2126C5FF977F4E1A1F1CD0D5E96C0AAB5476CE12C9EE14B3AB9AC7180C9483F681029C961E3031D82F788B2172F647FADFE99805BFAFD9A2625723B0C1E9273C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...."............" ..0.............v*... ...@....... ...............................q....`.................................!*..O....@.................. )...`......8)..T............................................ ............... ..H............text...|.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................U*......H.......P ..h....................(......................................BSJB............v4.0.30319......l...T...#~..........#Strings............#US.........#GUID...........#Blob......................3............................................................D...........o.....*...........Z.....p.....?.......................&.....X...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.Compression.Brotli.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):84280
                                                                                                                                                                                                                      Entropy (8bit):5.88073044398993
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:pR6V+A9+/PACL3jKhNro9wbnjVZE+eU6phWpGzFT:pR0Z+3Ai+hNroebns+P6PsGpT
                                                                                                                                                                                                                      MD5:75A8A0B838312CA85F7080E46E2AD772
                                                                                                                                                                                                                      SHA1:0CC9A61CD1CFC94CB62E398161E55326AA746A34
                                                                                                                                                                                                                      SHA-256:2172BDD60DDE91FD530473D4C8D7BD96EAD15CCE886B438F3B39363DE781C671
                                                                                                                                                                                                                      SHA-512:770A19C2C1CE7228835AE58198CFA9CCB52E1D9AD246D18069354F0BD94D2A1A2BCFF430F59B5320026C625EB47CF2B6F650659E1F69D8E1AB5334AC806F63D7
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........0............................................... ......."....`...@......@............... ......................................|(..L.... ..8)..........@...p...............................................................H............text............................... ..`.data............ ..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.Compression.FileSystem.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):15672
                                                                                                                                                                                                                      Entropy (8bit):6.764939082374204
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:5tfL/jFoPaWuJmW0xWxNzx95jmHnhWgN7a0WamLkoiINFPKBWX01k9z3A+olmV:PfLxKaWuJmW0aX6HRN7R1t8KER9zllV
                                                                                                                                                                                                                      MD5:C804A5B35533C6C78ACDEB7928617388
                                                                                                                                                                                                                      SHA1:C037FD5B022707FEA213F703C22682CB4A2C95FB
                                                                                                                                                                                                                      SHA-256:1481A72E898D6A995BB99EFFFF60AC5CF4D49463A24DC23EA6F73B5E69E3251F
                                                                                                                                                                                                                      SHA-512:EC938C04E946C36CB378A387D8E8EB679E16A43C4E0E75C6DA8A428E426B0EACBA7170758EB1199A45B18A1239EA61806ACA85FBAFF698D6FAC77B3FC8268F07
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...H.t..........." ..0..............)... ...@....... ..............................X.....`..................................(..O....@..................8)...`.......'..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ......................,'......................................BSJB............v4.0.30319......l.......#~..,.......#Strings............#US.........#GUID...........#Blob......................3..................................................U.....U...Q.B...u.....|.....7.*.....*...g.....}.*...L.*.....*.....*.....*...3.*...e.*.................<.....<.....<...).<...1.<...9.<...A.<...I.<...Q.<...Y.<...a.<...i.<...q.<...y.<.......C.....L.....k...#.t...+.....+.....3.....;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.Compression.ZipFile.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):55592
                                                                                                                                                                                                                      Entropy (8bit):5.794508588818863
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:WrHCYlbejwSCGs6ZQyvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvB:WrH70jSVyvvvvvvvvvvvvvvvvvvvvvvZ
                                                                                                                                                                                                                      MD5:78C22A26EF9F5B8411C0E3CF5AD7441D
                                                                                                                                                                                                                      SHA1:0B6893BF383C5EE0A72FF0037D8D6A49D986718E
                                                                                                                                                                                                                      SHA-256:7AB974DC21BA2583908C76AB1D341668B737C31D77A450C964D54579CC23DA5F
                                                                                                                                                                                                                      SHA-512:C0B6A08BF8A91A27CC9D6C2B3AA6555DAF6F5F5F959A8D188B0054AD25CFA1C171954C45FA68CB09579B3306D4AAC6D3254FA477DCF036609AAEF2DE1CDB2839
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....l..........." ......... ......................................................E.....`...@......@............... .......................................!..........()..............p...............................................................H............text...8y.......................... ..`.data...A...........................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.Compression.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):264472
                                                                                                                                                                                                                      Entropy (8bit):6.548591134679868
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:pAindQCtmkal13Vn7vUoD2+bkf/B3q1GqqcJIbaIksoRirnnMpDTp/RbC++xMQPp:eidUT3tn3bwNKvco4roTpcaQPEamBHY3
                                                                                                                                                                                                                      MD5:D9F34984A15B7E1651950F7FC4212AD1
                                                                                                                                                                                                                      SHA1:E31F71380FCC9BA64847F0B60D8DB85671F83F85
                                                                                                                                                                                                                      SHA-256:E595732C065539AB183FBD27CF5E42C63D11079F7ACBEAE455421B5E2E73B669
                                                                                                                                                                                                                      SHA-512:FCB010FBCEAE2197AD927265DD5FA5A8CDE9E0859C127144A0DEC5E33592CCAE6CDD840F1CE15BE216EBDB6755374AD8D14162303219A4C2D5795AC8F267DC65
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........P............................................................`...@......@............... ......................................df...........)...........%..p...............................................................H............text....|.......................... ..`.data....;.......@..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.FileSystem.AccessControl.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):104728
                                                                                                                                                                                                                      Entropy (8bit):6.04299609988956
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:xxkAAMNiDSjaabcPihEzfQHlDE7H+CAvpYx/K8yf9DSWXpzF:xxL3YuiA2dbi/f9DSypx
                                                                                                                                                                                                                      MD5:7B8853FA50238165F45E3C6B33D6351C
                                                                                                                                                                                                                      SHA1:5168A2CB788E45828329959A8BEB2ECBFB49112F
                                                                                                                                                                                                                      SHA-256:3053AB194B17A8175155651B35D0FCB62F3D8F0C3078CBDC2627C4C7669042F3
                                                                                                                                                                                                                      SHA-512:5A980D92DC624D433AA929B6643D05710058B71CE0FC85814C80421578E6BDF94A0900221B59DC8458DED615A655C809A5907D3960F0BA98AC2392A3B424B23B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...U............" .....0...0...............................................p............`...@......@............... ......................................P-.......p...)...`..........p...............................................................H............text.... .......0.................. ..`.data........@... ...@..............@....reloc.......`.......`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.FileSystem.DriveInfo.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):55608
                                                                                                                                                                                                                      Entropy (8bit):5.425657754099587
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:FhuF4f/D8T5a9OkVAJM1/1PC0lr1sklWIk8R9zo:FhuKD8NawkV51/1a0J1sklW8zo
                                                                                                                                                                                                                      MD5:D65CCF17AE03862430A708738F23980E
                                                                                                                                                                                                                      SHA1:2946EC1A63DDE5130CA32274D34C02A70E0F3CA4
                                                                                                                                                                                                                      SHA-256:D7BF8354D118851E2CF0934CE8AFF5DE79C12362FAB51107E8C42BDC20C2B39C
                                                                                                                                                                                                                      SHA-512:DAD79CB469E724DAEB51B72611BEFEA74FE24029A5135C729B87DF2C81781DEB2ACAD08EDB0FA295ABA50C8C5A1AC41802528C5ADE8F3629538FE35B2A9347FA
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....7............" ......... .......................................................X....`...@......@............... ..................................................8)..........`...p...............................................................H............text....p.......................... ..`.data...E...........................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.FileSystem.Primitives.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):15624
                                                                                                                                                                                                                      Entropy (8bit):6.821694638098971
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:z1qGW/dqWMYA6VFHRN7eVXC4deR9zVj7qgTyS:z1qtgFCleVXC4dC9zVjBTN
                                                                                                                                                                                                                      MD5:67EBDED0179552C303E213781BA5DB4E
                                                                                                                                                                                                                      SHA1:BAC421FF4E7F2CE0CA3073294E19B6C19B587F74
                                                                                                                                                                                                                      SHA-256:7C2AEF2BD75EB88874D980358D91C66DE8919DC887FA94CF1EDD770C3A8E5F74
                                                                                                                                                                                                                      SHA-512:5A8EA7ABA4E118036898625CA47D6842EF0E5FB19DF1B847BDB5DFF73ED52ADBEC7CABB26D54CD8D44605178E355143814FAE6697ACA27FC292866A6302BBE8E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0..............)... ...@....... ...............................;....`.................................k)..O....@...................)...`......l(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..D.......#Strings............#US.........#GUID...........#Blob......................3................................................!.2.....2..._.....R...........E...........u...........Z.......................A.....s...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.FileSystem.Watcher.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):88368
                                                                                                                                                                                                                      Entropy (8bit):5.877540050029605
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:BRo/2qh+M5COJu0ZOqpE5fer4GRv33333333333333333333333333333333333W:BOOGVVu0Z5pw2r4G933333333333333m
                                                                                                                                                                                                                      MD5:0713043930CD3C83563EC283D10742DC
                                                                                                                                                                                                                      SHA1:88CCAFEB1BE351C16A3BBFDBC6E160031E3A9B77
                                                                                                                                                                                                                      SHA-256:3B6BDFB5BAD16C2D2126EABB74A9859CA414FC75E6EB520E93D3A43ADBED7640
                                                                                                                                                                                                                      SHA-512:BBAAB646F9BE8AE26E0AD00DFDCEC00F8F00968A594BF4C030D0272D2E8F6147413CB939FE4C1563A39AE2566532E429ED0D1362189EBF9205ADC12AADF26A32
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....P............" .........0...............................................0......t4....`...@......@............... ......................................p).......0..0)... ......`...p...............................................................H............text............................... ..`.data............ ..................@....reloc....... ....... ..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.FileSystem.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16160
                                                                                                                                                                                                                      Entropy (8bit):6.72885945570015
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:iW4RH8FxAvoeTbWyp2WUoWxNzx95jmHnhWgN7agWnY00pyEuX01k9z3Aly+KIQx8:34RH6FyWyp2WUHX6HRN7CEpcR9z0BSte
                                                                                                                                                                                                                      MD5:5591B6C98BCFC539D04FB4116CD1D18B
                                                                                                                                                                                                                      SHA1:330F3ED4D9B6546364FD04E78DB1EAC9CDAE050D
                                                                                                                                                                                                                      SHA-256:4A61B376B6E77FC3FB20ED4ACDA6DBDCBE22D9BC30BF4E06925C003ECA391269
                                                                                                                                                                                                                      SHA-512:F47FD870FA993ABFFB90C575AD94EFE1FA347944C0435102065146477B2BF1E60EF9493647538949EB19173F4864188F4D407D4B997A5FCB33E653C5A184E410
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....i..........." ..0..............+... ...@....... ....................................`..................................*..O....@.................. )...`.......)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ......................L)......................................BSJB............v4.0.30319......l.......#~......p...#Strings....h.......#US.l.......#GUID...|.......#Blob......................3....................................../.........h...................................J.......a...............-.............................../...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.IsolatedStorage.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):92448
                                                                                                                                                                                                                      Entropy (8bit):5.820503518807393
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:JA3qoT3QvNN08kx2/YE3SjZwKPU7+GGlux8a5htWgEp4z+:JYq23QvNN08kxM3SjZwKPs+GGluxptXy
                                                                                                                                                                                                                      MD5:7314D93D8AEA712CC1A2D9B72FBFEB2E
                                                                                                                                                                                                                      SHA1:F9F213CFF762F5006742DF60872EA9B9172E7322
                                                                                                                                                                                                                      SHA-256:BC9EFF07BA9B2C4F4DD82CACE1409A594CAAA263EA481FF7D095EE32170331D3
                                                                                                                                                                                                                      SHA-512:5919A654FDFF9452CE14B0D9951C8B33DA0BE8693288AD6364CA4EC1D116B92884DEF110A5B807F02CBE1CFF6F00091107C8C17AA385F1B4BA582344D04C440B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...3.N..........." .........0...............................................@............`...@......@............... .......................................*.......@.. )...0..........p...............................................................H............text...m........................... ..`.data............ ..................@....reloc.......0.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.MemoryMappedFiles.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):84264
                                                                                                                                                                                                                      Entropy (8bit):5.806191116216466
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:ROxV+zNttvCu2mNikiq7Zb8G/ve/caa9WkA6/iLzUiz:ROx0Ntt3Pisb8Ge/ltkAyQUi
                                                                                                                                                                                                                      MD5:F77A293786087936DB47A5F85D028681
                                                                                                                                                                                                                      SHA1:1F484F14468C4E28C61E04D20CFB77949F7F1E3D
                                                                                                                                                                                                                      SHA-256:C4CE83776FAF64605E92041546DD886D7718AABDB79585F372822F4943F10CF3
                                                                                                                                                                                                                      SHA-512:6E937A2C3A80E8B9058DB6C2389085765FD7A449753E4B3ED3DD9F2EA4ABF44DE45BD54E1F9F06AF2A1A8B3C876730898756D621A9DCA310C6430D47171B8557
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....f............" .........0............................................... ......j.....`...@......@............... .......................................%..|.... ..()......<.......p...............................................................H............text... ........................... ..`.data...`........ ..................@....reloc..<...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.Pipes.AccessControl.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16656
                                                                                                                                                                                                                      Entropy (8bit):6.745569370541998
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:2OeIbSlW+WPWuYA6VFHRN7DEpcR9z0B7QWd:2OIyVFClDEpw9zaEWd
                                                                                                                                                                                                                      MD5:C9E5B4FB06655ACDF85805F9BFAABAA8
                                                                                                                                                                                                                      SHA1:0434768A5419391C748787E55E7E43CCA69DECBE
                                                                                                                                                                                                                      SHA-256:357478614E285906C5478249E1FFBEBF08D5B8FD508FEA854DB6632540FC2E47
                                                                                                                                                                                                                      SHA-512:3DC99ECA3BD14B422C633FA12E081044BAA1756DEAD3D633BA338E7435B5630303ED53D39A681A018047EC4CDB97C8F028EFB91EC16E37F17F28F228F2E68A28
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....3............"!..0..............,... ........@.. ..............................b.....`.................................g,..T....@...................)...`......`+..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H........"..x...........P ......h"...........................................<linker>.. <assembly fullname="System.IO.Pipes.AccessControl" feature="System.Resources.UseSystemResourceKeys" featurevalue="true">.. System.Resources.UseSystemResourceKeys removes resource strings and instead uses the resource key as the exception message -->.. <resource name="FxResources.System.IO.Pipes.AccessControl.SR.resources" action="remove" />.. <type fullname="System.SR">..

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.Pipes.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):166176
                                                                                                                                                                                                                      Entropy (8bit):6.346058751718644
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:VN2U8z8G2Xr0DUXHw8pLZx1w82V+qyp8E9o8vFM:TJ8z+4D98pLiE9o8vi
                                                                                                                                                                                                                      MD5:E2998F0D8693BB46B40A210FA04F9BEE
                                                                                                                                                                                                                      SHA1:645C748C1F9D738598BD8C272FE799A02B0D3D60
                                                                                                                                                                                                                      SHA-256:1972A42C7B9045D102AD48081CD93DC4D96DAE9FF016F75687D4887D03D2920E
                                                                                                                                                                                                                      SHA-512:B1B3F451E91DB813ED013FA4547E83F905A35D2A9E2EF557262EA234E1D9F0F2C4E5761F1E3C78A558C8DFB970D9FE47D987179927331915A8BC680B15E8D1C6
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" .........@...............................................`......;.....`...@......@............... ..................................T...|@..X....`.. )...P......H...p...........................................................X...H............text............................... ..`.data...6/... ...0... ..............@....reloc.......P.......P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.UnmanagedMemoryStream.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):15632
                                                                                                                                                                                                                      Entropy (8bit):6.829247129940496
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:PWvewMxAqj5WjB+WvpWjA6Kr4PFHnhWgN7agWzFY00pyEuX01k9z3Aly+aI4O:umwaJWjB+WvYA6VFHRN7wEpcR9z0BSO
                                                                                                                                                                                                                      MD5:971EE5253BB544A7B2B3A1077C2C6008
                                                                                                                                                                                                                      SHA1:FCE7DB0F757434DF870CC2113DDD67B893C56CE7
                                                                                                                                                                                                                      SHA-256:5B614D49BBA36FF77CAA7A760A1E2C1642435A1FA949BF3BD25015BFFF91473C
                                                                                                                                                                                                                      SHA-512:EBB00CFB6916B79A49FD1B6E0F9C7D77373B747D452466D09CD6689297287C8FE7AFE45E5C341B46998AE7D716D62EA88CE3B0EE26D87263C83DA4735FBE344F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...G............." ..0..............)... ...@....... ..............................n.....`..................................)..O....@...................)...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~..D.......#Strings............#US.........#GUID...(.......#Blob......................3................................................$...........=.n.........h.....#.>.....>...x.7.................>...].>.....>.....>.....>...D.>...Q.>.................h.....h.....h...).h...1.h...9.h...A.h...Q.h. .Y.h...a.h...i.h...q.h...y.h.....h.....h.......................#.....+.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.IO.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16144
                                                                                                                                                                                                                      Entropy (8bit):6.68496802568185
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:7283vFlW2ybWaYA6VFHRN7Uxl/7R9zj2IU9S3N:K6F+pFClelF9z6R9C
                                                                                                                                                                                                                      MD5:A341F35D1B875B0C07079117BA94DD5B
                                                                                                                                                                                                                      SHA1:1302496E225CC36B8DDFC838CA39061936EFCE0F
                                                                                                                                                                                                                      SHA-256:FFC7D4206C7B0C9E92C69A00120CE0859440709E8E5E5EB476572985EA040023
                                                                                                                                                                                                                      SHA-512:89A55CCFC5E4ED80B44E92941CBAD65BDD90E48FC0874DC712F1549BAF557EC85A7BC960B18D304DB311D996918653A771A78808B5D5AB150B4B2DFD33A4A757
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..../............" ..0..............*... ...@....... ....................................`.................................7*..O....@..(................)...`......d)..T............................................ ............... ..H............text........ ...................... ..`.rsrc...(....@......................@..@.reloc.......`......................@..B................k*......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~...... ...#Strings............#US.........#GUID... ...t...#Blob......................3............................................................=...........h.....#...........S.....i.....8.............................Q...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Linq.Expressions.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):3676456
                                                                                                                                                                                                                      Entropy (8bit):6.685377818335155
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:49152:oQngtOBPgD5EUsp4Zq2daW7L2+K06Fs4sZ39SuDsFIW/pj:3GOB4Ombp8uDsFIW/pj
                                                                                                                                                                                                                      MD5:B6A58A0AC1AF936FC5F14F8F2D44D1E0
                                                                                                                                                                                                                      SHA1:0738563464D22751D4ADDFD268A57181CFBE562D
                                                                                                                                                                                                                      SHA-256:F961C3396AADC6AD4475F12EBEA85743D01B015423FB216DAF3DA7A9B7F3ACBB
                                                                                                                                                                                                                      SHA-512:41E3E393866711A811AD1E8F0E184905D4F790BCAC061F41BC42679ADE647A77B2861323FB2A3D7C78660C24EB45680FC72AB3953783C1137D428B8600F80FAA
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....<k..........." .....P1...................................................7......8...`...@......@............... ..........................................`.....7.()....7.,f...b..p...............................................................H............text...dK1......P1................. ..`.data........`1.. ...`1.............@....reloc..,f....7..p....7.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Linq.Parallel.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):805128
                                                                                                                                                                                                                      Entropy (8bit):6.742092274429004
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12288:Hb8dNdBKT9DzuU4/sKE5QmSfc+1yQgdYWrwG00eK0CszcyYoq:Hb8jKT9PuO5QmaryQgdYef0ZK03Hq
                                                                                                                                                                                                                      MD5:1E9DB6EC85E31D87782D10CB2A5A6132
                                                                                                                                                                                                                      SHA1:FF0B9CA05BAAA3028874E6CEC5FAF4188F7B28BE
                                                                                                                                                                                                                      SHA-256:7004CF19931E4688247A28AAFCD46992E1184C782EA9F6BE3C4491D327355C31
                                                                                                                                                                                                                      SHA-512:9AD6BE73F1C89A4901AF2011B051D8874903466733196C211AC114361090605BB647034CBB70CA828C5F2637F19E2656A1771516F2564B111B8F4E46DD273058
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" ......................................................... .......)....`...@......@............... ......................................x....d... ...)......T.......p...............................................................H............text............................... ..`.data....U.......`..................@....reloc..T........ ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Linq.Queryable.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):174376
                                                                                                                                                                                                                      Entropy (8bit):6.299213446161007
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:KuskFLsWejwPAJ+DF8mPOfww59JK6tLUaS0rm:FswxQKAkOmPOfww59bUa5r
                                                                                                                                                                                                                      MD5:04C98DD367C3C081624578459663FE4D
                                                                                                                                                                                                                      SHA1:56976D550298BE9F9DE1BCB30D73D588426941F8
                                                                                                                                                                                                                      SHA-256:7EFDA8EA3ADC84870CA399F1973C1B48963E034158E5C8D184D97E86C8733BC3
                                                                                                                                                                                                                      SHA-512:B40AA4DD1F6D4A5723C79C3AD1C206C00671B1E9A243BA911BDCDCBDB7573C28D702BCC06E80A6882BBCBBD19A0BAF6B89047067EC11E1A4DEFD9B8B289F2E4B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....*..........." .........p......................................................Bj....`...@......@............... .......................................+..........()...p..........p...............................................................H............text............................... ..`.data....V.......`..................@....reloc.......p.......p..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Linq.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):543016
                                                                                                                                                                                                                      Entropy (8bit):6.741951464470459
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6144:cNYb37ypY1hh8r4bdhR+JU1/0kxryufbFHJMyS5IH/YzIhMxjCkoTcH3:MYb3GS1hh8rwdh8UxeEvAE+mI3
                                                                                                                                                                                                                      MD5:6ED1EA9A8EA41D939DA714D97F063993
                                                                                                                                                                                                                      SHA1:833F7561D58C8336E4E937DE1A2320DB45BE1432
                                                                                                                                                                                                                      SHA-256:A2FB9DD804188E44948A53C4165815F5CCCDE4CF5FED19988377AF84E86EFCC8
                                                                                                                                                                                                                      SHA-512:0A0A197AFD26FC51BB32C6A1799D31FFD1F29E9A580C67AA43141F1E7252065791C9728A0595D0B330EF232D34E082DFB544E08CA72210CB8A290FFE4340E8D1
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....(............" .....@................................................... ............`...@......@............... ..................................4........J... ..()......H.......p...........................................................8...H............text....1.......@.................. ..`.data........P.......P..............@....reloc..H...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Management.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):312600
                                                                                                                                                                                                                      Entropy (8bit):5.971150967147675
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6144:lyj+butGieusJEYE1SF7c39iwjwmppwbHV/ZqPJkoj80uSxptTy+D:l4+butGieusJE31Shd/kIaxpXD
                                                                                                                                                                                                                      MD5:72C62B8FED1879C314BA757CB289483D
                                                                                                                                                                                                                      SHA1:B18D623D1745B6F09CE0DC85F3ACF1FF69F61CE9
                                                                                                                                                                                                                      SHA-256:DCA8B03636D4EF26A1727AF2B8063998491B72D1DCA547BEDAC3D65EF115D677
                                                                                                                                                                                                                      SHA-512:F5B43271C08E4696C90FE507FA0931638A081AB1C7CE1E660036D15C1B406FC7CAE265B0A05C47D29DFA25B7F1DA809F2E42AD8A8BBAD160A1F97EED176D3454
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...;............." ..0................. ........... ....................................`.................................o...O........................)..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........!..\`...............+...........................................0..........r...p..(+...-..*.*.~u...*....0..........(....,..*..(.....o,......&...*..............'....0...........(.......(-...-..,..*.*.(....,.rO..p......%...%...(....*..(/...*.(....,.rO..p......%...%...%...(....*...(0...*.(....,!rO..p......%...%...%...%...(....*....(1...*..,&(....,..rO..prO..p.(....(2...*..(3...*.*.(....,.rO..p......%...%...(....*...(4...*.(....,.rO..p......%...%...%...(....*....(5...*.(

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Memory.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):157992
                                                                                                                                                                                                                      Entropy (8bit):6.472585497766165
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:xGyySN/j+0sbFbqX63vwZuIBo7M5F8966oYddCBuqmwehtTihdMU:eSCb6oIBo7qDGdCBuFhX
                                                                                                                                                                                                                      MD5:1E158B6E320633CA794113EEF60BD35B
                                                                                                                                                                                                                      SHA1:BD6BC89189E4546ABD4B24C3196C60CE2C2A473E
                                                                                                                                                                                                                      SHA-256:536310FAD46E9710E2378E6AB65715489C267B13A08AD96139978D97974BD282
                                                                                                                                                                                                                      SHA-512:B3C89D7F57F69D3E7B0EEFEC4E4F5E6FC56D3023032F8631E126A48B8068A30B2394FF74E9AD5FAB4D8719E42A22D8003B27B60F1A5E009986216AC4D9961356
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....a..........." .........@...............................................@......!.....`...@......@............... ..................................D....6.......@..()...0..........p...........................................................H...H............text............................... ..`.data....".......0..................@....reloc.......0.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.Http.Json.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):129328
                                                                                                                                                                                                                      Entropy (8bit):6.199319743810756
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:AeiSzjfIwHAOaaRHg/OnTRRY4beHqSZkXs3pMGeh2C:NfIaJxRHgOnN4Zkcydf
                                                                                                                                                                                                                      MD5:4248D1CB0BB05ECFCF5D97BF2C556E40
                                                                                                                                                                                                                      SHA1:BCF119421A620917E41CC1C668849FEA3225DC21
                                                                                                                                                                                                                      SHA-256:AEDF0405E5333C565A1544FF91E2B1DEEBCE8FF75345F90D9A8A3126ACEF669F
                                                                                                                                                                                                                      SHA-512:16C94D5D6C7559C8065159524F867862C112731470F8919DC755267B9CD1E94AF1162A25771DBD2371107132B9AD5F17CA504F86AB1F54AB47B31D2911F5B5C4
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...,............." .....p...P.......................................................O....`...@......@............... .......................................4..<.......0)......l...0...p...............................................................H............text...Qe.......p.................. ..`.data....8.......@..................@....reloc..l...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.Http.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1730856
                                                                                                                                                                                                                      Entropy (8bit):6.690299064412809
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:24576:PycBozKb96UEnyPwWwnxuNnQZJjD2E1SMR/S5IP616zF1IMx1s:hBozy4UQWwwNnQ//lSMRKa0
                                                                                                                                                                                                                      MD5:5FEF63054D9A2786E932F48D0EB8C7DC
                                                                                                                                                                                                                      SHA1:36718C8A24757E6DA65DDD30AFA78691EFE014BF
                                                                                                                                                                                                                      SHA-256:D88A1E49EC7FE3EFEB41FC61E453CD22468FB729DCF451BF3B1E0C53179077D3
                                                                                                                                                                                                                      SHA-512:475A3E2DF1AE4987CA2E696D0E28E5888379700D86D496268DE72163B46D67D1CA3E336E23B88F7F0BCEE3D4714CE4695E82E6F55010C435E06B1E65194A7005
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....2............" ......... ...............................................@......,.....`...@......@............... ..................................T....J......@..()... ......`o..p...........................................................X...H............text............................... ..`.data........ ....... ..............@....reloc....... ... ... ..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.HttpListener.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):551216
                                                                                                                                                                                                                      Entropy (8bit):6.570850705797673
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6144:umIF66bAc4F/B7VRZ3KY1B0hZJ6c7fkDNRd2B/hy13n5EWZgsgG4qikXOG4drZ9:TAAc4F/BJ1uZJZxhS3iWZgZQOzr/
                                                                                                                                                                                                                      MD5:F30FBE5D270D3C1D1BC8103D79E80F0F
                                                                                                                                                                                                                      SHA1:CE5C4B14BEC108F97310390A18FD989A1C1E7D29
                                                                                                                                                                                                                      SHA-256:41F81F076D63745AEC9008452DFE5494390507C914D7ED0250571F8AB3721D12
                                                                                                                                                                                                                      SHA-512:2913F9871A991FE43077AB2EF577E2EA03FD0A1DD2135ED72AF0532CD0ED0879858E8B55CCB0A8D876364A10DA45287ADEED5E80E9F2AD27D8E1E55AE8900056
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" .........................................................@.......f....`...@......@............... ......................................\...0*...@..0)...0.......,..p...............................................................H............text....s.......................... ..`.data..............................@....reloc.......0.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.Mail.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):432440
                                                                                                                                                                                                                      Entropy (8bit):6.566239028494259
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6144:wrcqVeM9GnQkW0a+Sdjoe9kDu0GeFowMR5JJLmqRSxnJ8kkG1BL0q3+lsK:Ue40aFP9H0NMBSxvL0AEh
                                                                                                                                                                                                                      MD5:2C96EE7E735BA59488B6A339EDC04420
                                                                                                                                                                                                                      SHA1:29CA05738467C74F9D5E7078043CBC1118E1C3EB
                                                                                                                                                                                                                      SHA-256:E3EFE9F1852535908C7EC2B1B473AA5917D0BED5D0BD2C7D5DC77B603ADF8279
                                                                                                                                                                                                                      SHA-512:94B6A5D24EC7CC15991FC7C3C86A6A51D04E7112AB595163F4DA6CD2FC2D6E38540157C1CBE703D72764EF73C4ABD4E707D4D0FF3E1268FF0AB04AD842A1D680
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....L............" .........................................................p......t.....`...@......@............... ..................................T........)...p..8)...`.......*..p...........................................................X...H............text............................... ..`.data...mr..........................@....reloc.......`.......`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.NameResolution.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):112904
                                                                                                                                                                                                                      Entropy (8bit):6.14105129338038
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:kKN4B8OosZjsM/flInEhNRKdRxRZDFauWFsXwYUivYtzf/:kt8O7GMF+E/RgjvDWFsAFCgD
                                                                                                                                                                                                                      MD5:830154A3A12519882938F7367080CB2A
                                                                                                                                                                                                                      SHA1:B7464994D56D3F8E615EE56A5A6228C52E6E374E
                                                                                                                                                                                                                      SHA-256:67D6CE9D3592927FDF25BA715F0E6AAA06A11EB41C13615234CA508813CD7D0B
                                                                                                                                                                                                                      SHA-512:FD0B691E44E75A85211E0D58D199A2631CE74656FBEC186F1AE3841C93694F395E4C1B64EE14BBF703056EF0F41B111E334E32CA55456EFA11D6FF890238F042
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .....@...@.......................................................q....`...@......@............... ......................................h1...........)..............p...............................................................H............text....7.......@.................. ..`.data...B$...P...0...P..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.NetworkInformation.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):157968
                                                                                                                                                                                                                      Entropy (8bit):6.293376030261192
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:2RppMzz2p/xRtqbqW/gU/ULVXyVMn9Qk2e0tnz:YIzypRQb5sd2ll
                                                                                                                                                                                                                      MD5:0D567DB735EE434D9D42C330D9FE4CE9
                                                                                                                                                                                                                      SHA1:AFD1A4C53D18285523221E2E0BC2E757D2B64925
                                                                                                                                                                                                                      SHA-256:D3C0790E53540E6715DB61B512EFA719FD8E195781EE85913FB8832677203BAB
                                                                                                                                                                                                                      SHA-512:4AA7F32051774ABED9FF97FC16178773BF87E853A0BD554E27CFA5D393570A1A29C47F0C9FD2262FE7551335FC2687AF416CE4DC78C484D594B743E41244D523
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...../..........." .........@...............................................@............`...@......@............... .......................................9..8....@...)...0......0...p...............................................................H............text............................... ..`.data...T&.......0..................@....reloc.......0.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.Ping.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):96552
                                                                                                                                                                                                                      Entropy (8bit):6.101125548127868
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:47fyYP9J1fwwSctO9hswiUgYwlFbmj/gJR7SfNNJkZphyNVMifz:4hP9J1fZE9hsw4YcNm0JR7SlfuphyNVd
                                                                                                                                                                                                                      MD5:979452EEF74DA1EF02DDED73AD00E0F2
                                                                                                                                                                                                                      SHA1:2B213C43E085910EE1584D09FEC913837E00FE15
                                                                                                                                                                                                                      SHA-256:13428704A113F49B0D6A5324BDCDC47F8D725BD139600F0E8DB5A5DC37884680
                                                                                                                                                                                                                      SHA-512:4FA9F5FF0BAE7754A8F8C9044153157ABFCC687A1768C63830E2633BDAEDB0A86923E55CE36748AE43EC3B8E79E78C6E9E710290208442501EE248241244071B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....d............" .........0...............................................P.......D....`...@......@............... ..................................T....,.......P..()...@..(.......p...........................................................X...H............text............................... ..`.data...,.... ... ... ..............@....reloc..(....@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.Primitives.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):231736
                                                                                                                                                                                                                      Entropy (8bit):6.473177149043323
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:AnDBNI7bgAZrgyBHSchuzeQ4Ak64myD6uJQ+Y6MFot5PQloV2O1wcdu:S7I7bgAZrB0cgeQe60RJNtN5V2YDQ
                                                                                                                                                                                                                      MD5:D8CEDA452779306A13FF2F310CBEFE60
                                                                                                                                                                                                                      SHA1:4447F82C5A1207B244A0AAEBCE3AB3530CD2BD81
                                                                                                                                                                                                                      SHA-256:93FA4AD1590D704DB6ECAAFBE2E388A5318212CB0A4CE435324EEE0268A11C56
                                                                                                                                                                                                                      SHA-512:7E736F6E0B57F5D527DEDB0B91291DD3EB1FB0324E5E349C4206A025FE3CEAF5B3E1F21F44653F9C6FCAA41BFD8742B4D37BC5B1BEBCD84378D2A52AE9A64F22
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...2e............" .........P...............................................`............`...@......@............... .......................................U.......`..8)...P....... ..p...............................................................H............text............................... ..`.data....7.......@..................@....reloc.......P.......P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.Quic.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):280864
                                                                                                                                                                                                                      Entropy (8bit):6.508318800576785
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6144:NpnhH0ESsuurvHsPNTiiJe7ryKSIqqTxM8uGljRc:LhH0ESsuMHsPje7rAsMwlN
                                                                                                                                                                                                                      MD5:1E9B9E443C93C2C10B5ED5A18A6F373A
                                                                                                                                                                                                                      SHA1:8F3D2DEA48ED2B29178BCDC998ADD696D101D5FF
                                                                                                                                                                                                                      SHA-256:24674D754F8DF968CD688EDB57D76CC0D19CA8556FB233B228DC43265F23AC65
                                                                                                                                                                                                                      SHA-512:42BF6AD8C6707F3924AF164F3ECA305678E39F5343C96EC1415D37D1EDADFC0CAC2A7BA619D16B721999909EA773221748905E0BC7A35C9DC641C06A8662DD3A
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...4.Y..........." .........p............................................... .......)....`...@......@............... ..................................T....b....... .. )..........x!..p...........................................................X...H............text............................... ..`.data....U.......`..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.Requests.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):346424
                                                                                                                                                                                                                      Entropy (8bit):6.517886198613069
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6144:eDpG2K8Efzpt5rc1EGrt5e15/ftXIDndDpek+fs3CU1S5m:upGp8Efn6GG7enfsyHgCU1v
                                                                                                                                                                                                                      MD5:15453335CBB5A8C13B6C3579CB27EF44
                                                                                                                                                                                                                      SHA1:4290DC1F4674F46AF1BFCFA2CAEFDAF6E29D5236
                                                                                                                                                                                                                      SHA-256:2AF7C808F26966E6F607C5E64F8D0117301E0EB3BD830C0731C7B1C2811FEC5D
                                                                                                                                                                                                                      SHA-512:07C36FF474FB60609AD531CCA73B3ED3B6B7EE2F764DEE61F17108D9399EB07627D31585108BE25FC7161CF018893A0FD91BA70E0D1640D48F842376C00CB6B9
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" ......................................................... ............`...@......@............... ..................................t...p....#... ..8)......H...P)..p...........................................................x...H............text...j........................... ..`.data...=n.......p..................@....reloc..H...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.Security.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):669992
                                                                                                                                                                                                                      Entropy (8bit):6.743467370555766
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12288:eXujiG31ToS7RD8B8XmDeXPRkUhIP1dD/m1p6X90QdsAYcNCyJ:eXRGneOkDDI6NVS7cT
                                                                                                                                                                                                                      MD5:346732F74DAD8A8D557FB494D5636E63
                                                                                                                                                                                                                      SHA1:3943BDF4BFB6E4F1A79AB5027BA7E2CC3A88FDB4
                                                                                                                                                                                                                      SHA-256:F8D695445499BCC4CA8A41436DF9167B3A730EE0FECF9DC2A40E998C769EB1B8
                                                                                                                                                                                                                      SHA-512:65E678314C4566823A491CCE1E8EF674E5B78CA1C11C67F86C4EC92FF609D7F66FE9B3433123387ED644B044B7B670BFFC490769C87A9A8D11E868999FA0B18E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" ..... ..........................................................lJ....`...@......@............... ..................................t...h....7......()..........8+..p...........................................................x...H............text............ .................. ..`.data...h....0.......0..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.ServicePoint.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):47384
                                                                                                                                                                                                                      Entropy (8bit):5.320340299131119
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:djM1jzxKx7KzNzY7okroiIpPMOWOYe9zHz:djM1jzsRKB6ovi6WdazT
                                                                                                                                                                                                                      MD5:92C47820207565CCDF190FBA0C055297
                                                                                                                                                                                                                      SHA1:4695E165E2C162393FF43BC86731C50E8AB2C380
                                                                                                                                                                                                                      SHA-256:613B5DC25C72833A5A75BA80C59CFB4CF5522C7A6AD39D2D27A005CEEA72C857
                                                                                                                                                                                                                      SHA-512:B0204A39FC18FD854517E3C90A7459151602F8B6142F622FF168E12C49EBAA9B9BB0E27A87CE708947FF17D526E12A41EC7958AB7A9DEFDC4FC0AA8C3D2596EA
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..............." .....`... ......................................................\.....`...@......@............... ...................................................)..........X...p...............................................................H............text...HU.......`.................. ..`.data........p.......p..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.Sockets.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):547096
                                                                                                                                                                                                                      Entropy (8bit):6.628823968958786
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12288:ZZ1V7iKdtxaGNUL2Sdr5Nzv0SOFjdP0E/0NYv:ZZ19ietxaGDSzxOt6EsI
                                                                                                                                                                                                                      MD5:E4D73542713F8FB1DD0E7E5E142443CA
                                                                                                                                                                                                                      SHA1:2D4C8B35C2EFA76C1FE95D0107B40781C51E4EC5
                                                                                                                                                                                                                      SHA-256:928CB763462984DF68C19B44B41CF27D002F8B5CB4EF8BA8EB8A6F0602F6B2C8
                                                                                                                                                                                                                      SHA-512:204EC8A2D43C30F2673C4FC7E6543EA0CE71DDB56C0956B0B1B2D8B53A34745E12A09206D6D1B8A8CB019A3D69324DA068687DACCE87255F98421F3723D399FE
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........................................................0...........`...@......@............... ..................................t.......|8...0...)... .......4..p...........................................................x...H............text...8........................... ..`.data...az..........................@....reloc....... ....... ..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.WebClient.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):170264
                                                                                                                                                                                                                      Entropy (8bit):6.42995613243351
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:Pl6InCEQ8/qNIJ55jOpC2poY3ykJ9rijMFpR/8NM:QXEv/8IJOvpFFH8a
                                                                                                                                                                                                                      MD5:F87B4ABDB9661C494CBFC3A1A6F1939F
                                                                                                                                                                                                                      SHA1:5948DD100146C6E2966E5E57A967B990EB6D6D48
                                                                                                                                                                                                                      SHA-256:E92BA4FCBE48EB14259778EC442BF6330A85517D290675E02C7BDDF8C6752ECA
                                                                                                                                                                                                                      SHA-512:B3A55EFC33150937E48385DE402362C4112B51B78C6CFBEACA749997295C4B0CCC9BAB301F69F6C79E4897BAEB344FF273B7897D79489BB0C33ABE7A6A277045
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...GbV..........." .........P...............................................p......;.....`...@......@............... ......................................dK.......p...)...`......@...p...............................................................H............text............................... ..`.data....8... ...@... ..............@....reloc.......`.......`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.WebHeaderCollection.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):67872
                                                                                                                                                                                                                      Entropy (8bit):5.782301099321138
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:/SmwVOWqRmRfYtHQ0Yx82s88krahmqOwA83qJKAFE6WHKV6q6G22N7XK6RH4wqY0:/ShAWqxbYx82s88krahmqOwA83qJKAFM
                                                                                                                                                                                                                      MD5:1F48CE4F560C515D93BE8E631C6639F6
                                                                                                                                                                                                                      SHA1:0CA5F7790AEFC8927B37149B8ED9EDCBDD054872
                                                                                                                                                                                                                      SHA-256:7E1855C9965554D7164BA73D355BCAC2E28C7E253D35D07F58F718B8CB037730
                                                                                                                                                                                                                      SHA-512:C2879328B25CE351C3DFDDE6AAFE1148BEC7499E261FD9FA6380026D17EBB17EC008F4E07F81E08DA90744DF8454FE479F45454BCDEDC105B35AC7316700C9F4
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...../..........." ......... ......................................................8.....`...@......@............... .......................................!.......... ).......... ...p...............................................................H............text...J........................... ..`.data...............................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.WebProxy.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):43304
                                                                                                                                                                                                                      Entropy (8bit):5.4543981044661525
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:n3WpvwWJRCJtK5ZkEun+JBTeZDeRbOkKsdEbCLv+CTFLfyO5Ei066gaiGkXYA6VS:n+jRCJWDKCEtOmo6jiJXFCl+ds9z
                                                                                                                                                                                                                      MD5:C77A9EC63CC7588D5C7FDAE75CA4BA0A
                                                                                                                                                                                                                      SHA1:912B2FB046EFC6152755A79CC4FB20A096F74483
                                                                                                                                                                                                                      SHA-256:B28FA5FCE149A161C1619A8C40A6B25F6FCB0F44E4C0580B721D38F024AB3CB8
                                                                                                                                                                                                                      SHA-512:6788378D707983AB8DB891E489E1169A214A9E54D400522D6E39FB89B4130A885213947AB3F3AB05201D5AA68B629912E68AB52A05438DD8272DF3C6DF7A08DC
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...IE............" .....P... ......................................................I.....`...@......@............... ..................................t...............()...p..........p...........................................................x...H............text... L.......P.................. ..`.data...=....`.......`..............@....reloc.......p.......p..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.WebSockets.Client.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):100656
                                                                                                                                                                                                                      Entropy (8bit):6.037382679706859
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:p3Y1cu9IUexVQtU3/+wUpHK+yT7G7bw0LCEOsW8zu:p3Y1cDl8tVK+U67bw0LCEOsPy
                                                                                                                                                                                                                      MD5:F60FC5DF9579B7807A41F83996A92336
                                                                                                                                                                                                                      SHA1:F1DFFEF2B7B52DAD59C93B438CD8C9FC8237310B
                                                                                                                                                                                                                      SHA-256:5AF953EEE1E6B527EDB09EB3D51265A08BF0CAA9B57A1064176C7A726E464A35
                                                                                                                                                                                                                      SHA-512:A74D1D0AB4AE318792443D65B1E8F039DD63FEC0BF12E8C140C4C0DC5B28BC6760D17751D8C08C339C43ACF05FD42F6F68E625B7F4E45CAF31A14A979BE55050
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...6&............" .........@...............................................`............`...@......@............... .......................................,..<....`..0)...P..x.......p...............................................................H............text...s........................... ..`.data...s!... ...0... ..............@....reloc..x....P.......P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.WebSockets.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):190752
                                                                                                                                                                                                                      Entropy (8bit):6.370812726125536
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:c2OHqla+5t0nMuTBUuzyDbYCOi+dWuWVyRAIUQeu0IeW+domJM9wNYLbkbmvhZdu:MHqla+/0HdaO1QzIeW+doCmvhnE7mNxa
                                                                                                                                                                                                                      MD5:68AF5E566C3F92B8B5D435E8CF0E4C6F
                                                                                                                                                                                                                      SHA1:C29C05434C7CA82A0BF15A60CB2D4542483A51BC
                                                                                                                                                                                                                      SHA-256:5418618458AA64E2695F6F51F51101E0AF961AA884E37EF2CA4212513DC87912
                                                                                                                                                                                                                      SHA-512:47606C8E0B9642933A81221B91CBBF7FC06424EEF1A37581E5C165DCAC9279C145253CE34D32009BAECB80EF847013FDC355C343C4C7C67BF51843D6A2700CC1
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...\9............" .....`...P............................................................`...@......@............... .......................................L.......... )......d.......p...............................................................H............text....Q.......`.................. ..`.data...O7...p...@...p..............@....reloc..d...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):17688
                                                                                                                                                                                                                      Entropy (8bit):6.619310311563334
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:m313DLE8RCWovVaWWdX6HRN7IOO2IR9zJgIV:S13Dq+WLhU9z9
                                                                                                                                                                                                                      MD5:E1BDFB0A3C2077F217E94626A9C84D37
                                                                                                                                                                                                                      SHA1:4485FA68954A681EAB2A6C6BB5006645AA63FB39
                                                                                                                                                                                                                      SHA-256:18A45C63385C3F59BD8A503939E2E5C7CD327E2C03219A550E016D6A7CFEF468
                                                                                                                                                                                                                      SHA-512:8D004D51503A92DC1878853DCD028D7865F22392FE194DEE0CEF6DF0B0A0E040BD2F4D33F4F0524DCB130E39359AF9506A6D0F894CE3D6FD16AA54A2CC67C61A
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Yara Hits:
                                                                                                                                                                                                                      • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Net.dll, Author: Joe Security
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....g............" ..0..............1... ...@....... ...............................#....`..................................0..O....@..8................)...`......./..T............................................ ............... ..H............text...$.... ...................... ..`.rsrc...8....@......................@..@.reloc.......`......................@..B.................0......H.......P ..$...................t/......................................BSJB............v4.0.30319......l.......#~..|.......#Strings............#US.........#GUID...........#Blob......................3................................6.....x.........................../.......L.................................p...........................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Numerics.Vectors.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16176
                                                                                                                                                                                                                      Entropy (8bit):6.720152735363345
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:yhliwxY2gWa0BWjsWxNzx95jmHnhWgN7aIWTFf/A81BHX01k9z3AZfzpqTJL:yhHbgWa0BWjzX6HRN78f/AIBHR9zQkJL
                                                                                                                                                                                                                      MD5:D548C14C3C17E640DAF27A76707F3BD0
                                                                                                                                                                                                                      SHA1:8318BD1AE48BFFF8D0C5609E511BC5C10C8DFE7D
                                                                                                                                                                                                                      SHA-256:D15A0768577C9E75A3D6FB94D580ED1E32994F4B971BECE03E6AD6EF7FD3518B
                                                                                                                                                                                                                      SHA-512:D57139F4FD99820FDA6BCFFAD86F818125678E7E543B2C68DFDA4EE0C3547E003B290B5DCE23ED43A6D9B3CC739159E151039BC8B1D26A851CCCE4DF287A0FFE
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....k............"!..0.............n*... ........@.. ....................................`..................................*..L....@..................0)...`......,)..T............................................ ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P*......H........ ..\...................P ......................................^..C...wn.|2..)..E..Z'...N.. ./..I....Z........a..PP..=F..=....i...... D..R....03...n.....[.Q[<o....q@...:V.....6E._V....y;BSJB............v4.0.30319......`...8...#~..........#Strings............#GUID...........#Blob......................3......................................D.........]...........v.................\.r.....r.....`...8.....0.......r.....r.....r.....r.....r...}.r.....r...........6.....

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Numerics.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):15624
                                                                                                                                                                                                                      Entropy (8bit):6.743391402121608
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:sF7xIOUCtWeQNW4pWjA6Kr4PFHnhWgN7acWOedNx6RMySX01k9z3AcyNaxQGEHo:K1fWeQNW4YA6VFHRN7edGMR9zPyr5Ho
                                                                                                                                                                                                                      MD5:C9FC19DB9FE74066786403B4829EC5CE
                                                                                                                                                                                                                      SHA1:12240200EC9DC0A64B141761DD2ECF7CCF4D4480
                                                                                                                                                                                                                      SHA-256:8CECA85D001CFBF974FA37ED8C64CF97B619DCA942501EFCF22D4F369BA42292
                                                                                                                                                                                                                      SHA-512:3FD206570AB29DAC923CAA7E1FBB32AE855D7814559534637EC381412CAD6AFB89FBAB99BDA21BBBA975554ECF5955B60D2129F5DECB50D70477E1A4BEC7A18F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...9.(..........." ..0.............^)... ...@....... ..............................+.....`..................................)..O....@..X................)...`......,(..T............................................ ............... ..H............text...d.... ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B................?)......H.......P ..\....................'......................................BSJB............v4.0.30319......l...8...#~..........#Strings....\.......#US.`.......#GUID...p.......#Blob......................3................................................'.f.....f...e.S...............K...........{...........`.......................G.....y.......-...........%.....%.....%...).%...1.%...9.%...A.%...I.%...Q.%...Y.%...a.%...i.%...q.%...y.%.......:.....C.....b...#.k...+.....+.....3.....;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.ObjectModel.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):80184
                                                                                                                                                                                                                      Entropy (8bit):5.8034670220183395
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:anwUGEl0HKXrgcCGfN2QSsMWrHGe36XWD09zgS:0Dl0SrqQN0yHGeqX0O8S
                                                                                                                                                                                                                      MD5:1E2A3C3FCAEE389C04D33C18F3B09599
                                                                                                                                                                                                                      SHA1:6BECEBD105CEDD72DA755A49720D79F23F43C3BD
                                                                                                                                                                                                                      SHA-256:447E24F4BFAB9D7F23DC204B632817DDF933AFD89222CB396402B471DFCA99D5
                                                                                                                                                                                                                      SHA-512:A2BA95117DC9937E60E304384107C09DBBD12EA1BDD3B6210D2088CF10A9A6AA8CC09C83522E54F9F884055FF7072CA4D231273B0DE0BD4E66175E865AB13009
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....(:..........." .........0.......................................................u....`...@......@............... ..................................t...d%..........8)......T.......p...........................................................x...H............text...o........................... ..`.data............ ..................@....reloc..T...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Private.CoreLib.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):13175088
                                                                                                                                                                                                                      Entropy (8bit):6.846434850139803
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:98304:FdVXzmQ6u2Pf1F1HpwajX4p92QKxV36FChEqiPVGK5+k+uiCi:9WuuT1HSajXgJgV36FDqM5+tuxi
                                                                                                                                                                                                                      MD5:8B5EE62ABDB7B72F418D797FE73F2521
                                                                                                                                                                                                                      SHA1:77582007964CBB215278267691A255B63ABE5FFD
                                                                                                                                                                                                                      SHA-256:4CD6810B4EBE8D6E1F5928F2026D257C112380D33B557A60BCFA9C7F2BB012E8
                                                                                                                                                                                                                      SHA-512:870EF275E1E8D1607E2B22EB25F1F05F99346B54651BC119D809BF21F1A6F041EFF801B3B5E1FFBB1897975FEB2C3AA47B3699CC4C63ECA8E3E6A60387AB4BD9
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...J.c..........." ................................................................}.....`...@......@............... ......................................(r..|.......0)...0..@...8...p...............................................................H............text.............................. ..`.data............ ..................@....reloc..@....0.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Private.DataContractSerialization.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):2083120
                                                                                                                                                                                                                      Entropy (8bit):6.7084204593562475
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:49152:zEe18SlNT7q8K+sb8VI5fCImJ1MxOouLs32DL2v6EI6PN:zE8Riy6PN
                                                                                                                                                                                                                      MD5:3E4914FB86B55E766730BBA2CF5F9710
                                                                                                                                                                                                                      SHA1:AA6EABD6462F7898FDF34FA71355190A1B915F07
                                                                                                                                                                                                                      SHA-256:96C38BE90900D54FDE8D6DB1B3DE8377C07DAF21E99976D6A3474A9511E3EFC6
                                                                                                                                                                                                                      SHA-512:1B5749D910B8B5564F8D125A5AD62218B3BCFE190692D82F5101A8E53DC604060E3D9211B34EAAA6A9094C03529D6CE0196766AB5F266BEB8064B41314834EB8
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....6..........." ................................................................X. ...`...@......@............... ..................................$....[..........0)...p...'..(v..p...........................................................(...H............text...;........................... ..`.data...X...........................@....reloc...'...p...0...p..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Private.Uri.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):260408
                                                                                                                                                                                                                      Entropy (8bit):6.615538060259084
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6144:AfAAcZcInBPKCeDc6Ci9MG3CMeVmtGNFsGu6MyXO:HFKDciMG3HamtGNfuV9
                                                                                                                                                                                                                      MD5:FADC9E1672EBA182AD57E6FF27DF1797
                                                                                                                                                                                                                      SHA1:774C74089FCEA3AFE0C7CA1A0B496C999392900A
                                                                                                                                                                                                                      SHA-256:DC01ED420EF427086F0057013D7AC1CAC07E2483E4CFC162D09DF1B64553892C
                                                                                                                                                                                                                      SHA-512:0650F9ED9C86103CC66871B4558BA9AE291273FF5E0DC0FA7468F3636AC6896CAA8C9EA714ED821B55A519C6E1B1F5BD26D6DC7196F8F2BBA6215F355A2BE602
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........@.......................................................<....`...@......@............... ..................................t...XS..x.......8)......8.......p...........................................................x...H............text....{.......................... ..`.data....$.......0..................@....reloc..8...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Private.Xml.Linq.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):403768
                                                                                                                                                                                                                      Entropy (8bit):6.602276363545423
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6144:oxERCkFa5oBSKGFCoMPxSOpXQgVuThCDCaY+zrZjzEOQlIZPKN:ouRZM5oHGhU/4WCt+z1ffZo
                                                                                                                                                                                                                      MD5:1BA13843CFE69115B69B9734F08D8C1F
                                                                                                                                                                                                                      SHA1:D16B4DE6A429D77A9B418E545072B6540AAE10BB
                                                                                                                                                                                                                      SHA-256:13602313FC8BF7F6BE2183DFE3F07B10CCE450566D7CDE619C238D05137338A9
                                                                                                                                                                                                                      SHA-512:382DA8E0580447BEF35B2813212634513B6F180664ADB7A3DE072D92FD9485495905A13A0A40319B2C0FF02C2A05549697C1A6BB651C2A42E9F172EB1D9BD68D
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....}a..........." .....p...........................................................X....`...@......@............... ...........................................-......8)...........*..p...............................................................H............text...vb.......p.................. ..`.data...Sd.......p..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Private.Xml.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):7989544
                                                                                                                                                                                                                      Entropy (8bit):6.802297198301812
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:98304:CgB/y99HaDD1OMe3dpE/dhYw2knN5WUFX5cha:v/uaDD1Ox8YoFX5cw
                                                                                                                                                                                                                      MD5:E166C44D116A2A649FB8BF58B8DEAE69
                                                                                                                                                                                                                      SHA1:E66C37FBA5E3C405DD21C464343B87E173F1FB45
                                                                                                                                                                                                                      SHA-256:79CDAEFC221388C3E5B9AFA137F8E4A44366CAC0CCC617BF1F5B6CA0DC95F3F3
                                                                                                                                                                                                                      SHA-512:852C80299D20B6D5D7EBCA7C3D76DA1EA36CED6274374AF8ABD8F484C356321090E784F8C5E8357D1B4F6AC49DD48F81A6642D0D95682BA92C50E07EC25A20EF
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." ......s...................................................y......z...`...@......@............... ..................................t............y.()...Py..h.....p...........................................................x...H............text.....s.......s................. ..`.data....Z....s..`....s.............@....reloc...h...Py..p...Py.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Reflection.DispatchProxy.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):76048
                                                                                                                                                                                                                      Entropy (8bit):5.943118914884181
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:2NTs7klOJRVNvKzBMuSxRWHJQZYoqNTJodiOEp4z0:2VxlOJXNvKKxRWnNN2xXQ
                                                                                                                                                                                                                      MD5:202192E1AEDBDBD47B4C755227C9F174
                                                                                                                                                                                                                      SHA1:FB61C5557319FA1BBF82302AEF46C331EFD8348B
                                                                                                                                                                                                                      SHA-256:F625AAE4F7A839B16834764BCDEC5F8008A5171AB1AF77277B4861B077078D25
                                                                                                                                                                                                                      SHA-512:EB87E36BA74192A177D9649E3B583A72B15C8AC3B8ECD991A56D449EBE99E2CCB3D667FB937055623584EDA6B271658784F9BBB51343843D3317F311C2980154
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" .........0.......................................................2....`...@......@............... .......................................$..|........)......P.......p...............................................................H............text............................... ..`.data............ ..................@....reloc..P...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Reflection.Emit.ILGeneration.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16176
                                                                                                                                                                                                                      Entropy (8bit):6.7440217236656395
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:EXWj9xP9WVTUWDeWxNzx95jmHnhWgN7aIWjYe2YHnsTX01k9z3A1Rrn:vjH1WVTUWDlX6HRN744YMTR9zUR
                                                                                                                                                                                                                      MD5:AB6EE54636B88E5FE0DADCB9F24D907D
                                                                                                                                                                                                                      SHA1:FAEDDCC767249EF0208A907DB50ECAEF1AA1F91F
                                                                                                                                                                                                                      SHA-256:7C85F57B009B38E7F62DE0437A652966DB39134DC95527E3F60EA1B3334E23EA
                                                                                                                                                                                                                      SHA-512:5131F86CD07BF1BD434E039EE7F0BBBFDF772F5C01EBD6F0968B5E6E5567F0C4130E7621B7D4489698A77BE6543D256ED4217CDA84E9178ACA1FD0F70E507DFE
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............."!..0..............*... ........@.. ....................................`.................................?*..L....@..................0)...`......4)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p*......H........ ..d...................P ......................................V{.U^i..7`..8.Q.Tw.YZ8......\@9...7C...L.....v...y.%.....-...l..>.*#_.........[...+...d@~....Pu.j(...lt..........O../BSJB............v4.0.30319......`.......#~..l...D...#Strings............#GUID...........#Blob......................3................................................"...........;...........f.....!.b.....b.....7.................b...[.b.....b.....b.....b...B.b...O.b...v.............

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Reflection.Emit.Lightweight.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16152
                                                                                                                                                                                                                      Entropy (8bit):6.719210609725614
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:7nnux2kmOWxEVJWWWGkWxNzx95jmHnhWgN7acWE1AJvxwVIX01k9z3AXaKrPDs4Y:wpWxEVJWLSX6HRN7T1w9R9zEFrbw
                                                                                                                                                                                                                      MD5:F6781A08C2B18C6D751821744820B6C4
                                                                                                                                                                                                                      SHA1:F10227DE4488F3E6E753D4FBD1D1C017A5E23205
                                                                                                                                                                                                                      SHA-256:9356D1216420F334FF6DE21F1ABC93609EC7B037471453EC722DE89CEA954D45
                                                                                                                                                                                                                      SHA-512:1270DB17862A22352BC8737B88B33C4FFD03146F2DEDE9F8DDB144D1F26BB8FFA35183FF9E99EDC408D7E14524D4C6CF82E833B4992446C982778A842C050D23
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Ss..........."!..0..............*... ........@.. ...............................D....`..................................)..R....@...................)...`.......(..T............................................ ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H........ ......................P .........................................>..B...u....z......q..p...h.ea..U.1M@..)4..y...z.W.+..qJ...Sy8...F|.......W....?e.c2..........`...,.2.eS.R.......1W...}`BSJB............v4.0.30319......`.......#~..4.......#Strings....<.......#GUID...L.......#Blob......................3................................................0...........I.k.........t...../.E.....E.....>.....~.....~.....E...i.E.....E.....E.....E...P.E...].E.................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Reflection.Emit.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):129312
                                                                                                                                                                                                                      Entropy (8bit):6.1169104642443894
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:qShk64jKiEAYbKatyLJBsVkrc10FBR7yqwA:y55fSe7sungq5
                                                                                                                                                                                                                      MD5:F3C93B3779D56D80D784BA712A74C9FA
                                                                                                                                                                                                                      SHA1:AED1E91233D0DFD1937354D4A94C5447B87259BC
                                                                                                                                                                                                                      SHA-256:5BE721DD3FEB1E56284390D592B81C1885F50BBEB567C53EDB8DDC1CD3210DD4
                                                                                                                                                                                                                      SHA-512:A1CEC4E076613695FCA1336B4C40F4EAE2F049CA5CEE522EE4082F3BF74C3704DF41655E00A806365A216110A7997DA0375DF74F5CA58FF072647ED80E352BDB
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....+)..........." .........0......................................................3.....`...@......@............... .......................................+..l....... )..........0...p...............................................................H............text............................... ..`.data...Y........ ..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Reflection.Extensions.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):15656
                                                                                                                                                                                                                      Entropy (8bit):6.793667220027114
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:Vv8XzrxAlvUWKZWWGhpWjA6Kr4PFHnhWgN7aIWxn+EYHnsTX01k9z3A1Nmjl:VEDlAUWKZWWOYA6VFHRN7qpYMTR9zUc
                                                                                                                                                                                                                      MD5:92E0E5A63D25B9C3AE3983FD1B126A8D
                                                                                                                                                                                                                      SHA1:AF7095C2D4D58A19F205ACEF1019064905F44EF5
                                                                                                                                                                                                                      SHA-256:F006C1DF74494ED22ED0ACE97F4D3D1A8B2B5C65DE706D201B76146FDD5EA6EC
                                                                                                                                                                                                                      SHA-512:92A3F172F88E4BCE2B7651801D7FBDCC7C5BBFC242D60FD416EC6DDDADC4E0BB98ED24979B0FCB008B220D7EB93EE45C4DC39E4B030A4F9F23AEA94FC8ED82CC
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............z)... ...@....... ...............................=....`.................................%)..O....@..................()...`......,(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................Y)......H.......P ..\....................'......................................BSJB............v4.0.30319......l.......#~..(.......#Strings............#US.........#GUID...........#Blob......................3......................................................x.....3.....4.....^.................I....._.................w.................G...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Reflection.Metadata.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1116440
                                                                                                                                                                                                                      Entropy (8bit):6.644311003487164
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12288:/3e0zkmiwp8+2KFhA8WDlLeO9om5EoA/mSdWDURfeGWFbrWuoDzAVdrN:/3e0rdp8ihocOWm4/iamGWFbB3N
                                                                                                                                                                                                                      MD5:64E6830F63DE5F8F82A4F45BB5AAC4E1
                                                                                                                                                                                                                      SHA1:3834E21EAF634DD532FC3D77B9F2449BF9F384CB
                                                                                                                                                                                                                      SHA-256:A82DA76C39DD2287B580986C9D21E7405E3B9D43953C1856AD9036E117462A2E
                                                                                                                                                                                                                      SHA-512:EE57142DD8A3036F0D545408FD68B325FA614615412E94F49536C391C009809EEA17E17BA3581A8DB4C2A56DD3E761A21A7BA3458E537F086270A45099504928
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" ................................................................Ny....`...@......@............... ......................................@...........)...........W..p...............................................................H............text............................... ..`.data...A...........................@....reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Reflection.Primitives.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16136
                                                                                                                                                                                                                      Entropy (8bit):6.781423994083627
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:giSI4jCaxPtdWSx+W3pWjA6Kr4PFHnhWgN7acWbRQRfKDUX01k9z3AyCWtQG:GPVdWSx+W3YA6VFHRN7PpR9zldtQG
                                                                                                                                                                                                                      MD5:92BFDBCC5A2A2BC7DB8AB7A1D759B827
                                                                                                                                                                                                                      SHA1:09C260B069057E7EDA73BAFB78DB6F5A5968F5B1
                                                                                                                                                                                                                      SHA-256:081035E2019F5614F08BBEE64BA2D4B93958A6F1F6EC7CAD305109519DB07C9C
                                                                                                                                                                                                                      SHA-512:C43D173D96D9743A5917F02F4299A36A15C99252C271DC5076EF80DA0ED06088A8300DF7F31301F937E641E6B91FAB7AD1F5F0B6A57AE4DEF5196884F71F1ACF
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....J..........."!..0..............+... ........@.. ...............................8....`.................................5+..V....@...................)...`......8*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p+......H........ ..h...................P .......................................5....To.*.r..+L@el..... wO[...&...BC...|(.u./.z.N.~.#.....Q7....(.~>H].L....%C..n.P........L.>.D9....s8....'.......?..BSJB............v4.0.30319......`.......#~..........#Strings............#GUID...........#Blob......................3......................................3.........@...........Y.................?.g.....g.....`.................g...y.g.....g.....g.....g...`.g...m.g.................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Reflection.TypeExtensions.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):43312
                                                                                                                                                                                                                      Entropy (8bit):5.201190108733127
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:oCWmBeW8p0YckPuTNRyVP0a+SKuD6tdjRGxX6HRN7j81zxIPaR9zEa9:o4qckWTwD+juw6Wj81zxOW9zT9
                                                                                                                                                                                                                      MD5:E58204BCE15E07EC0E3A9E1BE50DE9FB
                                                                                                                                                                                                                      SHA1:E9EB5D8BA8AB976B0FB4A8A267898145DB7BA2F8
                                                                                                                                                                                                                      SHA-256:1C5AC607683FC37DCEC16FEDD9360DDE2A214444596E3C2EA922EEB0C5E22EE9
                                                                                                                                                                                                                      SHA-512:D38BB77B4E253748E18AAABF8817A7CFFC802A5E42E889107A8763B1833F4550D313EBEBC7290079023A4617E1533D2CA3F78A2017908901B0A50496EB589BA7
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...}............." .....P... ............................................................`...@......@............... ..................................................0)...p..........p...............................................................H............text....G.......P.................. ..`.data........`.......`..............@....reloc.......p.......p..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Reflection.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16664
                                                                                                                                                                                                                      Entropy (8bit):6.685947251423688
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:y+CkNQKYxA7qjWhFCW0WxNzx95jmHnhWgN7agWBBXLrp0KBQfX01k9z3AA7OfL:ytjXjWhFCWbX6HRN7oRxB+R9zpifL
                                                                                                                                                                                                                      MD5:6AD5CAD80276892BA4CC02B27E85BE12
                                                                                                                                                                                                                      SHA1:7333C6F4682AD9C77D9FC319DFA48372A5CA321A
                                                                                                                                                                                                                      SHA-256:ACD8F3EA0B145517E9DBE2D276B174DF4C7EBAAE28ABA62EE2303A8AFC83235F
                                                                                                                                                                                                                      SHA-512:5C010AC745B3DBB5D22149DC8C373B2ECC9D9EB38566714FF23119C4FB0BC03B4A49607DFC073DE5912DBD8B4583E80C1E528CD5710C1865CD1CD18CC7CC08C6
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............,... ...@....... ...............................T....`..................................,..O....@..h................)...`.......+..T............................................ ............... ..H............text........ ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B.................,......H.......P ......................4+......................................BSJB............v4.0.30319......l...l...#~......|...#Strings....T.......#US.X.......#GUID...h...|...#Blob......................3................................"...............M.............................q.6.../.6...........6.....6.....6.....6.....6...m.6.....6.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Resources.Reader.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):15648
                                                                                                                                                                                                                      Entropy (8bit):6.7745107157816
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:nhDOxAmBW4+3W27WxNzx95jmHnhWgN7agWPDucADB6ZX01k9z3AqRariR:OfW4+3W2UX6HRN7EucTR9zlRarM
                                                                                                                                                                                                                      MD5:B60D236051B2ABCB66F74C4812223C62
                                                                                                                                                                                                                      SHA1:8786DC5545047F56D1C909265841212C203ACE2C
                                                                                                                                                                                                                      SHA-256:4EE54B35DE61268A3C9DB9A80DB5F005B49C134F5E9CEDCC0B31CDC2D120058C
                                                                                                                                                                                                                      SHA-512:93873F04B3C5B8F962DD376DD7A3B0672F85F086C5E8BA08478488740D8DCE9D77679B8524E210CCF4F2386D8CE5CDFFE17C2709C79897C7F477A6ACB4D59AA5
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...`5............" ..0..............)... ...@....... ....................................`..................................(..O....@.................. )...`.......'..T............................................ ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ......................\'......................................BSJB............v4.0.30319......l.......#~......h...#Strings....t.......#US.x.......#GUID...........#Blob......................3..................................................%...x.%...3.....V.....^.................I....._.................w.................G...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Resources.ResourceManager.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16136
                                                                                                                                                                                                                      Entropy (8bit):6.723144015881292
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:PaO9uvWV6zW+mYA6VFHRN7DgFDR9zTPUz9/:Pl9unPmFClDkl9zAz5
                                                                                                                                                                                                                      MD5:066BB1ECF94BF9C15F39A89C55AE70EF
                                                                                                                                                                                                                      SHA1:B711BBAD6052C4BB53D8BEA0DBB9FA64B3402DDB
                                                                                                                                                                                                                      SHA-256:78EA4958BBA58923073533245EEC77810C34DE5C4D7F8FC5F2DCB20503C39068
                                                                                                                                                                                                                      SHA-512:610558F4B5CF6F72921B3BABE28CA842EFCE97A85FA4FABAD91FB8EB92ECBCF5154A52E185965347974720D0E377239DCBEFE00940F4F28BA78A6438A8B5547D
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....!..........." ..0.............n*... ...@....... ....................................`..................................*..O....@...................)...`.......)..T............................................ ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................M*......H.......P ..H....................(......................................BSJB............v4.0.30319......l.......#~..|...,...#Strings............#US.........#GUID...........#Blob......................3................................................9...........U...................A.....A...........A...r.A.....A.....A.....A...Y.A...i.A.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Resources.Writer.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):51464
                                                                                                                                                                                                                      Entropy (8bit):5.757823712774265
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:tIc32LPcTNq2irs+I3312/gb04IhFCloU9z64:tZGLkxq2iy3F2c0Rifzl
                                                                                                                                                                                                                      MD5:474F5DACA75A68CCB27640CA24FD360A
                                                                                                                                                                                                                      SHA1:68A5F5EF287E31046B5B90C58DD4D9727E0B1E1E
                                                                                                                                                                                                                      SHA-256:9175EF26F74399E465C8053B142704EFD03727FE9837A5EC608433A417DFE326
                                                                                                                                                                                                                      SHA-512:E5620657ED62AA0C71ACF5E8FEC0ED47857C7776868D2374A5F48ADC9AC7F2D4DB46B055C4C9732BF315EDA9FFF78F9347570B7A2AFF6E25D9602CA8647B1D88
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....[............" .....p... ......................................................!.....`...@......@............... ...................................................)..............p...............................................................H............text....k.......p.................. ..`.data...............................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.CompilerServices.Unsafe.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):15672
                                                                                                                                                                                                                      Entropy (8bit):6.804784998922409
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:m7xAvH5HmWgJ2WQkWxNzx95jmHnhWgN7a0WECSj9BtaFFX01k9z3Ay3myt5D:MCgWgJ2WQLX6HRN7JCc9WR9zBT5D
                                                                                                                                                                                                                      MD5:C491FA202B388C62A783E9E7B8219531
                                                                                                                                                                                                                      SHA1:4DB62FCC3451FE365B96AC8F6AFB8B36A310D0A7
                                                                                                                                                                                                                      SHA-256:2DC6D8D20AF5A36257AF1E816F289F3F21611E811DBE9AF20966E5D4E701B7E1
                                                                                                                                                                                                                      SHA-512:2046C41F7F5CD99020FA5784B8656636CE6AD2EC35295AC580704314622841812F4293C08847C01AE2DB833AEAB4DF2DF59BC33812423121FD1DFC9FF42A04FF
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............J)... ...@....... ...................................`..................................(..O....@..................8)...`.......'..T............................................ ............... ..H............text...P.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................))......H.......P ......................h'......................................BSJB............v4.0.30319......l.......#~......d...#Strings....p.......#US.t.......#GUID...........#Blob......................3..................................................4.....4...Z.!...T...........@...........p...........U.......................<.....n...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.CompilerServices.VisualC.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):31032
                                                                                                                                                                                                                      Entropy (8bit):4.668485682155773
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:eWsCLWChjxoeaVEEfX6HRN7hq+GkELRPR9zjOCI:NBpapWhqGQ9zK3
                                                                                                                                                                                                                      MD5:511A6CD95CB5E50ACC7C7B97F8DE3531
                                                                                                                                                                                                                      SHA1:3AE756447C028A59CBCFB20CEF96483337DE4B5B
                                                                                                                                                                                                                      SHA-256:2CF2328B2BB67EFB7A4021E6B1093282826A7D221BD3B3B57C145E5E13374456
                                                                                                                                                                                                                      SHA-512:033E5553663D65A66007021D5773BB3046C2B24D51A991C83E1B025170E9D04B910273467CBAEC9CDE12B79DB10E2C9685AF5722BBACD603EEEA5ACB565F4788
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....b{..........." ..... ... ...............................................P.......6....`...@......@............... ......................................$........P..8)...@..........p...............................................................H............text...~........ .................. ..`.data........0.......0..............@....reloc.......@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.Extensions.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):18224
                                                                                                                                                                                                                      Entropy (8bit):6.562338179216365
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:5/Sj5rt9x+vFW8gNWXNX6HRN77pGR9zqYI:5qj1tSOIW7Y9zPI
                                                                                                                                                                                                                      MD5:33FB9BBBCBA3E7BBBD7BA9216958008B
                                                                                                                                                                                                                      SHA1:7660B39FDF52E35EDF106D6900F2C7862121EEA4
                                                                                                                                                                                                                      SHA-256:C31F0812B87812A10627C8603CA265E1A33927047134B1DD5CE69356869E250C
                                                                                                                                                                                                                      SHA-512:D51FD4D60B53C8BD23BC285FF34C447CEB517C3E402A8D61DB397996C3800F268B4F0ABEBEAC12BF42B608506EDCBF66CC4A27E46C0842B9BA149DAB61E5F01D
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Y............." ..0.............22... ...@....... ....................................`..................................1..O....@..................0)...`.......0..T............................................ ............... ..H............text...8.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................2......H.......P ......................l0......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................I.....3...................................................i.v.........N...........%.....B.....5.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.Handles.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):15664
                                                                                                                                                                                                                      Entropy (8bit):6.814505381555342
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:6lfzxAd9sbIWAZmWwXWxNzx95jmHnhWgN7aIW2a3YHnsTX01k9z3A1yb9:AftoObIWAZmWwYX6HRN7+YMTR9zUg9
                                                                                                                                                                                                                      MD5:5E4C20E0A38D62A629E7009686E20264
                                                                                                                                                                                                                      SHA1:27459AD6B3431B3B522CBD4AF7CB8DA84618353D
                                                                                                                                                                                                                      SHA-256:FF10134A6AB7612D6AA2A368B1C6F3173A30CBB1ABF8D517C97895DE72132F2C
                                                                                                                                                                                                                      SHA-512:5F11D193335F8556E66A040B1D29B18BEEDEB2F3FF1DE4E59D278E9B9E45464F9B5389C7815DB5A8889BCCB754F9B7F6E58B4535FF749CC33FF701B43516CEDA
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....{..........." ..0..............)... ...@....... ..............................z.....`..................................)..O....@..................0)...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~..D.......#Strings....0.......#US.4.......#GUID...D.......#Blob......................3................................................(.`.....`...f.................L...........|...........a.......................H.....z...................(.....(.....(...).(...1.(...9.(...A.(...I.(...Q.(...Y.(...a.(...i.(...q.(...y.(.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.InteropServices.JavaScript.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):51480
                                                                                                                                                                                                                      Entropy (8bit):4.96736494913135
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:bOxGMiFMwIIARptGdwWxroe+MH1Q+k71pb52BWAD9zh:bOwMiFMwIIAR3GwWxUezVzkjbeWApzh
                                                                                                                                                                                                                      MD5:B3CBC3F39F271F7E23A0959D2C4A26CD
                                                                                                                                                                                                                      SHA1:FD29277A423DF0E2C107E3C306228C665767E99E
                                                                                                                                                                                                                      SHA-256:B5415B6BE10C1E87BF8FAF4206471EAD93E0AA4F445CA8CD9F35B8EAF8158D90
                                                                                                                                                                                                                      SHA-512:A0D7B80F572ACFA60B92CBBDF06EDE4050944281D96E419DED9C014DA085387B2A9D841BC28E5DC88562BF92720E6AFC516E744E16FA4E9C4E6E1C173CEC744E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....m..........." .....p... ......................................................._....`...@......@............... ..................................$................)..............p...........................................................(...H............text...Zg.......p.................. ..`.data...............................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.InteropServices.RuntimeInformation.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):15672
                                                                                                                                                                                                                      Entropy (8bit):6.847005993457445
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:K7e1enxAbDNrWHDUWMqWxNzx95jmHnhWgN7a0W0kzj9BtaFFX01k9z3Ay3mKPUpc:KCUxQBWHDUWM5X6HRN709WR9zBbMc
                                                                                                                                                                                                                      MD5:13D864886ED9DAF09E800B3851B4A05E
                                                                                                                                                                                                                      SHA1:5F7DE3337CD71E167B6D70626D29DC7139AB765C
                                                                                                                                                                                                                      SHA-256:357797FEA3E2F1FAE6DB8F47AA096BDC35707BEB16EA912019877812708841D4
                                                                                                                                                                                                                      SHA-512:F561129CEEB84C4C0AE1C605887907E9ABA9BF20A5107828F706D3A5BD075C87C918B0551845208D81A1AD65CE7844044187430F943EEF8253FD257AC6E937F7
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C./..........." ..0..............)... ...@....... ..............................&.....`.................................{)..O....@..h...............8)...`......X(..T............................................ ............... ..H............text........ ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..(.......#Strings............#US.........#GUID...........#Blob......................3............................................................@.O.........k.....&.7.....7...V.....l.7...;.7.....7.....7.....7...".7...T.7.................I.....I.....I...).I...1.I...9.I...A.I...I.I...Q.I...Y.I...a.I...i.I...q.I...y.I.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.InteropServices.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):96544
                                                                                                                                                                                                                      Entropy (8bit):6.028171254215127
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:4o6MupEelCtJfKS6+67NspnSPM+l5+CkmVhKWHOiOyzUizB:4o6R3lCto+dSPM+rJkm7NOxMUil
                                                                                                                                                                                                                      MD5:1DF866F691DEF4290407F5CF01B996AD
                                                                                                                                                                                                                      SHA1:B2BA5AF3F80AAB63EF2FECF6341B44DEAE201AC1
                                                                                                                                                                                                                      SHA-256:127EA3F2FF47CEA14C082B2ED22066554D22C9D8F97DC0D403B17042FAC62A5B
                                                                                                                                                                                                                      SHA-512:6F96AEC2ABF7F6E96B7699F67CC8547334277C8E502E6ED357713C54B68FAF264B1843EA42E6AB0F7C6AD7DCC1098B9042E1D5F15E93DB6F8D346F613D1F6A1D
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....]............" .........0...............................................P......>.....`...@......@............... .......................................(..\....P.. )...@......`...p...............................................................H............text............................... ..`.data........ ... ... ..............@....reloc.......@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.Intrinsics.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):17208
                                                                                                                                                                                                                      Entropy (8bit):6.6141833133111865
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:JYzYQZrDroWmyLWyoWxNzx95jmHnhWgN7a0Wdd7/mcj9BtaFFX01k9z3Ay3mIamu:JYkA3EWmyLWyHX6HRN7k7/mi9WR9zB7I
                                                                                                                                                                                                                      MD5:66227035D9417A2E4B4FA6598FEA969C
                                                                                                                                                                                                                      SHA1:398C254B721337177A5BB236D49CA6E2B218095E
                                                                                                                                                                                                                      SHA-256:3A18C5B41B723D5DABA3088D621D4EB8DCEB97FA9B2C4A850D54FD4381DC3C22
                                                                                                                                                                                                                      SHA-512:26D4059CB06967641E5A935B36A7AB50FCCE0B7374E62BFE275B2C138B46ED9B8CF1E4B1F7C029586B8D9DD913F736EEED8C7E489A5FF682AAEF67DC2202E0E5
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{............."!..0.............~/... ........@.. ..............................^.....`.................................#/..X....@..................8)...`......,...T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`/......H........ ..\...................P ......................................E....H.m`.D...&....z../.....~..%....A.:.~.bX...........d.kS..F.z...z.......*.....(..a .L.J~,&_kh.I.4..FNO.{B.-S.e.S.....j....BSJB............v4.0.30319......`.......#~..P...d...#Strings............#GUID...........#Blob......................3................................M.....I.........B.$.....$...[.....D...........A.............k........."...........{.......................b.....o.......$...........

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.Loader.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16184
                                                                                                                                                                                                                      Entropy (8bit):6.74808977719352
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:pDUElhzxNeW5ZGWnWxNzx95jmHnhWgN7awW59FeHqj9BtaFFX01k9z3Ay3mRcbe:dUEl38W5ZGWoX6HRN7g9EHk9WR9zBK
                                                                                                                                                                                                                      MD5:4ED4A34C35F7B26E8E246D16C2DE6A53
                                                                                                                                                                                                                      SHA1:2FD8657B37AE7750FE1CADC7D555041063CAF821
                                                                                                                                                                                                                      SHA-256:F106DF84A047BA38B018AB7BBA10E2D2D6B2A5FFE5762CE8208C339AF3BB21C6
                                                                                                                                                                                                                      SHA-512:3A7CC11E455ED511313366B5A2527BC52698B8958E9E7E20B56768C9561D10BBF13A2D327AE0467A5DC64F7643B8D16D6A65CAE1C4E1CED6F62360C9C535F90F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...pp............"!..0..............*... ........@.. ...............................;....`..................................*..X....@..................8)...`.......)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H........ ......................P .......................................1cc=.m.y-v..Z......9,.....8.5.....R..k.....tk.MM.i....s.^.Qx.D#$..t...3......@<........gy+.n.....^...#W....$b*2..b.C...BSJB............v4.0.30319......`...(...#~..........#Strings....0.......#GUID...@.......#Blob......................3..................................................P...X.P...p.....p.......v...V.....z.....).......1.....1...?...........>...............................P...........

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.Numerics.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):330024
                                                                                                                                                                                                                      Entropy (8bit):6.652134966205565
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6144:K103Ufy7eeqvaM7BWp5lsQV57Q5t9dtIKcB9+:K10kfy7eeK7MlRV574t9dtUz+
                                                                                                                                                                                                                      MD5:3ACFFC369AECF966DD9C9E1F6FB966B6
                                                                                                                                                                                                                      SHA1:AA0A79D6AA6760A71B2A2E47E03BE0A43892FE1C
                                                                                                                                                                                                                      SHA-256:55D0E21E8AD1F851E0803AC655D9FCA5BEDA6692592FEE421C179AF64109DA43
                                                                                                                                                                                                                      SHA-512:DFB97F5F791CBBD7C308754BBEB4D63A0AFF098313113B931E74CF824F67B765D3667662840BCBA8DCC9BDB07960D83408B7227A1749A6905CD1851C7C0F15D8
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........@......................................................\J....`...@......@............... ......................................hn.. .......()......p...X ..p...............................................................H............text.............................. ..`.data...-#.......0..................@....reloc..p...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.Serialization.Formatters.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):309544
                                                                                                                                                                                                                      Entropy (8bit):6.565288812451409
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6144:lzv7WOXu33WPEei5EZNqHRk5XDiio9gZbzZYNAgk74dzzKL2zLjRByB+dhBDIoca:rWLtBxTDhcnFUB2aKg97zc0
                                                                                                                                                                                                                      MD5:5D3970DB4A500B2349BFA20B83BD69E8
                                                                                                                                                                                                                      SHA1:A4DDB5936ABE75A46A83A293771B2434E3C47A83
                                                                                                                                                                                                                      SHA-256:748CCE10A02BBF3D24A1C6D7FEBFF0E5A8E7AE2E9C423BC904643B8D54FE6297
                                                                                                                                                                                                                      SHA-512:3F57F56FF97E63FA130A204DA1B63811D0B77EEC9B41A70F12204855B395CAB6C6169972C20B149DB4EF6148313FCCBEAF6FDEC5F228EDC06400711F6E9C0275
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....I..........." ..... ...`......................................................+9....`...@......@............... .......................................i..`.......()...........#..p...............................................................H............text............ .................. ..`.data...'N...0...P...0..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.Serialization.Json.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16136
                                                                                                                                                                                                                      Entropy (8bit):6.748110626945014
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:JkByVWbuodB5W+GYA6VFHRN7ykhpR9zldp:JkByWVdBRGFCl3D9z1
                                                                                                                                                                                                                      MD5:44DBC666AD269986DA0AA1D4870DCC43
                                                                                                                                                                                                                      SHA1:787AFE4CF6DA55E71A0BB946CCF9BF41FA0FA284
                                                                                                                                                                                                                      SHA-256:53BDE641865F6240C7C7228809953607A2609B72D096197EC07495E44686F87F
                                                                                                                                                                                                                      SHA-512:663BBD7021ECE6A80CE2E9A02AADA4EB5EEEE54155DEB5E389F28C3E45E7D4E31CD2E1C8A49D4F626CF5AC226B416C975AD76F0F4B4E8B756D136D950ED5019F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"!..0..............*... ........@.. ...................................`.................................W*..T....@...................)...`......P)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H........ ......................P ...........................................!....Id|....I.;........( G.h...Fb..U.<A..YM...s...<7.i)h.'?.....]...-...c.+.?..P..mR.="..^......Y....(y[.qK..u.f....zBSJB............v4.0.30319......`.......#~..x...d...#Strings............#GUID...........#Blob......................3............................................................3...........^.......O.....O...a.....w.O.....O.....O...w.O.....O.....O...G.O...I.........................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.Serialization.Primitives.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):39224
                                                                                                                                                                                                                      Entropy (8bit):5.151825928966964
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:tHWFISJBrW2ANFdBha0I5qzv80n+a8+gEOR9pnUkO2akIGt6HHD9ax15JRXSCX6r:tqxJBgjaVyU+g99pns3KNWw9zn2
                                                                                                                                                                                                                      MD5:977C08FFE5527A368DD5DC4F6E5743D5
                                                                                                                                                                                                                      SHA1:A9BDBEC552469651D6B74AAAA211DB2895BAD869
                                                                                                                                                                                                                      SHA-256:1439D12A15B1745DAC140FBBC659638D665A86F7ADDA6B4369D9F50E008256A6
                                                                                                                                                                                                                      SHA-512:0A588E32424B43D3EA74A7A8FFD7F54BD069F4BADF7A4C134DB8A8A25EBC49FCB472A3F76CC08FC2C9FCA026AE8FF6E05A2C943E45D757B09447C105343664D8
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...w+............" .....@... ...............................................p............`...@......@............... ...............................................p..8)...`..,.......p...............................................................H............text....>.......@.................. ..`.data........P.......P..............@....reloc..,....`.......`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.Serialization.Xml.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):17200
                                                                                                                                                                                                                      Entropy (8bit):6.683002357395069
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:awskrZI8NuKRMWsBfBBgWP5X6HRN7Mz9bt5R9zEx3g:6krZI8NuKRiJBBTWIx9zP
                                                                                                                                                                                                                      MD5:992AA05D8ABFFC669C94BD88A399D792
                                                                                                                                                                                                                      SHA1:916EF573E5D82591100DD06C6A6FA8C80A7418E8
                                                                                                                                                                                                                      SHA-256:D37E6A8F6B3882C3F601C80880E6A9721C42A175C29F553695B42C16774585B6
                                                                                                                                                                                                                      SHA-512:087F0A38A67246FADB517F54A0BEBFD11D7725D90960822137FAA82A3661FD18033C9761E70BB24D7551C84902D07721E2D10D1C8250BB51C53385136F78485D
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....M..........."!..0.................. ........@.. ...............................5....`.................................M...N....@..................0)...`......H-..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B........................H........ ..x...................P ........................................"...;..%..;.......L.Q.^2~.m.o/6...."....8.jQ.>.fn..*....b...>.?+.J.[...p{.+.So...z..f...0..T....>V.Z.ug.9..4.....;\...)BSJB............v4.0.30319......`.......#~..........#Strings............#GUID...........#Blob......................3................................"...........................W.a...............=.............Q.........R.......................9.....k.....m...................A.....

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.Serialization.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):17192
                                                                                                                                                                                                                      Entropy (8bit):6.684282851066347
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:LkXP2tNCj8N8LWgMr4BHWGYA6VFHRN7GkELRPR9zjO0jQp:LkXutNCj8N8Po4BlFClxQ9zKhp
                                                                                                                                                                                                                      MD5:1B4D714283918CC3F29285ADCC30CAEE
                                                                                                                                                                                                                      SHA1:FE85DD75367C8AB9AA9CD6430C553A18237C1F8C
                                                                                                                                                                                                                      SHA-256:06CD0BD2011F05F72D0F413489443354D7946A33F6B78B1DFDC939A8F9080696
                                                                                                                                                                                                                      SHA-512:314EAA273347B7A28DEACB78E25D6495090E8DC5594C3CF443DE7D5EB748014B37EA19BA36543FCCC7FA6CCB1C259E33AAF662B05AF3F824B8717E67E555884E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....*............" ..0............../... ...@....... ...................................`.................................y/..O....@..................()...`..........T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................./......H.......P ..............................................................BSJB............v4.0.30319......l...d...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................~...<.~.....S...........Z...a.;...{.;.........#.;.....;...0.;.....;.....;.....;.....;.................3.....3.....3...).3...1.3...9.3...A.3...I.3...Q.3...Y.3...a.3...i.3...q.3...y.3.......:.....C.....b...#.k...+.....+.....3.....;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Runtime.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):43816
                                                                                                                                                                                                                      Entropy (8bit):5.851306072446327
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:2+1fsSED2vCeDQvRzXB3gWql6375IVxedktN7xPBhwsR/JG39QRoNvsh2JcfoDLu:KB/LuYdy50b4b7RSHTSkingzIh
                                                                                                                                                                                                                      MD5:DAC7D72763E59A64C0D706325B747D92
                                                                                                                                                                                                                      SHA1:5890F0EE30B86E01AB55D6017261554D16F6C916
                                                                                                                                                                                                                      SHA-256:9C506C9347F872C3375255F744DCF83B71A96FF71CBF4A19B39873FA22F73C22
                                                                                                                                                                                                                      SHA-512:4218CA96D6D2D4E24E3B6A70A87890A9035156D522D217F48999870F644548A7BC5C09B78B23DE41C5974C375F9D03ED49054A173B4230AE835FF808469CE50A
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"!..0..x.............. ........@.. ...............................y....`.....................................V.......X...............()..............T............................................ ............... ..H............text....w... ...x.................. ..`.rsrc...X............z..............@..@.reloc..............................@..B.......................H........ ...u..................P ........................................!..d.?..:9.S...J.!j.op<.\.M...=...hQ.Y.5.../...Un].......)<..E....H..Ltf.'..*......R.....b.~.. t!...]....?..F.4.RBSJB............v4.0.30319......`....2..#~...2..T@..#Strings....<s......#GUID...Ls......#Blob......................3................................{......#...........6..`..6....m6..(7....4.. .....%.....%....m#.....6...!.6..&..%.....%.....%..s..%.....%.....%.....%.....6..........

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.AccessControl.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):231696
                                                                                                                                                                                                                      Entropy (8bit):6.491225217557608
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:7XHFwjow9j0rKu8bmb3KD/L8V8/6Xe9QF+wVkjoxFwGzXGA/+PXuPXpP:hwjow9A4bmrA/mtFdWfuPh
                                                                                                                                                                                                                      MD5:AEC18CE525B03B3359FBC19E00D6FDED
                                                                                                                                                                                                                      SHA1:F69D5504D3A4107B43E743FB714B2EE8C340178A
                                                                                                                                                                                                                      SHA-256:DE77B6A860B6D1E9DBB6E260EF352AA9981A4A76C18A3BD144A6F8F041BBCF64
                                                                                                                                                                                                                      SHA-512:0D7BC1B94563186D36276E57FAB09D85F1269BBA230331077F61C8E96F53A0F97B99AFA6E6859C8A0F378C2B44979B2098C3841FF639B134041459C69FCE985D
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....}............" .........@...............................................`......-.....`...@......@............... .......................................V..t....`...)...P..H...X ..p...............................................................H............text...S........................... ..`.data....$... ...0... ..............@....reloc..H....P.......P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.Claims.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):100632
                                                                                                                                                                                                                      Entropy (8bit):5.968533454375661
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:mt2q/as3w2pm4X+bX5SdluDQu6O/UZxOQwQ7rzUU3q2bP64LrSjYFFQWEzwC:mMU3LpmG+bJS7uP+pXSsFKvT
                                                                                                                                                                                                                      MD5:31E935263D51F39C224E403BD5D7CC00
                                                                                                                                                                                                                      SHA1:8AF5EFBC150D8F944ADF84F89BFD9C11D00183E1
                                                                                                                                                                                                                      SHA-256:9AEDEB23632F45084722906CED314074FB14E08478545A221AB6476FEBBAFF0B
                                                                                                                                                                                                                      SHA-512:6B95226C760DE73C85A4A9ED972C1F51F14B50087BCCAC290A31813FF3F6F882F7B5C7EE21352F504ADCB7324214827D32BF9FE1DC34447520D97A7C12758D1A
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...m............" .....0... ...............................................`............`...@......@............... ......................................x+.......`...)...P..8...H...p...............................................................H............text....#.......0.................. ..`.data...{....@.......@..............@....reloc..8....P.......P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.Cryptography.Algorithms.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):17680
                                                                                                                                                                                                                      Entropy (8bit):6.616772216364839
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:nXqqGWqkBWxYA6VFHRN71aEpcR9z0B7i7:XVFoFCl1aEpw9za6
                                                                                                                                                                                                                      MD5:3E2C2FBEF86A88B2BF2FD8B177FD6D0A
                                                                                                                                                                                                                      SHA1:3B2B791ADBF69F9A37597B80FBA9E9932E49A6BD
                                                                                                                                                                                                                      SHA-256:A28C5AD8CFC585C3D225B07AC28C359EACE65765EAA306FF44D7A6511262792D
                                                                                                                                                                                                                      SHA-512:6671151577CC961CE2C016543EE78C6197ED5BA9ACBAD855641AF5F661BB0BB4A5253E9E7BB5AE52253ED451F90818289826C242659ECCE405C25F1B0092C83D
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....A..........." ..0.............V0... ...@....... ....................................`..................................0..O....@...................)...`..........T............................................ ............... ..H............text...\.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................70......H.......P ..$...................t.......................................BSJB............v4.0.30319......l.......#~..t.......#Strings....|.......#US.........#GUID...........#Blob......................3................................>...........................?.....6.....j.....%.d.....d...U.M...k.d...:.d.....d.....d.....d...!.d...S.d.....H...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.Cryptography.Cng.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16664
                                                                                                                                                                                                                      Entropy (8bit):6.725385029818809
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:GvVnAxNaH3xA+Dr+jWx2fWRFWxNzx95jmHnhWgN7agW3GByMyttuX01k9z3Al6td:mbHh7KjWx2fWoX6HRN7W2cSR9zi6tL5
                                                                                                                                                                                                                      MD5:B00B172EC15D23D3BED84FCFA40D59D2
                                                                                                                                                                                                                      SHA1:2B98143649573E5DF30EE989D46D1DE956BDFC4F
                                                                                                                                                                                                                      SHA-256:A589AC8A9E90BA4F3E96CEC8B360B894DAB5FBDEF0004EF428258A9DC28D309B
                                                                                                                                                                                                                      SHA-512:3822F4DC24FF40893470D15E05E4E54933D19350227CF07696231A8C7EAF955AC4B303C075FED0AE2AB6C25BF790F889178C06F340F2D22BFA342231EEE6E5F9
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#..........." ..0..............,... ...@....... ....................................`..................................,..O....@...................)...`.......+..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P ...................... +......................................BSJB............v4.0.30319......l...<...#~..........#Strings....0.......#US.4.......#GUID...D.......#Blob......................3......................................d.........J.!.....!.........A.......J...n.....,.........................................j.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.Cryptography.Csp.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16152
                                                                                                                                                                                                                      Entropy (8bit):6.795290241765418
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:sSbUikV/AvcaTAFCA3xAiHIRWLgtWhW+WxNzx95jmHnhWgN7acWVxwVIX01k9z3G:RbUlhfIRWLgtWwFX6HRN7eR9zEOrc+E
                                                                                                                                                                                                                      MD5:E593AE76E4CFAC375120915947952FF6
                                                                                                                                                                                                                      SHA1:8015474D50021C65A65867636086E4A8A3A6F347
                                                                                                                                                                                                                      SHA-256:5DA38D4A9EB67C2EF23B416A505E0FDB2A22FD5FE45D241645B37B5B5F0BCCE8
                                                                                                                                                                                                                      SHA-512:43C7368A394B119839BAC8FC2B0F9213307C84F297CE480C0BFA3DF6300F3AA7B55E64E789D1EF619E88364387CB11D2228015D3A2CC8338596348D7B2772A0D
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...6J............" ..0..............+... ...@....... ..............................".....`.................................}+..O....@...................)...`......|*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P .......................)......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID... .......#Blob......................3......................................................x.....3.n.........^.................I....._.................w.................G...................h.....h.....h...).h...1.h...9.h...A.h...I.h...Q.h...Y.h...a.h...i.h...q.h...y.h.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.Cryptography.Encoding.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16160
                                                                                                                                                                                                                      Entropy (8bit):6.7458016577263
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:szoXpW5ZWWLhX6HRN7SmO/7R9zj2INRSX:szoXGDpWfOF9z6b
                                                                                                                                                                                                                      MD5:FA0C6A5EBA91D8A8B17232345900DD2D
                                                                                                                                                                                                                      SHA1:75AE67259791C5D4F580A9D2E0E7A892CB3B0902
                                                                                                                                                                                                                      SHA-256:AA82B36AF87D73B54AB0F0E5EFD9FDB16AAA6D3F385F238364ACD36E482999F6
                                                                                                                                                                                                                      SHA-512:8A76EF22006A7D4D3DF580CE00D310574251A91E942400E39637B57840EFE8386E51E27C92839E63038397CC900EFF43FEFD68A6E8820FF0C03CAB924F7DF812
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z............." ..0..............*... ...@....... ...............................w....`.................................s*..O....@.................. )...`......h)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...L...#~......<...#Strings............#US.........#GUID...........#Blob......................3................................................ ...........^.................D.d.....d...t.7.....d...Y.d.....d.....d.....d...@.d...r.d.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.Cryptography.OpenSsl.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):15624
                                                                                                                                                                                                                      Entropy (8bit):6.84073937768766
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:sygdxAWK9WAm5ijRW8ZpWjA6Kr4PFHnhWgN7acWLmFGyttuX01k9z3Al6tLw737I:ca9WAm5ijRW8ZYA6VFHRN73SR9zi6tLr
                                                                                                                                                                                                                      MD5:09D34FE80AF19BF5B77BBEFCC01F6E6F
                                                                                                                                                                                                                      SHA1:0A4FC9635C6710682C6D7FE32F91DC28C29ED7BC
                                                                                                                                                                                                                      SHA-256:F644B4FA91D1BDC0596F390C99A123C206D0115FDD18CE778A23254066F46270
                                                                                                                                                                                                                      SHA-512:E8131DB3070617A09955EFC7D267B2687A6FCFB7BD061FE027B54721C461E4D7119A0E80DD346865D187BE548001064A900479E99922835D90EC1222659D3DEF
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....r..........." ..0..............)... ...@....... ...............................U....`..................................)..O....@...................)...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~..X.......#Strings.... .......#US.$.......#GUID...4.......#Blob......................3..................................................|.....|...E.i.........p.....+.Q.....Q...[.J...q.Q...@.Q.....Q.....Q.....Q...'.Q...Y.Q.................c.....c.....c...).c...1.c...9.c...A.c...I.c...Q.c...Y.c...a.c...i.c...q.c...y.c.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.Cryptography.Primitives.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16136
                                                                                                                                                                                                                      Entropy (8bit):6.783350992582665
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:IJ6y3F1cxAKh7jWI+3WepWjA6Kr4PFHnhWgN7acWWPVs8RwX01k9z3AzBhJ:pW7KLWI+3WeYA6VFHRN7Re9R9z6HJ
                                                                                                                                                                                                                      MD5:67BD5079FEA8657220315ED9B2DBAF97
                                                                                                                                                                                                                      SHA1:63F0A66127FEF3021E2B64B53758FF202C3318FD
                                                                                                                                                                                                                      SHA-256:13BC715968175667FEC2E02B13300F5DE2A867B754B79439D2633FF3F9240560
                                                                                                                                                                                                                      SHA-512:05B77B8A04F623F79E91D3381FFBABE7865089EFEFBEB29CDB016856C80D2CDEEB72473872D237B9A23F937CEE82021165BFF05E51065C4F8DE71B5B273A6EA7
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{x..........." ..0.............z+... ...@....... ..............................9.....`.................................'+..O....@...................)...`.......*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................[+......H.......P ..H....................)......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................................4...........r.................X.............(.........m.......................T.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.Cryptography.ProtectedData.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):37656
                                                                                                                                                                                                                      Entropy (8bit):6.5556240105252215
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:2iw9pjvYwx7FVx7YvcT+ClqBN0WrRxw9zew:2iwLkAFXfllq0WrIzew
                                                                                                                                                                                                                      MD5:FDA921FB799406EB3F8F68B23A4690A4
                                                                                                                                                                                                                      SHA1:9BF2AB8EE33A83F88898AE1E29C9EE58B298A277
                                                                                                                                                                                                                      SHA-256:DF4611DE8DA1B0A9C643C94CDCE53FCBCFF3B6169AC6482DB917D47DD3BCA0C6
                                                                                                                                                                                                                      SHA-512:D142EF66DBAF43E5F0A20DAD448F0FA1F903B42318A0B310DB3B29B9DBD27FB62C6CBB635CA6D5ABE61CFBE3E5BB6186D28D8E11E8ECA12239A2ACAFF4944C90
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....x..........." ..0..^...........}... ........... ..............................yE....`..................................}..O.......(............j...)..........||..T............................................ ............... ..H............text....]... ...^.................. ..`.rsrc...(............`..............@..@.reloc...............h..............@..B.................}......H.......8'...N...........u..8....{........................................(......2.. ...._ ....`..s!...%.o"...*..0..........r...p..(#...-..*.*.~u...*....0..........(....,..*..(.....o$......&...*..............*....0...........(.......(%...-..,..*.*.(....,.rO..p......%...%...(&...*..('...*.(....,.rO..p......%...%...%...(&...*...((...*.(....,!rO..p......%...%...%...%...(&...*....()...*..,&(....,..rO..prO..p.(&...(*...*..(+...*.*.(....,.rO..p......%...%...(&...*...(,...*.(....,.r

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.Cryptography.X509Certificates.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):17184
                                                                                                                                                                                                                      Entropy (8bit):6.739673851144617
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:kw7H2ocvxA4fjxWemfWkqWxNzx95jmHnhWgN7agWMVkCY00pyEuX01k9z3Aly+E2:DH2ocZpWemfWk5X6HRN7LVVEpcR9z0Bv
                                                                                                                                                                                                                      MD5:3CC8CAEBB57D05D1909F39A6D647B901
                                                                                                                                                                                                                      SHA1:29F8797E4DD7F5BCD863FFBB7888029BD363361B
                                                                                                                                                                                                                      SHA-256:5826E377C017BB5C872E173DB728BB38FF072D1E0FB26B8E19B9ECA088752918
                                                                                                                                                                                                                      SHA-512:927D96034350439D2DE069018158A2A9F2C9BDEA8520AA09B3232ABD2C2283B41EEBD2A661A46333D4F95339B5191FC72F6F192FE7C6C6C4428BAD5661CC76C7
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...K............." ..0............../... ...@....... ....................................`.................................s/..O....@..H............... )...`......X...T............................................ ............... ..H............text........ ...................... ..`.rsrc...H....@......................@..@.reloc.......`......................@..B................./......H.......P .......................-......................................BSJB............v4.0.30319......l.......#~......T...#Strings............#US.........#GUID...........#Blob......................3................................-.....r...............'...................X.....k.....k...........k.....k...i.k...&.k...C.k.....k.....k.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.Cryptography.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):2050328
                                                                                                                                                                                                                      Entropy (8bit):6.67414937170935
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:49152:edeK2ZryEXV6VZMxfVRVgmJE2Jjd6ECxObm8w3b41R:edeFfxfxgeu41R
                                                                                                                                                                                                                      MD5:18921E60094E6EEB74476CA10F785368
                                                                                                                                                                                                                      SHA1:CA39FBBF0481B521F289C189892CD4BDC6D2D09C
                                                                                                                                                                                                                      SHA-256:028606C9C16ACDE6BC7874809E2417FE6FD7BA94D3DCFD04CFCE5A4C21F16FF4
                                                                                                                                                                                                                      SHA-512:0BC5B20C232E9F13EC372FA6BE23DE495D9EE0FDBB577C104EBCDA0EE349F9282A68B3C88997337EC2ABF0DAC01885143BC9188B3308CAC5C1263112CDF8495F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..............." .....`................................................... ...........`...@......@............... ..........................................d.... ...)..........P...p...............................................................H............text....V.......`.................. ..`.data.......p.......p..............@....reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.Permissions.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):92536
                                                                                                                                                                                                                      Entropy (8bit):6.1674565969059065
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:MOL/mLfHu4bKQI8qWMbnFMRyWBLa+o6jcxbgbfW:efpKQI8LMjFMzBLa+o6jtK
                                                                                                                                                                                                                      MD5:3A92C18C24D85F60F23BECD852F1510A
                                                                                                                                                                                                                      SHA1:F8EED1FAD4218F32A1251FAC65D42DBED903FC77
                                                                                                                                                                                                                      SHA-256:74EF3B67960A9B569FED9AC457157769DBFE433B0F4FA13C52167C2246BFED71
                                                                                                                                                                                                                      SHA-512:BACDF908AD5A92577EB12EF3A7342B8D4DAC67C5D8FDEEEAE044677D0D35DB64CAF9878C1F1B96F30549849AF3351588AA5271C1C6D2B6003658554E553D4911
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..<...........[... ...`....... ....................................`..................................[..O....`...............F..x#..........8Z..T............................................ ............... ..H............text....;... ...<.................. ..`.rsrc........`.......>..............@..@.reloc...............D..............@..B................b[......H.......(J..0...........XU..`....Y........................................(....*..(....*2.(....s....z..*..*..*.s....z..*.0..1.......(....,..%-.&.*..(.....o ......&...,...o!...,..*.*....................(....,.r...p......%...%...("...*..(#...*.(....,.r...p......%...%...%...("...*...($...*.(....,!r...p......%...%...%...%...("...*....(%...*..,&(....,..r...pr...p.("...(&...*..('...*.*.(....,.r...p......%...%...("...*...((...*.(....,.r...p......%...%...%...("...*....()...*.(....,"r

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.Principal.Windows.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):186640
                                                                                                                                                                                                                      Entropy (8bit):6.420537455369693
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:72kZDNC/sCTyRdtl63xJYrwkpDCRi1CSB2TOK1BguZbKXm:7U/sC6Ll67YrLpDCR4B2rPjxK2
                                                                                                                                                                                                                      MD5:7C560E02F8DFD723471F71CB71C0CCAA
                                                                                                                                                                                                                      SHA1:C1EA98009AEA6C3B12E078965CA3472E44EDA305
                                                                                                                                                                                                                      SHA-256:59815FEAB7B47ABF6E7D4231A7081452B256704A3834C6A927A9E74C03897B9F
                                                                                                                                                                                                                      SHA-512:32120BCF4D3E5C7A5AE676688FA8F0102C752E059C5EAF8987B37EAF3436C6892F9D1E7B3C531DB808E1E554316E24ABB0E3848705517833309954EBD537B037
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .....`...@......................................................g.....`...@......@............... .......................................N...........)..........p...p...............................................................H............text....T.......`.................. ..`.data....&...p...0...p..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.Principal.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):15656
                                                                                                                                                                                                                      Entropy (8bit):6.8053996554852345
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:CB0LZxAyk4jWVUmfW2fpWjA6Kr4PFHnhWgN7aIW5agiZTOebR5X01k9z3AZZNFrg:zLD+uWimfWcYA6VFHRN7b9bt5R9zExr
                                                                                                                                                                                                                      MD5:C9285D5497F2850234F48A0CF5619C0F
                                                                                                                                                                                                                      SHA1:1B3AEAF0C40E401C1A2B4C19EAD12314B5782DDF
                                                                                                                                                                                                                      SHA-256:902D836B8CB066DC2279E4DE0979B5A380BDCCCCFA69634BA51111CAC2BE2F44
                                                                                                                                                                                                                      SHA-512:5EE72864A21C23B1AF540DAD95D67348837467A3CE19478B02223EE220441E40388B97C8E1110452F32EC2FB04BB63B649E49860153B5B1DF3F4D37D1C37866B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...J. ..........." ..0.............j)... ...@....... ....................................`..................................)..O....@..................()...`......$(..T............................................ ............... ..H............text...p.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................K)......H.......P ..T....................'......................................BSJB............v4.0.30319......l.......#~..4.......#Strings............#US.........#GUID...........#Blob......................3..................................................=...x.=...3.*...].....^.................I....._.................w.................G...................$.....$.....$...).$...1.$...9.$...A.$...I.$...Q.$...Y.$...a.$...i.$...q.$...y.$.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.SecureString.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):15664
                                                                                                                                                                                                                      Entropy (8bit):6.831153527632702
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:XMBPxo2xAjD/W1O3Ww81WxNzx95jmHnhWgN7aIWbTmAg7iDtagQ5X01k9z3ADqng:El6/W1O3WwpX6HRN7lriDtdQ5R9zaqcx
                                                                                                                                                                                                                      MD5:8CC719E1BA62CA6F7BAED90FDE41BF8A
                                                                                                                                                                                                                      SHA1:6F28D219D46E0A87658E0C46C5DABEFAE795F121
                                                                                                                                                                                                                      SHA-256:1AF90D82A617AFB3BCCFEEA39B6D18CFD3A7C93CC80C8B75DBFF0FD2E75E7BD8
                                                                                                                                                                                                                      SHA-512:E693831E7C4DE5BF2BF955A64D27B84F9ACABDC2BC6D7F150C582CE05E430C36BF48B22680E9A9831AE73A0615FD522576C22DD015CDE7D629413E200E5F138C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...y6..........." ..0..............)... ...@....... ..............................QU....`..................................)..O....@..................0)...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~..D.......#Strings............#US.........#GUID...$.......#Blob......................3............................................................3.Z.........^.......B.....B...n.;.....m.....m.....B...S.B.....B...w.B.....B...:.B...G.B.................T.....T.....T...).T...1.T...9.T...A.T...Q.T. .Y.T...a.T...i.T...q.T...y.T.....T.....T.......................#.....+.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Security.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):18712
                                                                                                                                                                                                                      Entropy (8bit):6.530599284978063
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:jIhDM3WsKDWYX6HRN71nRxB+R9zpj5g9Z:jIh4iPW1nRxw9z15sZ
                                                                                                                                                                                                                      MD5:0E43639AE0E98F9148C913477276A391
                                                                                                                                                                                                                      SHA1:507E7B61569746ED20B920BCAD7D5C803D1E7736
                                                                                                                                                                                                                      SHA-256:C0F486C4FC818613DFC50485F7201B5A59A79851C3CCAB2FD75EDAB2456C33C4
                                                                                                                                                                                                                      SHA-512:1340334B451CC8F81D4FF525F5EE47988E3339921A8891CB5B0026E32669FCC0363D560478C05A81A7AAE4C81CE018CBD0DD6510DE94DED13B0892CF0EB424D7
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...OZ............" ..0..............4... ...@....... ..............................+y....`..................................3..O....@..X............ ...)...`.......2..T............................................ ............... ..H............text........ ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B.................3......H.......P ......................P2......................................BSJB............v4.0.30319......l...H...#~..........#Strings....h.......#US.l.......#GUID...|.......#Blob......................3................................O.....................0...........3.......x..... ..... ........... ..... ...r. ..... ...*. ..... ..... .................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.ServiceModel.Web.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):17176
                                                                                                                                                                                                                      Entropy (8bit):6.64645995156569
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:y3nspYI7GWGlM5W6WqWxNzx95jmHnhWgN7acWUlM/wKUWX01k9z3A/ylK:ptGWyM5W/5X6HRN712R9zUoK
                                                                                                                                                                                                                      MD5:E6CEF184273D2FE35362FF4E5D866FF7
                                                                                                                                                                                                                      SHA1:F6A57545875E5B8E1C8C05C0040BE9EA78207E3E
                                                                                                                                                                                                                      SHA-256:3D08EB5338C0C588C1ABD53FE726BAE0607E0B50312F0079B678E3759FA1ABBF
                                                                                                                                                                                                                      SHA-512:83D7671DC0B7E99068C8F322B1A81B090B54379EBEE2F9D6FED4104A138BDA4202EB92394B003134B73B9A2317A6592AD304C1435C7EBE5DA1953B1761130477
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....1..........." ..0.................. ...@....... ..............................i(....`.................................7...O....@...................)...`......H-..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................k.......H.......P ..x....................,......................................BSJB............v4.0.30319......l.......#~..8.......#Strings............#US.........#GUID...........#Blob......................3................................&.....................?.................%.].....................&.................>.....[...................{...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.ServiceProcess.ServiceController.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):90376
                                                                                                                                                                                                                      Entropy (8bit):6.018416436217948
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:lgSTcNhffVHJWYMqX/SNdLWPFk+Z/7cGGFvTbUzw0N0DVikEp4zK:lgSUH22mai+Z/7cGoAw0N4VzXm
                                                                                                                                                                                                                      MD5:B79DA936AFFCE1000CB850BF8D06CD81
                                                                                                                                                                                                                      SHA1:89DB491EBB936406A9DAEC3D0E239B05A577A9BA
                                                                                                                                                                                                                      SHA-256:E238F591524D5410A6EA11020DAE4D8944509C8702DB8D2AB74DFBB3D1CEA140
                                                                                                                                                                                                                      SHA-512:767A6957C1F4061D14E82A9CD55E545777917A69976D49B3F1D044D0850D2555E534ABC78CCF4C624C7AE43AA4D8796DDC7587927A5466C474BA4486F12C0686
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$.)..........." ..0..,...........J... ...`....... ....................................`..................................J..O....`.. ............8...)...........I..T............................................ ............... ..H............text....*... ...,.................. ..`.rsrc... ....`......................@..@.reloc...............6..............@..B.................J......H........Q..x...........p6.......I......................................6.~.....(/...*R.~.....(/.....(0...*z.(1...~.......(1....s2.....*.*2.{3...(....*..0..........r...p..(4...-..*.*.~u...*....0..........(....,..*..(.....o5......&...*..............'....0...........(.......(6...-..,..*.*.(....,.rO..p......%...%...(7...*..(8...*.(....,.rO..p......%...%...%...(7...*...(9...*.(....,!rO..p......%...%...%...%...(7...*....(:...*..,&(....,..rO..prO..p.(7...(;...*..(<...*.*.(....,.rO.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.ServiceProcess.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16168
                                                                                                                                                                                                                      Entropy (8bit):6.754179132368782
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:9NNuGxAo1BpWnielpFWYilpWjA6Kr4PFHnhWgN7aIWjvkYHnsTX01k9z3A1WdS:NHHpWnielpFWpYA6VFHRN7BYMTR9zUS
                                                                                                                                                                                                                      MD5:E5C676801CA76BCBF074E99710503F02
                                                                                                                                                                                                                      SHA1:63C05E75C9862CFEE2B26FCA0BE3F1FB4C37E175
                                                                                                                                                                                                                      SHA-256:634A5D94940A58BC90AFC5DFC90839359B0A9B2F7E0D7F12CDDA3281DF96418F
                                                                                                                                                                                                                      SHA-512:4CFB1A78F5698345174BBA119D51E48BC85A8381D8174231A7A2DD65C0281E726E34260B5EA5D1AD71DF5580070D4B4017CA4D3D9CF0592CA25600EE58FFD328
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....`..........." ..0..............+... ...@....... ...............................&....`.................................?+..O....@..................()...`......T*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................s+......H.......P .......................)......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3......................................!.........f...........\.....:...........B.^...H.^.....;.....^.....^...+.^.....^.....^.....^...p.^.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Text.Encoding.CodePages.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):862512
                                                                                                                                                                                                                      Entropy (8bit):7.457167201577773
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12288:pf7xn7kZQ6kliVreJIHHr0tRYbKr2KtG9VKABC6rPSYBKgTWeybo:pD9km6k/IwRYbiBeKGCBYTyhs
                                                                                                                                                                                                                      MD5:ECB1B379B3BCB01ACB12FAEEDFC5D01E
                                                                                                                                                                                                                      SHA1:69BBEA3B222FF7566FA746572022F77F81122AF7
                                                                                                                                                                                                                      SHA-256:85F3296C927E27E28461F6325A05504C0AEA8B93CA79691542E2A9E9AF92D3C9
                                                                                                                                                                                                                      SHA-512:CC3E2AF695AF5AF4CCFDD981B15175A2525EAEBEB9BCB87C094E23FB156C7A50651B6600961741A0CCB1F7ACF2D38394F5395A846736371CAA6A1FD21FB1643F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...3l............" .........@......................................................g.....`...@......@............... .......................................B..p.......0)......<...8...p...............................................................H............text............................... ..`.data...`!.......0..................@....reloc..<...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Text.Encoding.Extensions.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16160
                                                                                                                                                                                                                      Entropy (8bit):6.7352349940283025
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:h7mXhp/SxgZW6sJWDWWxNzx95jmHnhWgN7agWP3zzccADB6ZX01k9z3AqRrimR:h6xiUW6sJWDdX6HRN7azzccTR9zlRrT
                                                                                                                                                                                                                      MD5:7B3BDED48604BACF38173A19CB38F269
                                                                                                                                                                                                                      SHA1:9D15D2AD99F7437C9AE1775898C739712F8E5F93
                                                                                                                                                                                                                      SHA-256:A875D0785CAE18EE30DB531303C166BA1A1D30C0CA4AB8EDD38FE04056F91EAA
                                                                                                                                                                                                                      SHA-512:A34CAD7DC195B6C5B8A5C89E3A93083B1D401B5F772807524CEDE69210B04BF8FE746D9925C2FDB18B8D0F7636CFDFE48CF26FB0095500739CDC48E141BF344A
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."!..0.............^*... ........@.. ....................................`..................................*..X....@.................. )...`.......)..T............................................ ............... ..H............text...d.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................@*......H........ ..0...................P .......................................:...f.r....j..:..........u.z..n...7..&.....:..75o.=n..j~~.Qe..S..H....B.u.:..S.......Jw..........."U.I".$.1.........J/D.\BSJB............v4.0.30319......`.......#~..`... ...#Strings............#GUID...........#Blob......................3......................................O........."...........;...........f.!...!.z.....z.....s.........;.......z...[.z.....z.....z.....z...B.z...O.z...v.............

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Text.Encoding.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16152
                                                                                                                                                                                                                      Entropy (8bit):6.725439980411438
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:vzLJxAKpjWfgNWeWQWxNzx95jmHnhWgN7acWGPh3PMx6RMySX01k9z3AcyxaNIP:jJWfgNWzPX6HRN7PP9LMR9zPyyw
                                                                                                                                                                                                                      MD5:A16009A8EEBE01B264F1BD291D51DAFA
                                                                                                                                                                                                                      SHA1:7B4646DF65B243BBF2134594B08082F7CFE8F4A1
                                                                                                                                                                                                                      SHA-256:5F1FAA88187672DC240B18D4199BB8040BBE8F3F7EEC939DEC5ABB1407137D22
                                                                                                                                                                                                                      SHA-512:8EE0BDDA4F5BCDEB139C0D225E10385DA131808E7279EBBF2ED81CED81797A4E9118FCBCBAE46C07545D0B9D5C0527B81FE63E8543FDDC55125560518E676B9F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...ql............" ..0..............*... ...@....... ....................................`.................................a*..O....@...................)...`......x)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...T...#~......T...#Strings............#US.........#GUID...(.......#Blob......................3......................................M...............x.....3.....7.....^.......m.....m...I.f..._.m.....m.....m...w.m.....m.....m...G.m.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Text.Encodings.Web.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):133416
                                                                                                                                                                                                                      Entropy (8bit):6.122557067980221
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:2bTDQlE37ykm3E5T+zpq5D3lhjdPTp8K76+d05HzdyRNX3Mpm4+SqUTiSc9zt:2bTDQlZx3E16qvZ5N77uLINnMkSqUT4R
                                                                                                                                                                                                                      MD5:3AD11258AF678B2C75F0010EF78BC7EF
                                                                                                                                                                                                                      SHA1:68B5984401243F1071D73EB0E3F021E043A17EB1
                                                                                                                                                                                                                      SHA-256:CF456FA426BEF36E8ED5D71A3FAE3EFAD06F5425A53BDEEF427124DA42409D09
                                                                                                                                                                                                                      SHA-512:A2D904B99F4935648C7471569DD4FF81BD89A9AC1BB7931390BD3872E691B3B58BCEDB48961E2AAA3AA8C04227887D2A1CBAD6B41C416AFDDFD002044C3104C6
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....v@..........." ......... ............................................................`...@......@............... .......................................-..X.......()..........(...p...............................................................H............text.............................. ..`.data...}...........................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Text.Json.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1501464
                                                                                                                                                                                                                      Entropy (8bit):6.712609643579495
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:24576:8tH4NwClgTsJL6Tb/DrtY5uR5K91CSVcgtl3yM8cVUgHTHLP4:OHlTs4rDrtj5o1N8ca
                                                                                                                                                                                                                      MD5:07C161588790210444DC12F77D7CE1A9
                                                                                                                                                                                                                      SHA1:0F2E4407C0A4F25759A94488646B626DEA7D8785
                                                                                                                                                                                                                      SHA-256:93B1E1E677045AF7AAF17A9BFA9EA81D944E0918A94EB3492B78B22948550D47
                                                                                                                                                                                                                      SHA-512:7AF614FEC989F5AF4C5A8B6787109CEBB98DB23783C4CBBCA22847DB8A84C515FDD87978CE96DD42D2D1B48E2F27BFAEEC8456C422923C6DDF35FDA3F4C574C4
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....w............" .....0..........................................................Y.....`...@......@............... ..................................................)...........R..p...............................................................H............text...F........0.................. ..`.data....R...@...`...@..............@....reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Text.RegularExpressions.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1022264
                                                                                                                                                                                                                      Entropy (8bit):6.8216381706865095
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:24576:zx/dsuQ+B/b44HO2inDiv67tAEehjqnQf8:dQEb44HKivIehjyn
                                                                                                                                                                                                                      MD5:D02946E47FC19B1C831A811808342B75
                                                                                                                                                                                                                      SHA1:55739760E02BAFDA656149D052EEF444E68FDD90
                                                                                                                                                                                                                      SHA-256:0FECFAC9BDD40C258F720FAC301E3722EA9FC245119E43DD30D181A9B1072DBF
                                                                                                                                                                                                                      SHA-512:74FBB915D948C26F91D6295539A119C9E2B5B0C9877CAAECD0AD02F06EEA26B85AA2BF05CFF12A00098508859CC039A21D3D8AD10E04E1A969D280CCE2323290
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....U..........." .........P...............................................p......cj....`...@......@............... ...........................................G...p..8)...P......p...p...............................................................H............text............................... ..`.data....)... ...0... ..............@....reloc.......P... ...P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Threading.Channels.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):133408
                                                                                                                                                                                                                      Entropy (8bit):6.278452778470254
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:1T3t+/kXS+F3g2vlsEjd+fzs6Fls5JQzWoioIR3cBPdzyWBTzAp:1T3tYkCQQQmEjd+ZFl26zri9r2TUp
                                                                                                                                                                                                                      MD5:03A17E0F4DA9EB9C6EBB6E10CA241757
                                                                                                                                                                                                                      SHA1:612D03F4162282670D7276836B319F201DFACBD3
                                                                                                                                                                                                                      SHA-256:985DF4C7AC42C3447490BEC7653F111E137A88AC633BDAB6D0FDFAD23CB22095
                                                                                                                                                                                                                      SHA-512:39C1E597B35524E881902DC6F8946466EBAEFF404433A813DF7221DB316D3E1886A274065CF127740B31AD370F76D7C66B1FE7B965AD50482A0D624365922912
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...|.$..........." .........@......................................................_.....`...@......@............... ......................................L7.......... )..............p...............................................................H............text.............................. ..`.data....#.......0..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Threading.Overlapped.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16144
                                                                                                                                                                                                                      Entropy (8bit):6.739782129844139
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:ZHYCHLcH4H8HUWcuHWIYA6VFHRN7G/7R9zj2IUH+:LWTFClGF9z6S
                                                                                                                                                                                                                      MD5:B27644E15572E13CAB812C2031D76610
                                                                                                                                                                                                                      SHA1:CD2D27ECBB2E4D703CF2C253C6575CE1B53F3F24
                                                                                                                                                                                                                      SHA-256:00EE20495CD0531670CC761FF6B29A0230CF7C8FE607FCAD79567C5D1D01FF57
                                                                                                                                                                                                                      SHA-512:EFE0493109B04FAF580A745EC7FB120F0688C2E374F9447D06BFA742F2257E69E0E1544C3393AAE4EDB13B986396F20E90C2B32F480A75753FB8BC8E8500C8BD
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....~............"!..0..............*... ........@.. ...................................`.................................;*..P....@...................)...`......@)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p*......H........ ..p...................P ......................................k...O..`.:b.v.$.]..],vO.#0.l...B^.....]C....%].%.../...H......._...f.9{...qFid..,>l.....S\.8..cQ.n....xV$....{.]..6.s.\. sj...BSJB............v4.0.30319......`.......#~..p...H...#Strings............#GUID...........#Blob......................3......................................................4...........7.......c...{.....V.............c...t.....}.................9.....................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Threading.Tasks.Dataflow.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):489736
                                                                                                                                                                                                                      Entropy (8bit):6.715658217779917
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12288:x//X6hS+34BkQb8tA7nPgNKMpFI6bB5v30xhZWX9gL+i:xr+I0urMvR5vExhoX9gL+i
                                                                                                                                                                                                                      MD5:3356784EF4FE8C2678C85D417848A48E
                                                                                                                                                                                                                      SHA1:89E60DFB18514CA65A9606B93B7D2BA7B4BCA5FF
                                                                                                                                                                                                                      SHA-256:FB97F3ACD266AE1F0D25BD4CB77818AE1D154FEA3B46F2C1A3ED1EDB842F46C9
                                                                                                                                                                                                                      SHA-512:1C3AD7582BD3F5B77019D931EFEBBB3E79960AEF51D9624E00E183783E6F55CA2CA5BD09CF49B924C1970E10A92261230A14420D85694E04EC46F9A7DFE2107F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...]y............" .........................................................P.......i....`...@......@............... ..................................l......,1...P...)...@......h"..p...........................................................p...H............text...2|.......................... ..`.data...M...........................@....reloc.......@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Threading.Tasks.Extensions.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16168
                                                                                                                                                                                                                      Entropy (8bit):6.769727575357376
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:SCVm05B091ncmJQ8fxGWSOXW5YA6VFHRN7l9WoJR9zgy:1VpM6urmFCl/R9zH
                                                                                                                                                                                                                      MD5:740A782D6B359CF77C9E7A1ADAB24F77
                                                                                                                                                                                                                      SHA1:8695E898EDFF87BA40B0D9A9C8CDB901A0C3C195
                                                                                                                                                                                                                      SHA-256:B1DC1408C74380CB9F02D9B9BB3B550770B98E27D377E60F216C4B14D602356A
                                                                                                                                                                                                                      SHA-512:31759B0AFE7EE71BE2DBC56C7273B9B125B9AC298B644ECCC60AAC7BFA1436BC72508C65D95353DCF944A49434BCE02C88D43B2A1E4253666C7F80FE741689EB
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............V+... ...@....... ....................................`..................................+..O....@..................()...`.......*..T............................................ ............... ..H............text...\.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................7+......H.......P ..0....................)......................................BSJB............v4.0.30319......l...d...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................s...............1...........A.......O.................................W...........1...................p...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Threading.Tasks.Parallel.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):133424
                                                                                                                                                                                                                      Entropy (8bit):6.345631677255552
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:hgookDn4z7gSCyhdrhYnS+5atmkg9nE3rVo9kQXL:xTEw3yhVh/h3rVoOQb
                                                                                                                                                                                                                      MD5:E4248B0D435DD54DE832467B13489FAB
                                                                                                                                                                                                                      SHA1:32F6B603442302F627BC5DABFCDB5AAAAD44281F
                                                                                                                                                                                                                      SHA-256:43D450BB7B0D440ED0D7F9A933E68E69CC0E2591B5B4D6B81C682EB7DCE85548
                                                                                                                                                                                                                      SHA-512:27A095A634F88193DA5B3507363B753B1008674789EA50C66E582CED633D48D6EC1042FE7BECDF65085E29F5BE979E9EF5BB7AA930E14DB21BD4C903AA94C575
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....#E..........." .........@............................................................`...@......@............... ......................................<4..........0)..........H...p...............................................................H............text............................... ..`.data....$.......0..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Threading.Tasks.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):17176
                                                                                                                                                                                                                      Entropy (8bit):6.623536186140361
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:laf4fk3CBFoq19k9WHazWbIX6HRN7NejA2IR9zJNml:laf4BLonjWNgU9z76
                                                                                                                                                                                                                      MD5:4B0EBBC7AB26C4FA2712DC1D7A9A430E
                                                                                                                                                                                                                      SHA1:7E4872B4C2DA8CD8C39421EECCFEDB644F7F5882
                                                                                                                                                                                                                      SHA-256:71F1B7847ED8C9DF6DB99ED7B756E4B846FEC646D8A8033C16A3945378AFC964
                                                                                                                                                                                                                      SHA-512:339EEC43B703566A3094718FF28066E2A6011C3DCBAABCB3C7079CBF466D88F91702FB6BD8342DF08046854B6AC0B37A756A4AE7AEF20FD9A2C5D63477B73674
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ...@....... ....................................`..................................-..O....@...................)...`.......,..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......P ......................@,......................................BSJB............v4.0.30319......l.......#~......H...#Strings....X.......#US.\.......#GUID...l.......#Blob......................3................................&.................o...w.o...2.\.........].................H.....^.....-...........v.................F...................V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V...y.V.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Threading.Thread.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16184
                                                                                                                                                                                                                      Entropy (8bit):6.77418439872863
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:u4z2EI0W8tWcC7WGkX6HRN7cN8KER9zlZ:uOQvEWcN8R9zf
                                                                                                                                                                                                                      MD5:00FE534A33B1F18DD900DF89E17F73DE
                                                                                                                                                                                                                      SHA1:0792678A143E8ABDD57837D4B67D187B74570835
                                                                                                                                                                                                                      SHA-256:ECBE1CDE0DE93B08489005DE9B2BA627725DC55646735DCF0F027E0E1FCE6F6C
                                                                                                                                                                                                                      SHA-512:5AD071C4574453FE242344696DB8D132386CB05398C241F003C5643CC843C354288BB2C9A91BB6E0B8DB3E126B747C34BFBD01B51255C82DC6C237B86686E73A
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."!..0.............^+... ........@.. ....................................`..................................+..P....@..................8)...`.......*..T............................................ ............... ..H............text...d.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................@+......H........ ..H...................P ......................................."r_....e6...@i..$...{.A;...;a.s7......i..>...b.Hg.u[..........4..$^..w..N......^...L>+..........%..&9y.;.. .T.9.........[BSJB............v4.0.30319......`...|...#~..........#Strings............#GUID...........#Blob......................3......................................].........U.@.....@...n.....`...........T.............y...0.!...9.!.................................u.............@...........

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Threading.ThreadPool.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16152
                                                                                                                                                                                                                      Entropy (8bit):6.729725204835813
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:12ctmTqd92QxcNauUWEmvWGWYWxNzx95jmHnhWgN7acW9vVKDUX01k9z3AyCW6Ey:RtX92OcYuUWEmvW73X6HRN7g9pR9zldK
                                                                                                                                                                                                                      MD5:C5F1D1ECF20663D3C1BC58887FB02131
                                                                                                                                                                                                                      SHA1:FF1860873F1CC59E9EE1E95992CDF6BA3B8E30DB
                                                                                                                                                                                                                      SHA-256:5913E28B4B0E1D9A722C378557FE4AF7DB39E8A5E916ACEF6EAEC9A78F5B4A35
                                                                                                                                                                                                                      SHA-512:0B000EFC667A85D36793D01456886BEB56BB96D8AE89DE84E5D49B488092AFA272578733DAC2CB147F87E94A60F17DB8E0FD2EA72E868F331A9F07CEB44A85E2
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............."!..0.............N*... ........@.. ....................................`..................................)..T....@...................)...`.......(..T............................................ ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................0*......H........ ..,...................P ........................................D2.m...)..4...Ya.....B...z...T5.{...g.cH!..........H.K......{...J..K~c*..D..4*h,K[..b...Efd&.y...S..&T..E6[..._.a..O[LBSJB............v4.0.30319......`.......#~..`... ...#Strings............#GUID...........#Blob......................3......................................P.........7...........P...........{.....6...................................p.......................W.....d...................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Threading.Timer.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):15672
                                                                                                                                                                                                                      Entropy (8bit):6.780056232573692
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:aeF6QoqNSEMWs1CWEX6HRN7vuc9WR9zBBGj:aUov4WvA9zbK
                                                                                                                                                                                                                      MD5:0A7251814B8BED94B4446C313D1BD7DD
                                                                                                                                                                                                                      SHA1:4BFE5154B22D587A69B1F8BB02A745A7CC0F6AFA
                                                                                                                                                                                                                      SHA-256:4A3352E5C4886501A6953E4C6448E389EA21C098A21638ED188A55C5A0C0E987
                                                                                                                                                                                                                      SHA-512:22E06FAB674F06A141C1631C483B885EBB8EC48A96C164ED69985E675CC3FEFD71E5BAAC6D29008379CD0B1C6D16928917C2BB1D58A016294C6580DBF93415A9
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R............." ..0.............&)... ...@....... ..............................%Q....`..................................(..O....@..................8)...`.......'..T............................................ ............... ..H............text...,.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ......................d'......................................BSJB............v4.0.30319......l.......#~......d...#Strings....|.......#US.........#GUID...........#Blob......................3..................................................3...x.3...3. ...S.....^.................I....._.................w.................G...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Threading.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):84280
                                                                                                                                                                                                                      Entropy (8bit):5.968460814469461
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:AWgoICPLdImrmODZcUBeZ8j0GEH9wd633GRm3LGgLWz9zu:AWgo9PL6FtZ8j0GEH9wd6GR4GgLaS
                                                                                                                                                                                                                      MD5:932A0C2978B649703C40B260B1955D26
                                                                                                                                                                                                                      SHA1:E9A4C055BC14B3A2DB5BC5D0CF838E79838CE8E0
                                                                                                                                                                                                                      SHA-256:15CC9DB291B87042F1AB4319F8D04F4CD226F15BF88BF0810B31DCD50FB0BB7E
                                                                                                                                                                                                                      SHA-512:51D6D767425FA1AFA0ACD5A149B99D4C62BAB174ECD7485211E9B9635EB876319E8AD2A96D9A7CEF26BEB855DA3661B26912F05014F6DC22CFFE33306D9988E4
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." ......... ............................................... ............`...@......@............... ..................................d....'....... ..8)......T...h...p...........................................................h...H............text............................... ..`.data...............................@....reloc..T...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Transactions.Local.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):661792
                                                                                                                                                                                                                      Entropy (8bit):6.67434786359905
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12288:W/JxQHxtiM28JQUegnzVx3C9jB25sx91G0:W/r7wrzqg5L0
                                                                                                                                                                                                                      MD5:1944601E5186DB41729C8096C8A08BF6
                                                                                                                                                                                                                      SHA1:DD637874B36356698C54DB5DB565580C2183627E
                                                                                                                                                                                                                      SHA-256:981215F0EE08D156867FAAFAA17F9D97D409BE691BAB0BD330D5BAB864FA04F3
                                                                                                                                                                                                                      SHA-512:185C2B7994AD40F31FEFA4DAB46167477D0371850D2B7C62D87DEE8C4F746AC6C6D55CC6BFD85A1294BEC0273E88233D94A9096DDFD791C0A9FA45B938A6D610
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.../5]..........." .....@................................................................`...@......@............... ......................................h...hI...... )...........4..p...............................................................H............text....5.......@.................. ..`.data.......P.......P..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Transactions.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16656
                                                                                                                                                                                                                      Entropy (8bit):6.711937162453506
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:rw3RC0uWzliWkYA6VFHRN7P4EpcR9z0BHky+:03RC0xoFClP4Epw9zaHkb
                                                                                                                                                                                                                      MD5:18BA1339DDC5D2FA9B78F7AC1C18624E
                                                                                                                                                                                                                      SHA1:FEA42F32DF780D9E9B180B149BC051DCC4C2CECA
                                                                                                                                                                                                                      SHA-256:033AD774B53A4CFF5AE9AD00AD51FB44FB7E34CCE86BB88E077046BBDE82094E
                                                                                                                                                                                                                      SHA-512:692E2FB1E69480A1D3264ED6666A2F0CAB1E05CDD6EE85DAFD58BF495443094DCC5D94864A2ACA6E7525129DB4F1442C3B80B52FF2C129E06C86DE6330A10605
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............-... ...@....... ..............................k.....`..................................-..O....@..x................)...`.......,..T............................................ ............... ..H............text........ ...................... ..`.rsrc...x....@......................@..@.reloc.......`......................@..B.................-......H.......P ......................@,......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................$.....3.........0...........D...........o.....*.1.....1.....K.....1...i.1.....1.....1.....1...P.1...X.1.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........C.....L.....k...#.t...+.....+.....3.....;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.ValueTuple.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):15648
                                                                                                                                                                                                                      Entropy (8bit):6.81235116499574
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:56yhm7Qv3Wt7VWhWqcWxNzx95jmHnhWgN7agWaNVAv+cQ0GX01k9z3Aspnkf5l:8yh93WtpGWqjX6HRN7PNbZR9zBdkfP
                                                                                                                                                                                                                      MD5:FA3ADB76CA6EB3A67A5E4B6B24338726
                                                                                                                                                                                                                      SHA1:57EA6862DB7DE23B47C34A804C0F1C10E3BC19A2
                                                                                                                                                                                                                      SHA-256:4B3C5F41F52F16E2F4EC27BE12610A8437DE61F2B4CE53E383521A74D7937F44
                                                                                                                                                                                                                      SHA-512:906624CE50242A01B84603D8100AC37C73B55821D111EB56186EB2CB41BC27945FD69DCD140DEC88FAD42C5A62E5504F72E78B0C21BFC7DF39CD3C7290D84E6A
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....i..........." ..0..............)... ...@....... ...............................2....`..................................)..O....@..h............... )...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B.................)......H.......P ......................D(......................................BSJB............v4.0.30319......l...,...#~..........#Strings....d.......#US.h.......#GUID...x...|...#Blob......................3......................................E.......................z...........+.....b...Q.b.....[.....b.....b...4.b.....b.....b.....b.....b.....i...........t.....t.....t...).t...1.t...9.t...A.t...I.t...Q.t...Y.t...a.t...i.t...q.t...y.t.......................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Web.HttpUtility.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):59704
                                                                                                                                                                                                                      Entropy (8bit):5.885165737065941
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:FERA91+CQcmHLnDWrdg7JvYJ2QWMVkDOBM7dWs3zXfXSXE2/2dAWCio9zL6:FSA/ScknDa2tYmwkDmmwWzvC32yWrgze
                                                                                                                                                                                                                      MD5:CFE673CE2D26EEF64ABEB7B7696177FF
                                                                                                                                                                                                                      SHA1:96321BE02E912B7813C8A3743CC15528A0DE0BA6
                                                                                                                                                                                                                      SHA-256:F1A590E321D86848C924055DAADAD7E4B086F199034F133DCE1B034E5AD53131
                                                                                                                                                                                                                      SHA-512:D70A9D8FAD2AD71774E2CA82D311E71A9B80BE9F1907E38A79529B142FE462BE393E1F39C7114FE674CD703C57001F4B42A27445C8ACA047074DA15A85E34F96
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" ......... ............................................................`...@......@............... ......................................D ..........8)..........P...p...............................................................H............text............................... ..`.data...............................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Web.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):15624
                                                                                                                                                                                                                      Entropy (8bit):6.7523247989432935
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:iZL6h2FWVvo9W8YA6VFHRN752Y2MR9zPy0:iZWhAdFCl52Q9zK0
                                                                                                                                                                                                                      MD5:0031FC0CF7730A0D2A235083C7BE48D4
                                                                                                                                                                                                                      SHA1:FC6B6BD1AE65FEF8DCAFE4FEF263F36270ADED3B
                                                                                                                                                                                                                      SHA-256:9351D54C7407694F2ABB14DE7770A85CDE97AB0E603B9B54800DD78D4D10E59A
                                                                                                                                                                                                                      SHA-512:C25AAC8EE4FC10A8E53772C5FE9804C63E116EF4A2129EDFCC0D798417F96118FC7ED510656C6507132CBE9500676EC05D0A5F6A77B76CCE068BEC7087344FA7
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....=..........." ..0..............(... ...@....... ..............................7*....`..................................(..O....@..8................)...`.......'..T............................................ ............... ..H............text........ ...................... ..`.rsrc...8....@......................@..@.reloc.......`......................@..B.................(......H.......P ......................H'......................................BSJB............v4.0.30319......l.......#~.. ...D...#Strings....d.......#US.h.......#GUID...x.......#Blob......................3............................................................>...........i.....$...........T.....j.....9....................... .....R...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Windows.Extensions.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):56184
                                                                                                                                                                                                                      Entropy (8bit):6.176478053101136
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:H/+4IBAKUcb+KRcuVLJq9rweB2mnzkVJorcwwMevekaHhXn80GT0g8T:m7ouR80eELVCwxmkaBXhGYxT
                                                                                                                                                                                                                      MD5:F672A537A363A4EEA79A48CF34FA5808
                                                                                                                                                                                                                      SHA1:B9101BA7E62B0116AC5A7D4064D91F684E25F233
                                                                                                                                                                                                                      SHA-256:B0B15EE123D24A220DC3446C96A6273E2FDADE71D1F352BF06217BDE57778B24
                                                                                                                                                                                                                      SHA-512:4ED8FB355723824C6E608B38D397C215142D508C80E5000DF854200DE8F89B44EB4AFE5829EA40F7706A6149527DBD8C748FF3AF9172D9A20B24958DD94E6484
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....N............" ..0.................. ........... ....................... ......nL....`.....................................O.......................x#..............T............................................ ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........T...n..........$...(...L.........................................*..0..1.......(....,..%-.&.*..(.....o.......&...,...o....,..*.*....................(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...( ...*.(....,!r...p......%...%...%...%...(....*....(!...*..,&(....,..r...pr...p.(....("...*..(#...*.*.(....,.r...p......%...%...(....*...($...*.(....,.r...p......%...%...%...(....*....(%...*.(....,"r...p......%...%...%...%....(....*......(&...

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Windows.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16136
                                                                                                                                                                                                                      Entropy (8bit):6.713032229773769
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:oaHtXz5UAWElSWNYA6VFHRN75FwB2IR9zJZpA7:7xNUo5FCl3wwU9zW7
                                                                                                                                                                                                                      MD5:CF29C8C0F79AB74BB29D01A8CD114146
                                                                                                                                                                                                                      SHA1:DFFFCA8A3FB3CA3DEFD6F74DEE30D0A2C3824A70
                                                                                                                                                                                                                      SHA-256:60E61212B4413692C26885707CF656A94D9676FF416C009FECA45C13B45271AE
                                                                                                                                                                                                                      SHA-512:FE22D7A38752FF490568F9041C8FC063EAF2828B9D136446BA2F183B6433CCD1D184A4B1355B13ABF2CDE428025EE0C36D42ACBB2006539A9EFF31A166432DB7
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............*... ...@....... ..............................X.....`.................................Q*..O....@..X................)...`......t)..T............................................ ............... ..H............text........ ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...$...#~..........#Strings............#US.........#GUID...(...|...#Blob......................3......................................X.........U.............................y.....7.......k.................................u............. ...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Xml.Linq.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16152
                                                                                                                                                                                                                      Entropy (8bit):6.701189252773519
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:vc17FduW1H4W1W2yWxNzx95jmHnhWgN7acWPwy8RwX01k9z3AzBhxH9cHYNm:uWW1H4WUmX6HRN7YV9R9z6Hxu4Y
                                                                                                                                                                                                                      MD5:30E9D9AC1BBC20DF3488FA252015553E
                                                                                                                                                                                                                      SHA1:FB9419C4C85DBD5A3E2A9419AD34B4635C6CB544
                                                                                                                                                                                                                      SHA-256:79D0149A24692E7C6B2EEB854CFBF3400702ED3D6640AA471ECE856B59E269E8
                                                                                                                                                                                                                      SHA-512:22BAE9984027A91DD7AAA53E05B387C20315153C30954E6770538D85C0990C2622BD16E42CF7C70DD88BC01975A886B99D8AFFBF859C2C339ED3A18D6BCDE5EA
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....\............" ..0.............B+... ...@....... ....................................`..................................*..O....@..X................)...`.......*..T............................................ ............... ..H............text...H.... ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B................#+......H.......P ..@....................)......................................BSJB............v4.0.30319......l...$...#~..........#Strings....@.......#US.D.......#GUID...T.......#Blob......................3................................................L.............................p.@.....@.....,.....@.....@.....@.....@.....@...l.@.....@.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........:.....C.....b...#.k...+.....+.....3.....;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Xml.ReaderWriter.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):22328
                                                                                                                                                                                                                      Entropy (8bit):6.376492073803144
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:Z1G5qkxK67ex4FC1sW1/AWZjX6HRN7Nx9WR9zBwrw:v6LWnrWw9zT
                                                                                                                                                                                                                      MD5:21D8FDE33639C09BE8AD7EA2CE430C39
                                                                                                                                                                                                                      SHA1:EB5DFA19839787F0CD7C0F8008AAFDAD62E33182
                                                                                                                                                                                                                      SHA-256:0EBF6E07AC4C055F6EAC71D86CB01C43FA3DF6954828FAEC2E9A491D28305CB1
                                                                                                                                                                                                                      SHA-512:28545864610BD19F44A5D06671453CAB62A33BA92E786C5B2A2F089ADA33FE6E947F6D6223195AFA5016F7A5EC506B33A84CC3EBCE4421CA8240C459AA03CAE7
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."!..0..$...........B... ........@.. ..............................AM....`.................................wB..T....`..................8)...........A..T............................................ ............... ..H............text...."... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............,..............@..B.................B......H........ ... ..................P .......................................w.y.9e.)....w..N....5...V.IT......j..~...(.."......7..o.....M{f...jV.".l.+%J.....x._.....,...d..~C..u..c..A...E...!.fmBSJB............v4.0.30319......`...|...#~......8...#Strings............#GUID...$.......#Blob......................3............................................................G..... .......b...-.....f.......i.......................................[...............................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Xml.Serialization.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16680
                                                                                                                                                                                                                      Entropy (8bit):6.632838369230027
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:ZIhLW7MIEqHWJYA6VFHRN7cNviCksR9zcm:ZIhkbEqSFClWio9z3
                                                                                                                                                                                                                      MD5:14A3984EA8B856B26EF616F614D5350C
                                                                                                                                                                                                                      SHA1:CDD8701E19708B6916F3336BCA9B5D60777EB41D
                                                                                                                                                                                                                      SHA-256:C9C61183DF3FB4E23A0D98D3A1464352D84BBF80DBF05B5F2DFD5FB8186CA4E1
                                                                                                                                                                                                                      SHA-512:B99B727D1D0FCF453F6F1631C46D817A828B02A8E3D231A772E18433BA0133D0EED747C5E6563A9FC7CDBB75183C986F10DAA639AC8DF230DAE68AEA1A09A214
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....6"..........." ..0.............R,... ...@....... ....................................`..................................+..O....@..................()...`.......+..T............................................ ............... ..H............text...X.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................1,......H.......P ..<....................*......................................BSJB............v4.0.30319......l...4...#~..........#Strings....4.......#US.8.......#GUID...H.......#Blob......................3......................................".....................X.................*._....._...B.?....._...'._...Y._....._...3._....._...l._.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........:.....C.....b...#.k...+.....+.....3.....;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Xml.XDocument.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16136
                                                                                                                                                                                                                      Entropy (8bit):6.774367058875485
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:kZKFW/QdWHYA6VFHRN7Z9ZL2IR9zJHJUO:XB6FClZ9ZaU9zbB
                                                                                                                                                                                                                      MD5:BE12DF6ED82876BE80A492350334C32D
                                                                                                                                                                                                                      SHA1:929B139819B4AA89B251B0F7C79C84BB27255180
                                                                                                                                                                                                                      SHA-256:5BF16937086393770381C25842CB35011942F78D0C9EA7DCDAF0161429288B8A
                                                                                                                                                                                                                      SHA-512:CB4D30DD1EC8A1A5549BF06120C36275050714D4AC1049838A450D5345491E96C17EB18FD351280BA3808CED1D51C7F89EA7653091490C06AE98B7313CCC9C9F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....q..........."!..0..............+... ........@.. ..............................Z.....`.................................q+..Z....@...................)...`.......*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H........ ......................P ......................................`....Uk..O..8.....P.g.:.....PJ.+F.".C.{.....c.^.6....ejIs9..Lc5]...-#..8...I..b..yC`.......us_.V....~...c.^^...5....&Ssc....BSJB............v4.0.30319......`.......#~..d.......#Strings............#GUID...$.......#Blob......................3................................................L.............................p.L.....L.....8.....L.....L.....L.....L.....L...l.L.....L.............................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Xml.XPath.XDocument.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):30984
                                                                                                                                                                                                                      Entropy (8bit):4.288581469269511
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:SW0heWs6bkmv7dYA6VFHRN7bUD2IR9zJO2:Ss6gmZFClbDU9zp
                                                                                                                                                                                                                      MD5:63AF3D0B5B3681BA5BB2586E41014548
                                                                                                                                                                                                                      SHA1:0E7A369FD101B66A96577FFB16FB188BDE100496
                                                                                                                                                                                                                      SHA-256:865C8934588F79ACB1BF69D0D406198ECCAC4751BFABCC0F6BB4E6712459090E
                                                                                                                                                                                                                      SHA-512:F82C6C4011F8B8C51AD506C22E5D4B1FCD4A3AFD10B9D0924CEFA54A5DD61E0DBFE972644ADB603AC0E75AE00DDD553D718E9BCB18F4CB95C25A3DEA9B323CC3
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" ..... ... ...............................................P......3.....`...@......@............... ...................................... ........P...)...@......p...p...............................................................H............text...3........ .................. ..`.data.../....0.......0..............@....reloc.......@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Xml.XPath.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16184
                                                                                                                                                                                                                      Entropy (8bit):6.732697208000902
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:hxLiAH6DWB2vWmBX6HRN7GNviCksR9zcrIs:7dHitWIio9zgIs
                                                                                                                                                                                                                      MD5:5A38DE4B1F1CEE04CE6CF96E1E07BA8B
                                                                                                                                                                                                                      SHA1:D66CCD2E1589D58E3621BCF2E63CCAE509171519
                                                                                                                                                                                                                      SHA-256:6AF1A8C435EF7BB1972E0509BBDD9A32B665949C248B6FD777833ABC527F290C
                                                                                                                                                                                                                      SHA-512:3069EDB787B0BDB46E023AB71E34B817CE4E00EE9AE69F7D75DA4D3477824761D38B30690F012EA3B1F54D3A25EDCFE292C1AC615FF4F2C4E82127D448CA98DB
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....:..........."!..0..............*... ........@.. ...............................g....`..................................*..Z....@..h...............8)...`.......)..T............................................ ............... ..H............text........ ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B.................*......H........ ......................P ........................................w[zr..~.....8...<xq..W..xe...x.W.6pYMM..E..d..CJ..s...H.EKtfC V.Y7...6...o<g*.=.N.!..}".....R.r ....=.Q..*=yv.'.U>7.D{#..TBSJB............v4.0.30319......`.......#~......\...#Strings....P.......#GUID...`.......#Blob......................3......................................'.........C.............................g.{...%.{.....d.....{...|.{.....{.....{.....{...c.{.....{.............................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Xml.XmlDocument.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16152
                                                                                                                                                                                                                      Entropy (8bit):6.767329523656509
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:DTdo1x3iWe7sWo6X6HRN7lVXC4deR9zVj7uS:Xdo1sBWlVXC4dC9zVjr
                                                                                                                                                                                                                      MD5:123A240246001C458E14CA32D40D56EC
                                                                                                                                                                                                                      SHA1:473A3DF6DF0269BC824B6B90217CFA2141AF59C1
                                                                                                                                                                                                                      SHA-256:BAE0097F29C72DC7095DB06156D11BE9949C28CD8FFE5605851FFA8308B443BA
                                                                                                                                                                                                                      SHA-512:58AB7B7F06BC0A418B77DCBE8ABDC66850791B3D0AC4EB3819EA717B5B151B167B7CEE7ECDBDB86E66A1EF073B7E877ADB0C70F3B973E712DCB637BC504D0916
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....c............" ..0..............+... ...@....... ..............................;n....`.................................E+..O....@...................)...`......X*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................y+......H.......P .......................)......................................BSJB............v4.0.30319......l.......#~..8.......#Strings............#US.........#GUID...........#Blob......................3................................................P.................<...........g.~...2.~.....1.....~.....~.....~.....~.....~...p.~.....~.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Xml.XmlSerializer.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):18216
                                                                                                                                                                                                                      Entropy (8bit):6.626651656502574
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:g3ohYBNTtxaxzWp2vWEpWjA6Kr4PFHnhWgN7a0Wb3pWXYz1X01k9z3A/u84ts:g3oSX2zWp2vWEYA6VFHRN7SsoJR9zgu6
                                                                                                                                                                                                                      MD5:59C396A982C075DEC28848C21B9B3287
                                                                                                                                                                                                                      SHA1:49889A00099595C550AC919E381E030C11D84322
                                                                                                                                                                                                                      SHA-256:9399F32559DCF33BE15D7F7C67BA6139602439BA848128715D3919084EFF0C8A
                                                                                                                                                                                                                      SHA-512:1492AC135547ABA77EFFE2C1C8DA278CA04CF5C8836CE175682B163BA7BD392C10A2718A9667A1EA2F6DB4A7984550C5C511796183A29B5D7902D2C0A2F3E300
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....8............"!..0.............N3... ........@.. ....................................`..................................2..R....@..................()...`.......2..T............................................ ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................03......H........ ..4...................P ...............................................z..R+...x...].R.;.m.xd.........%k........_........>.....KG.`..g.......a.&...j....:.Q'L)J...@...r^\C....\.nuBSJB............v4.0.30319......`.......#~.. ...p...#Strings............#GUID...........#Blob......................3................................J.................................+.....F.....H.....N...............................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.Xml.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):23848
                                                                                                                                                                                                                      Entropy (8bit):6.279851716286934
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:x5FIeq5ufyw8bcB8yGOk2Y0WKvjsWLYA6VFHRN7RQXu0R9zI+SI:x5FIeWv2dNFClRGu49zp
                                                                                                                                                                                                                      MD5:70B07221E2FF122EDC83D1CE7878F071
                                                                                                                                                                                                                      SHA1:10DC2947E778C5D3279251214FFC4D6F537AAFBA
                                                                                                                                                                                                                      SHA-256:C55AFCA244EA174CD7D26B81342B831D61D15F3D80EEE9406168F136CBCDD5B6
                                                                                                                                                                                                                      SHA-512:DB0114AEA937A0443595C1CCF577D540FAEDCB632C0475B1C3CA26A5076CEFADF916196DE0CCB924A657428E77FE892748AE22D495668445B4E113C98B89EA85
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..*...........I... ...`....... ....................................`..................................H..O....`..8............4..()...........H..T............................................ ............... ..H............text...4)... ...*.................. ..`.rsrc...8....`.......,..............@..@.reloc...............2..............@..B.................I......H.......P ..4'...................G......................................BSJB............v4.0.30319......l...x...#~......X...#Strings....<%......#US.@%......#GUID...P%......#Blob......................3..................................................................S.....:.y...<.....O...................................................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........:.....C.....b...#.k...+.....+.....3.....;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):50440
                                                                                                                                                                                                                      Entropy (8bit):5.759917233301275
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:eOlKhT46UA2Zi5wRNH5JVb0U502zq1TntuqZbFClYV9z6C:tu6Zi5i5jzCkeZisz3
                                                                                                                                                                                                                      MD5:91D003E2BCC6C343D3C752C9745F807C
                                                                                                                                                                                                                      SHA1:A793B282D2125C2F9DD5FD0380DA475F92A804A7
                                                                                                                                                                                                                      SHA-256:DE72057E9A2E41290B8BB3B829B101F420477726E134069A2E0C33270DEF210F
                                                                                                                                                                                                                      SHA-512:7862E0B67DFA761F45078813AEDF06C3C1D06545FA1E5FAB72F64F1FC0B2153444789D9AB3F599521AF89B3702E20D3DEC0CDEA42EB0ECF649755B03A215E0AB
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Yara Hits:
                                                                                                                                                                                                                      • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\System.dll, Author: Joe Security
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0................. ........... ...............................R....`.....................................O........................)..............T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......P .....................8.......................................BSJB............v4.0.30319......l....:..#~..d;..dR..#Strings...........#US........#GUID..........#Blob......................3............................-......................=..\..=.....=...=............; ..2.; ..T.M.....m=....m=....; ..9.; ....; ....; ....; .. .; ..P.; ................};....};....};..).};..1.};..9.};..A.};..Q.}; .Y.};..a.};..i.};..q.};..y.};....};....};......[.....d.........#.....+.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\WindowsBase.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16664
                                                                                                                                                                                                                      Entropy (8bit):6.726952486721783
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:6asFWQClWVrcW+ZX6HRN70oFr9R9z6HrUv:NCn8W0oFD9z6LUv
                                                                                                                                                                                                                      MD5:AF65B24620A1E57D5AF9C71EE3AD9587
                                                                                                                                                                                                                      SHA1:32E842B3D79AF9B8076F807481A8FE37E5537037
                                                                                                                                                                                                                      SHA-256:54123FC5B700ACA49B87F05A94C42D65F094EEB4EF450CD51FCEB73DB303FAB4
                                                                                                                                                                                                                      SHA-512:CEE9E50631869F2D0976217BAE8A3CE78DFF933EC62A4D2D148C72631EC37746160D64EAA959246A5E2A4FF9AFA0186171EDA5972D3AA3A732ACF1F1CCE00A13
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...V1*..........." ..0..............-... ...@....... ...................................`.................................O-..O....@..8................)...`......x,..T............................................ ............... ..H............text........ ...................... ..`.rsrc...8....@......................@..@.reloc.......`......................@..B.................-......H.......P .......................+......................................BSJB............v4.0.30319......l...p...#~......8...#Strings............#US.........#GUID...(.......#Blob......................3................................................................................r.....r...Q.(...g.r...6.r.....r.../.r...L.r.....r.....r..... ...........u.....u.....u...).u...1.u...9.u...A.u...I.u...Q.u...Y.u...a.u...i.u...q.u...y.u.......................#.....+.C...+.Y...3.o...;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\mscorlib.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):59696
                                                                                                                                                                                                                      Entropy (8bit):5.652717651829639
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:kt51EDMpCUoqFY66Gw17oqZn/TEHmyrchswz6EEZcYf5o4ba2yGlG1QeY48lCiDV:ktFcC3ZcYf5o4bZyGc1A4cDXWQQzi3
                                                                                                                                                                                                                      MD5:52CFF557AED4CBD8D59B899A761B82BA
                                                                                                                                                                                                                      SHA1:E99FE78B96578A4A8036A07D431A3EB21FFA83C7
                                                                                                                                                                                                                      SHA-256:2F8E23C3566B02B2F9E0E1B86D6D81D3CE0DF06C5B9AEB68CEB66B6B152ED099
                                                                                                                                                                                                                      SHA-512:ED9B3A1BBA91FDEADCCFBDD63F10B72915EEFEA182564A62C163C34A865F00AFE81B72DC32FB55BA4D97803222ED934FB92861B6E16A9A58E785FCD2BDF8D1E9
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{\............" ..0.................. ........... ....................... ............`.................................q...O.......(...............0)..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...(...........................@..@.reloc..............................@..B........................H.......P ..................... .......................................BSJB............v4.0.30319......l...$O..#~...O..(b..#Strings............#US.........#GUID..........#Blob......................3................................e.....b/........L%.O...).O....RO..EP.......+..:.:4..J$:4...&S0...+.O...%.O...(:4...&:4...":4....:4....:4..U&:4....:4.................N.....N.....N..)..N..1..N..9..N..A..N..Q..N .Y..N..a..N..i..N..q..N..y..N.....N.....N......R.....[.....z...#.....+.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\netstandard.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):101160
                                                                                                                                                                                                                      Entropy (8bit):5.502135579975956
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:bYsYXj0p2NYq5V4bgDHsPdIpuSE5L3Ukcz9wnXiKdkz:MMkYe4bgDUAxCnXI
                                                                                                                                                                                                                      MD5:937A6DCE409FE67D60722137A5E860EC
                                                                                                                                                                                                                      SHA1:9DC0849E2164D7B25F7F0F6DC3B9600EC431E914
                                                                                                                                                                                                                      SHA-256:F56C741CC18D17CB031A9CDEB3DE3C4662CF80CB65F434DCA5DF328AC682C5C1
                                                                                                                                                                                                                      SHA-512:B5379A528CDCB6F55A85002D89FCA19B2C2BC9461647E3B81791D63E8F2E0227B22427CB2A60393F3A6FC9B1E407E23E2B22AF93C378A16D83B232CA2DE74D79
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Yara Hits:
                                                                                                                                                                                                                      • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\netstandard.dll, Author: Joe Security
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....}............" ..0..X...........v... ........... ....................................`.................................?v..O.......8............b..()..........hu..T............................................ ............... ..H............text....V... ...X.................. ..`.rsrc...8............Z..............@..@.reloc...............`..............@..B................sv......H.......P ...T...................t......................................BSJB............v4.0.30319......l...`...#~..... ...#Strings.....Q......#US..Q......#GUID....R......#Blob......................3............................P...,......H.........5....:....'...m......,.@..5#.T..P4.T...7.J...B....i5....u:.T..n7.T..&1.T.....T.../.T..(7.T...(.T.............................)....1....9....A....Q.. .Y....a....i....q....y..........................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\oke.deps.json

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):68992
                                                                                                                                                                                                                      Entropy (8bit):4.939896385202462
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:u3wXxa7ZcgnAe8mdWAAoHAfAedwAu1CHtOC7NcjYBkHoV/F3p1Nf8pwBMBkYoUyf:u/M/Fkwm9FKRDUKgZk3V
                                                                                                                                                                                                                      MD5:788F3D7E6112EF6D3B6E638B5DD96647
                                                                                                                                                                                                                      SHA1:58F6741EF06BC55B59972D9A38B5E0E735CF0EC6
                                                                                                                                                                                                                      SHA-256:3E6ABC8F4235C5EBF254FEF0BD5EA8933842743DCB8FF7E8166BC0E4DFD5AA46
                                                                                                                                                                                                                      SHA-512:700A5A5D93CBD35E82BECE9AC1472FA07D70C8CBFE790A47DF8900370BE0DB4C046DA6FBA83F004D9D546DAFC4B6E908E715FE0B299A468D9F7509AC0525B0D6
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{.. "runtimeTarget": {.. "name": ".NETCoreApp,Version=v8.0\/win-x64",.. "signature": "".. },.. "compilationOptions": {},.. "targets": {.. ".NETCoreApp,Version=v8.0": {},.. ".NETCoreApp,Version=v8.0\/win-x64": {.. "oke\/1.0.0": {.. "dependencies": {.. "Microsoft.NET.ILLink.Tasks": "8.0.11",.. "Newtonsoft.Json": "13.0.3",.. "System.Data.SQLite": "1.0.119",.. "System.Diagnostics.Process": "4.3.0",.. "System.Management": "9.0.0",.. "System.Security.Cryptography.ProtectedData": "9.0.0",.. "System.ServiceProcess.ServiceController": "9.0.0",.. "runtimepack.Microsoft.NETCore.App.Runtime.win-x64": "8.0.11".. },.. "runtime": {.. "oke.dll": {}.. }.. },.. "runtimepack.Microsoft.NETCore.App.Runtime.win-x64\/8.0.11": {.. "runtime": {.. "Microsoft.CSharp.dll": {.. "assemblyVersion": "8.0.0.0",.. "fileVersion": "8.0.1124.51707

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\oke.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):397824
                                                                                                                                                                                                                      Entropy (8bit):6.015076865783019
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6144:TnB9oNxQLfeRw2QXmki8CBnxLfsu7mxxVYn:TBsQ6tlxLfcu
                                                                                                                                                                                                                      MD5:B61717E42184B8AB9341B21EC53D2E42
                                                                                                                                                                                                                      SHA1:16354348D8AAF4795847F8A41EC2131EED5B5984
                                                                                                                                                                                                                      SHA-256:B3FF0736B512FCBB3223C33B98C6B478825598D5506EE33F96A18ECEFF10DA86
                                                                                                                                                                                                                      SHA-512:3DC4B2E1E3B36B11636A9A4AC83BE7372A1F3FDB13AB2543A6B04C402869188611EAE0F0455B5D0D6688574756E8A8ABC6F3F05AA8260FB052168911460CDAA5
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Y.O...............0......L........... ........@.. ....................................`.....................................K........H...................`....................................................... ............... ..H............text...$.... ...................... ..`.rsrc....H.......J..................@....reloc.......`......................@..B........................H.......D...........7....c...z...........................................0..X.......+.(..tl ........8........E........j.......F...............8........~X...(D...~Y...(H... ....<.... ....~2...{....:....& ....8....8.... ....~2...{....9....& ....8u...~V...(<... .... .... ....s....~W...(@....... ....~2...{....95...& ....8*......... ....~2...{....9....& ....8....r...ps....z*~....9.... ....8....8.... ....~2...{N...:....& ....8.....0..........(5... ........8........E....*...9.......

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\oke.runtimeconfig.json

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):372
                                                                                                                                                                                                                      Entropy (8bit):4.676624916571053
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:3Hp/hdNyhA0H0b2mwM5BXmJe5S1Me+AQ6NOCUo+K8E7/OyPfKmn5BNTy:dFG0b2voBEe01MeGex+K8E7nS2r2
                                                                                                                                                                                                                      MD5:59D61BDEBD920CB9E4D60307A2BC5C92
                                                                                                                                                                                                                      SHA1:5FF725D1F163C000B9626824DA74328B5967B4FB
                                                                                                                                                                                                                      SHA-256:81DACB192A7580652C042828A76633EDF434558CE0AA89DA26DC1CA070839852
                                                                                                                                                                                                                      SHA-512:B7D7F26365E9772F5E31F0F133E1F4FE7E9440589145D890F440E3A49377F7E9317D573677780209AA2A968D7FB7A3867A999357BB38BA18C88D4863147A5CBD
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{.. "runtimeOptions": {.. "tfm": "net8.0",.. "includedFrameworks": [.. {.. "name": "Microsoft.NETCore.App",.. "version": "8.0.11".. }.. ],.. "configProperties": {.. "System.Reflection.Metadata.MetadataUpdater.IsSupported": false,.. "System.Runtime.Serialization.EnableUnsafeBinaryFormatterSerialization": false.. }.. }..}

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\.net\6kK89mR2aq\1db8\sni.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):160040
                                                                                                                                                                                                                      Entropy (8bit):6.333962640370861
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:zGaHqhU3X+sWqpyojzXVgO/U9SS2PCKPZteYlbLUrHeUJcJnWMROkIvNHc:znHSK+svytSS2PzbeYlbLk0n+Hc
                                                                                                                                                                                                                      MD5:7F1799B65B98450A19E4D049E9D3E70D
                                                                                                                                                                                                                      SHA1:EC80C5A33374423A9E986C383A36A97DA70A3584
                                                                                                                                                                                                                      SHA-256:68705C4EF9AB818F2956A78E05F3FEFCE501A1448793B073B46110BEB49B47D6
                                                                                                                                                                                                                      SHA-512:8D67297C5CDED487C88FCAAD5A36E80926DAD8F1863E38F397751056F51258AC7B5A9E5C09C01BBA7A224F38FB2EE719586FAF0BA81516E05A19649EB09E7B78
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...0..0..0.....0..3..0..5..0..4..0.M ...0..1.+.0...9..0...0..0......0...2..0.Rich..0.................PE..d....hfY.........." .................K...................................................`A............................................X...X........................2..(?......(.......T............................................................................text............................... ..`.rdata..D...........................@..@.data....S...0......................@....pdata..............................@..@.rsrc................(..............@..@.reloc..(...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\tmp5vbnla.tmp

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):40960
                                                                                                                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                                                                      Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                      MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                      SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                      SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                      SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Entropy (8bit):7.80870400115359
                                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                                      • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                                      • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                      File name:6kK89mR2aq.exe
                                                                                                                                                                                                                      File size:40'355'192 bytes
                                                                                                                                                                                                                      MD5:e84b8e2e0d95efe78553161d97a7ef11
                                                                                                                                                                                                                      SHA1:62f3f1d1abd3fc522dc0fbb757ea79de60afbf4a
                                                                                                                                                                                                                      SHA256:a5e9ab2933afc9101a7820d86782f4c53e7acf184b826fd6f2a00d2b783a8bdd
                                                                                                                                                                                                                      SHA512:ea11749e0ad3c17e6c56e5d518b0849708820730c26f74c9d4d1bdaf696bf78e1452c8aedf499f9473fd18476e3d26e4d3156921c95821d1124aecf5d8b137ae
                                                                                                                                                                                                                      SSDEEP:786432:Tbn81W83oyUNmx4osm5GYHAFLGTLAkaQtEhfdzLIlAeWpTn3:Tb81/35omWMZALqbShlIlhEn3
                                                                                                                                                                                                                      TLSH:D4971256E2F901D8E5BAC0BCC6575527EBB23855133097DB62A48A692F33FE06E3D310
                                                                                                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Y..N8.DN8.DN8.DG@vDX8.D...EZ8.D...E\8.D...E.8.D>..EF8.D>..EC8.DN8.DF:.D]..E[8.D]..E.:.D]..EO8.D]..DO8.D]..EO8.DRichN8.D.......

                                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                                      Icon Hash:62c2ead4d4d28ad2

                                                                                                                                                                                                                      Static PE Info

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Entrypoint:0x1405cfe90
                                                                                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                                                                                      Digitally signed:false
                                                                                                                                                                                                                      Imagebase:0x140000000
                                                                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                      DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                      Time Stamp:0x67115F21 [Thu Oct 17 19:01:53 2024 UTC]
                                                                                                                                                                                                                      TLS Callbacks:0x405cf310, 0x1, 0x405cfad0, 0x1
                                                                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                                                                      OS Version Major:6
                                                                                                                                                                                                                      OS Version Minor:0
                                                                                                                                                                                                                      File Version Major:6
                                                                                                                                                                                                                      File Version Minor:0
                                                                                                                                                                                                                      Subsystem Version Major:6
                                                                                                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                                                                                                      Import Hash:4b1892ce4fbcfcf064c6f69d693fc6a5

                                                                                                                                                                                                                      Entrypoint Preview

                                                                                                                                                                                                                      Instruction
                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                      sub esp, 28h
                                                                                                                                                                                                                      call 00007FEBC87C5318h
                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                      add esp, 28h
                                                                                                                                                                                                                      jmp 00007FEBC87C4C5Fh
                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                      sub esp, 28h
                                                                                                                                                                                                                      call 00007FEBC84B37F8h
                                                                                                                                                                                                                      jmp 00007FEBC87C4DF4h
                                                                                                                                                                                                                      xor eax, eax
                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                      add esp, 28h
                                                                                                                                                                                                                      ret
                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                      jmp 00007FEBC87C4DDCh
                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                      mov dword ptr [esp+10h], ebx
                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                      mov dword ptr [esp+18h], esi
                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                      push edi
                                                                                                                                                                                                                      inc ecx
                                                                                                                                                                                                                      push esi
                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                      mov ebp, esp
                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                      sub esp, 10h
                                                                                                                                                                                                                      xor eax, eax
                                                                                                                                                                                                                      xor ecx, ecx
                                                                                                                                                                                                                      cpuid
                                                                                                                                                                                                                      inc esp
                                                                                                                                                                                                                      mov eax, ecx
                                                                                                                                                                                                                      inc esp
                                                                                                                                                                                                                      mov edx, edx
                                                                                                                                                                                                                      inc ecx
                                                                                                                                                                                                                      xor edx, 49656E69h
                                                                                                                                                                                                                      inc ecx
                                                                                                                                                                                                                      xor eax, 6C65746Eh
                                                                                                                                                                                                                      inc esp
                                                                                                                                                                                                                      mov ecx, ebx
                                                                                                                                                                                                                      inc esp
                                                                                                                                                                                                                      mov esi, eax
                                                                                                                                                                                                                      xor ecx, ecx
                                                                                                                                                                                                                      mov eax, 00000001h
                                                                                                                                                                                                                      cpuid
                                                                                                                                                                                                                      inc ebp
                                                                                                                                                                                                                      or edx, eax
                                                                                                                                                                                                                      mov dword ptr [ebp-10h], eax
                                                                                                                                                                                                                      inc ecx
                                                                                                                                                                                                                      xor ecx, 756E6547h
                                                                                                                                                                                                                      mov dword ptr [ebp-0Ch], ebx
                                                                                                                                                                                                                      inc ebp
                                                                                                                                                                                                                      or edx, ecx
                                                                                                                                                                                                                      mov dword ptr [ebp-08h], ecx
                                                                                                                                                                                                                      mov edi, ecx
                                                                                                                                                                                                                      mov dword ptr [ebp-04h], edx
                                                                                                                                                                                                                      jne 00007FEBC87C4E4Dh
                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                      or dword ptr [001CA17Dh], FFFFFFFFh
                                                                                                                                                                                                                      and eax, 0FFF3FF0h
                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                      mov dword ptr [001CA165h], 00008000h
                                                                                                                                                                                                                      cmp eax, 000106C0h
                                                                                                                                                                                                                      je 00007FEBC87C4E1Ah
                                                                                                                                                                                                                      cmp eax, 00020660h
                                                                                                                                                                                                                      je 00007FEBC87C4E13h
                                                                                                                                                                                                                      cmp eax, 00020670h
                                                                                                                                                                                                                      je 00007FEBC87C4E0Ch
                                                                                                                                                                                                                      add eax, FFFCF9B0h
                                                                                                                                                                                                                      cmp eax, 20h
                                                                                                                                                                                                                      jnbe 00007FEBC87C4E16h
                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                      mov ecx, 00010001h

                                                                                                                                                                                                                      Rich Headers

                                                                                                                                                                                                                      Programming Language:
                                                                                                                                                                                                                      • [IMP] VS2008 SP1 build 30729

                                                                                                                                                                                                                      Data Directories

                                                                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x7966f00xc4.rdata
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x7967b40x168.rdata
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x8070000x14b630.rsrc
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x7ba0000x360fc.pdata
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x9530000x7e2c.reloc
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x70a6b00x54.rdata
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x70a8800x28.rdata
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x6245400x140.rdata
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x61d0000xec8.rdata
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x7964a40x60.rdata
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                      Sections

                                                                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                      .text0x10000x61a71c0x61a8000b10188502e90294dafc4ec1ab7c7e1aunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                      .CLR_UEF0x61c0000xdd0x2003e60305f40e8c29615347b62e95ffa2cFalse0.4140625zlib compressed data3.093020747643803IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                      .rdata0x61d0000x17c5e20x17c600ccea3fd4e581a51a1f647847625a49adFalse0.4178410234554716data5.662369206074474IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                      .data0x79a0000x1ffc40x980022df02db071f4deef6b136c042223a34False0.19772820723684212data3.333539381465131IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                      .pdata0x7ba0000x360fc0x36200fd626080e4e3733af1f84cb0f28f455dFalse0.5045602987875288data6.505480901328782IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                      .didat0x7f10000x380x200910157a66b34b7706f92927705a37f5aFalse0.064453125data0.42449845906755646IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                      Section0x7f20000x80x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                      _RDATA0x7f30000x132080x13400617430a8cd708dda1865fee2910d8a1aFalse0.18454494724025974data5.4827244286074395IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                      .rsrc0x8070000x14b6300x14b8005d66df158cb4953abf4848f86de24203False0.4287087280825792data6.344563817527719IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                      .reloc0x9530000x7e2c0x8000dca4e44fa2a43d7401fa4c38300ecb87False0.155853271484375data5.445611795477199IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                      Resources

                                                                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                      RT_ICON0x8072000x4228Device independent bitmap graphic, 64 x 128 x 32, image size 168960.08974964572508266
                                                                                                                                                                                                                      RT_RCDATA0x80b4280x24data1.1666666666666667
                                                                                                                                                                                                                      RT_RCDATA0x80b44c0x24data1.1666666666666667
                                                                                                                                                                                                                      RT_RCDATA0x80b4700x146c10PE32+ executable (DLL) (GUI) x86-64, for MS Windows0.4392890930175781
                                                                                                                                                                                                                      RT_GROUP_ICON0x9520800x14data1.1
                                                                                                                                                                                                                      RT_VERSION0x9520940x340data0.42427884615384615
                                                                                                                                                                                                                      RT_MANIFEST0x9523d40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                                                                                      Imports

                                                                                                                                                                                                                      DLLImport
                                                                                                                                                                                                                      KERNEL32.dllRaiseException, FreeLibrary, SetErrorMode, RaiseFailFastException, GetExitCodeProcess, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, AddVectoredExceptionHandler, MultiByteToWideChar, GetTickCount, FlushInstructionCache, QueryPerformanceFrequency, QueryPerformanceCounter, RtlLookupFunctionEntry, LocateXStateFeature, RtlDeleteFunctionTable, InterlockedPushEntrySList, InterlockedFlushSList, InitializeSListHead, GetTickCount64, DuplicateHandle, QueueUserAPC, WaitForSingleObjectEx, SetThreadPriority, GetThreadPriority, GetCurrentThreadId, TlsAlloc, GetCurrentThread, GetCurrentProcessId, CreateThread, GetModuleHandleW, WaitForMultipleObjectsEx, SignalObjectAndWait, RtlCaptureContext, SetThreadStackGuarantee, VirtualQuery, WriteFile, GetStdHandle, GetConsoleOutputCP, MapViewOfFileEx, UnmapViewOfFile, GetStringTypeExW, InterlockedPopEntrySList, ExitProcess, Sleep, CreateMemoryResourceNotification, VirtualAlloc, VirtualFree, VirtualProtect, SleepEx, SwitchToThread, SuspendThread, ResumeThread, InitializeContext, SetXStateFeaturesMask, RtlRestoreContext, CloseThreadpoolTimer, CreateThreadpoolTimer, SetThreadpoolTimer, ReadFile, GetFileSize, GetEnvironmentVariableW, SetEnvironmentVariableW, CreateEventW, SetEvent, ResetEvent, GetThreadContext, SetThreadContext, GetEnabledXStateFeatures, CopyContext, WerRegisterRuntimeExceptionModule, RtlInstallFunctionTableCallback, GetSystemDefaultLCID, GetUserDefaultLCID, RtlUnwind, HeapAlloc, HeapFree, GetProcessHeap, HeapCreate, HeapDestroy, GetEnvironmentStringsW, FreeEnvironmentStringsW, FormatMessageW, CreateSemaphoreExW, ReleaseSemaphore, GetACP, LCMapStringEx, LocalFree, VerSetConditionMask, VerifyVersionInfoW, QueryThreadCycleTime, GetLogicalProcessorInformationEx, SetThreadGroupAffinity, GetThreadGroupAffinity, GetProcessGroupAffinity, GetCurrentProcessorNumberEx, GetProcessAffinityMask, QueryInformationJobObject, CloseHandle, GetSystemTimeAsFileTime, GetModuleFileNameW, CreateProcessW, GetCPInfo, LoadLibraryExW, CreateFileW, GetFileAttributesExW, GetFullPathNameW, LoadLibraryExA, OutputDebugStringA, OpenEventW, ReleaseMutex, ExitThread, CreateMutexW, HeapReAlloc, CreateNamedPipeA, WaitForMultipleObjects, DisconnectNamedPipe, CreateFileA, CancelIoEx, GetOverlappedResult, ConnectNamedPipe, FlushFileBuffers, SetFilePointer, MapViewOfFile, GetActiveProcessorGroupCount, GetSystemTime, SetConsoleCtrlHandler, GetLocaleInfoEx, GetUserDefaultLocaleName, RtlAddFunctionTable, LoadLibraryW, CreateDirectoryW, RemoveDirectoryW, CreateActCtxW, ActivateActCtx, FindResourceW, GetWindowsDirectoryW, GetFileSizeEx, FindFirstFileExW, FindNextFileW, GetTempPathW, FindClose, LoadLibraryA, GetCurrentDirectoryW, IsWow64Process, EncodePointer, DecodePointer, CreateFileMappingA, TlsSetValue, TlsGetValue, GetSystemInfo, GetCurrentProcess, OutputDebugStringW, IsDebuggerPresent, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, WideCharToMultiByte, GetCommandLineW, GetProcAddress, GetModuleHandleExW, SetThreadErrorMode, FlushProcessWriteBuffers, SetLastError, DebugBreak, WaitForSingleObject, GetNumaHighestNodeNumber, SetThreadAffinityMask, SetThreadIdealProcessorEx, GetThreadIdealProcessorEx, VirtualAllocExNuma, GetNumaProcessorNodeEx, VirtualUnlock, GetLargePageMinimum, IsProcessInJob, K32GetProcessMemoryInfo, GetLogicalProcessorInformation, GlobalMemoryStatusEx, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, WakeAllConditionVariable, SleepConditionVariableSRW, RtlVirtualUnwind, IsProcessorFeaturePresent, RtlUnwindEx, InitializeCriticalSectionAndSpinCount, TlsFree, RtlPcToFileHeader, TryAcquireSRWLockExclusive, GetExitCodeThread, GetStringTypeW, InitializeCriticalSectionEx, GetLastError, CreateFileMappingW
                                                                                                                                                                                                                      ADVAPI32.dllReportEventW, AdjustTokenPrivileges, RegGetValueW, SetKernelObjectSecurity, GetSidSubAuthorityCount, GetSidSubAuthority, GetTokenInformation, OpenProcessToken, DeregisterEventSource, RegisterEventSourceW, RegQueryValueExW, RegOpenKeyExW, RegCloseKey, EventRegister, SetThreadToken, RevertToSelf, OpenThreadToken, EventWriteTransfer, EventWrite, LookupPrivilegeValueW
                                                                                                                                                                                                                      ole32.dllCreateStreamOnHGlobal, CoRevokeInitializeSpy, CoGetClassObject, CoGetContextToken, CoGetObjectContext, CoUnmarshalInterface, CoMarshalInterface, CoGetMarshalSizeMax, CLSIDFromProgID, CoReleaseMarshalData, CoTaskMemFree, CoTaskMemAlloc, CoCreateGuid, CoInitializeEx, CoRegisterInitializeSpy, CoWaitForMultipleHandles, CoUninitialize, CoCreateFreeThreadedMarshaler
                                                                                                                                                                                                                      OLEAUT32.dllCreateErrorInfo, SysFreeString, GetErrorInfo, SetErrorInfo, SysStringLen, SysAllocString, SysAllocStringLen, SafeArrayGetDim, SafeArrayGetLBound, SafeArrayDestroy, QueryPathOfRegTypeLib, LoadTypeLibEx, SafeArrayGetVartype, VariantChangeType, VariantChangeTypeEx, VariantClear, VariantInit, VarCyFromDec, SafeArrayAllocDescriptorEx, GetRecordInfoFromTypeInfo, SafeArraySetRecordInfo, SafeArrayAllocData, SafeArrayGetElemsize, SysStringByteLen, SysAllocStringByteLen, SafeArrayCreateVector, SafeArrayPutElement, LoadRegTypeLib
                                                                                                                                                                                                                      USER32.dllLoadStringW, MessageBoxW
                                                                                                                                                                                                                      SHELL32.dllShellExecuteW
                                                                                                                                                                                                                      api-ms-win-crt-string-l1-1-0.dllstrncat_s, wcsncat_s, strcmp, wcsnlen, wcscat_s, towupper, iswascii, _strdup, strncpy, strnlen, wcstok_s, isdigit, isupper, isalpha, towlower, _wcsdup, iswspace, isspace, islower, strtok_s, _wcsnicmp, strcspn, __strncnt, strlen, wcscpy_s, toupper, wcsncpy_s, strcpy_s, strcat_s, strncpy_s, _strnicmp, tolower, wcsncmp, iswupper, strncmp, _stricmp, _wcsicmp
                                                                                                                                                                                                                      api-ms-win-crt-stdio-l1-1-0.dll__stdio_common_vsscanf, fflush, __acrt_iob_func, __stdio_common_vfprintf, __stdio_common_vswprintf, __stdio_common_vfwprintf, fputws, fputwc, _get_stream_buffer_pointers, _fseeki64, fread, fsetpos, ungetc, fgetpos, fgets, fgetc, fputc, _wfsopen, _wfopen, __p__commode, _set_fmode, __stdio_common_vsnprintf_s, setvbuf, _setmode, _dup, _fileno, ftell, fseek, fputs, __stdio_common_vsnwprintf_s, __stdio_common_vsprintf_s, fwrite, _flushall, fopen, fclose
                                                                                                                                                                                                                      api-ms-win-crt-runtime-l1-1-0.dll_crt_atexit, _cexit, _seh_filter_exe, _set_app_type, _register_onexit_function, _configure_wide_argv, _initialize_wide_environment, _get_initial_wide_environment, _initterm, _initterm_e, _exit, _invalid_parameter_noinfo_noreturn, __p___argc, __p___wargv, _c_exit, _register_thread_local_exe_atexit_callback, _initialize_onexit_table, _beginthreadex, terminate, _controlfp_s, _wcserror_s, _invalid_parameter_noinfo, _errno, exit, abort
                                                                                                                                                                                                                      api-ms-win-crt-convert-l1-1-0.dll_atoi64, _ltow_s, _wtoi, strtoul, _wcstoui64, atol, _itow_s, strtoull, wcstoul
                                                                                                                                                                                                                      api-ms-win-crt-heap-l1-1-0.dllfree, _set_new_mode, calloc, malloc, realloc
                                                                                                                                                                                                                      api-ms-win-crt-utility-l1-1-0.dllqsort
                                                                                                                                                                                                                      api-ms-win-crt-math-l1-1-0.dllasinhf, atanhf, cbrtf, acoshf, cosh, cbrt, coshf, exp, expf, acosh, atanh, floor, floorf, fma, fmaf, cosf, _fdopen, cos, ceilf, _copysignf, _isnanf, trunc, truncf, ilogb, ilogbf, tanhf, ceil, fmod, fmodf, atanf, frexp, atan2f, atan2, log, log10, log10f, atan, asinf, log2, log2f, logf, pow, powf, sin, sinf, asin, sinh, sinhf, sqrt, sqrtf, tan, tanf, tanh, acosf, _copysign, asinh, _isnan, _finite, modf, modff, acos, __setusermatherr
                                                                                                                                                                                                                      api-ms-win-crt-time-l1-1-0.dll_time64, _gmtime64_s, wcsftime
                                                                                                                                                                                                                      api-ms-win-crt-environment-l1-1-0.dllgetenv
                                                                                                                                                                                                                      api-ms-win-crt-locale-l1-1-0.dll_unlock_locales, setlocale, __pctype_func, ___lc_locale_name_func, _lock_locales, ___lc_codepage_func, ___mb_cur_max_func, _configthreadlocale, localeconv
                                                                                                                                                                                                                      api-ms-win-crt-filesystem-l1-1-0.dll_wrename, _unlock_file, _wremove, _lock_file

                                                                                                                                                                                                                      Exports

                                                                                                                                                                                                                      NameOrdinalAddress
                                                                                                                                                                                                                      CLRJitAttachState30x1407af270
                                                                                                                                                                                                                      DotNetRuntimeInfo40x14079c5d0
                                                                                                                                                                                                                      MetaDataGetDispenser50x140571160
                                                                                                                                                                                                                      g_CLREngineMetrics20x14079bdd8
                                                                                                                                                                                                                      g_dacTable60x140644600

                                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                                      Suricata IDS Alerts

                                                                                                                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                      2025-01-14T12:47:02.642594+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449754172.67.74.152443TCP
                                                                                                                                                                                                                      2025-01-14T12:47:03.257020+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449760172.67.74.152443TCP
                                                                                                                                                                                                                      2025-01-14T12:47:03.804357+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449762208.95.112.180TCP
                                                                                                                                                                                                                      2025-01-14T12:47:04.452828+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449768172.67.74.152443TCP
                                                                                                                                                                                                                      2025-01-14T12:47:05.065334+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449774172.67.74.152443TCP
                                                                                                                                                                                                                      2025-01-14T12:47:05.226217+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449762208.95.112.180TCP

                                                                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                                                                      TCP Packets

                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                      Jan 14, 2025 12:47:01.976386070 CET49754443192.168.2.4172.67.74.152
                                                                                                                                                                                                                      Jan 14, 2025 12:47:01.976475954 CET44349754172.67.74.152192.168.2.4
                                                                                                                                                                                                                      Jan 14, 2025 12:47:01.976582050 CET49754443192.168.2.4172.67.74.152
                                                                                                                                                                                                                      Jan 14, 2025 12:47:02.033678055 CET49754443192.168.2.4172.67.74.152
                                                                                                                                                                                                                      Jan 14, 2025 12:47:02.033802032 CET44349754172.67.74.152192.168.2.4
                                                                                                                                                                                                                      Jan 14, 2025 12:47:02.496891975 CET44349754172.67.74.152192.168.2.4
                                                                                                                                                                                                                      Jan 14, 2025 12:47:02.496968031 CET49754443192.168.2.4172.67.74.152
                                                                                                                                                                                                                      Jan 14, 2025 12:47:02.499353886 CET49754443192.168.2.4172.67.74.152
                                                                                                                                                                                                                      Jan 14, 2025 12:47:02.499363899 CET44349754172.67.74.152192.168.2.4
                                                                                                                                                                                                                      Jan 14, 2025 12:47:02.499633074 CET44349754172.67.74.152192.168.2.4
                                                                                                                                                                                                                      Jan 14, 2025 12:47:02.534023046 CET49754443192.168.2.4172.67.74.152
                                                                                                                                                                                                                      Jan 14, 2025 12:47:02.575366020 CET44349754172.67.74.152192.168.2.4
                                                                                                                                                                                                                      Jan 14, 2025 12:47:02.642622948 CET44349754172.67.74.152192.168.2.4
                                                                                                                                                                                                                      Jan 14, 2025 12:47:02.642672062 CET44349754172.67.74.152192.168.2.4
                                                                                                                                                                                                                      Jan 14, 2025 12:47:02.642720938 CET49754443192.168.2.4172.67.74.152
                                                                                                                                                                                                                      Jan 14, 2025 12:47:02.645168066 CET49754443192.168.2.4172.67.74.152
                                                                                                                                                                                                                      Jan 14, 2025 12:47:02.645207882 CET44349754172.67.74.152192.168.2.4
                                                                                                                                                                                                                      Jan 14, 2025 12:47:02.647208929 CET49760443192.168.2.4172.67.74.152
                                                                                                                                                                                                                      Jan 14, 2025 12:47:02.647229910 CET44349760172.67.74.152192.168.2.4
                                                                                                                                                                                                                      Jan 14, 2025 12:47:02.647298098 CET49760443192.168.2.4172.67.74.152
                                                                                                                                                                                                                      Jan 14, 2025 12:47:02.648458004 CET49760443192.168.2.4172.67.74.152
                                                                                                                                                                                                                      Jan 14, 2025 12:47:02.648474932 CET44349760172.67.74.152192.168.2.4
                                                                                                                                                                                                                      Jan 14, 2025 12:47:03.117144108 CET44349760172.67.74.152192.168.2.4
                                                                                                                                                                                                                      Jan 14, 2025 12:47:03.117918015 CET49760443192.168.2.4172.67.74.152
                                                                                                                                                                                                                      Jan 14, 2025 12:47:03.117952108 CET44349760172.67.74.152192.168.2.4
                                                                                                                                                                                                                      Jan 14, 2025 12:47:03.118849039 CET49760443192.168.2.4172.67.74.152
                                                                                                                                                                                                                      Jan 14, 2025 12:47:03.118858099 CET44349760172.67.74.152192.168.2.4
                                                                                                                                                                                                                      Jan 14, 2025 12:47:03.257102013 CET44349760172.67.74.152192.168.2.4
                                                                                                                                                                                                                      Jan 14, 2025 12:47:03.257240057 CET44349760172.67.74.152192.168.2.4
                                                                                                                                                                                                                      Jan 14, 2025 12:47:03.257287979 CET49760443192.168.2.4172.67.74.152
                                                                                                                                                                                                                      Jan 14, 2025 12:47:03.258280993 CET49760443192.168.2.4172.67.74.152
                                                                                                                                                                                                                      Jan 14, 2025 12:47:03.258302927 CET44349760172.67.74.152192.168.2.4
                                                                                                                                                                                                                      Jan 14, 2025 12:47:03.272262096 CET4976280192.168.2.4208.95.112.1
                                                                                                                                                                                                                      Jan 14, 2025 12:47:03.277147055 CET8049762208.95.112.1192.168.2.4
                                                                                                                                                                                                                      Jan 14, 2025 12:47:03.277209997 CET4976280192.168.2.4208.95.112.1
                                                                                                                                                                                                                      Jan 14, 2025 12:47:03.277457952 CET4976280192.168.2.4208.95.112.1
                                                                                                                                                                                                                      Jan 14, 2025 12:47:03.282963037 CET8049762208.95.112.1192.168.2.4
                                                                                                                                                                                                                      Jan 14, 2025 12:47:03.763715982 CET8049762208.95.112.1192.168.2.4
                                                                                                                                                                                                                      Jan 14, 2025 12:47:03.804357052 CET4976280192.168.2.4208.95.112.1
                                                                                                                                                                                                                      Jan 14, 2025 12:47:03.814537048 CET49768443192.168.2.4172.67.74.152
                                                                                                                                                                                                                      Jan 14, 2025 12:47:03.814629078 CET44349768172.67.74.152192.168.2.4
                                                                                                                                                                                                                      Jan 14, 2025 12:47:03.814760923 CET49768443192.168.2.4172.67.74.152
                                                                                                                                                                                                                      Jan 14, 2025 12:47:03.819705963 CET49768443192.168.2.4172.67.74.152
                                                                                                                                                                                                                      Jan 14, 2025 12:47:03.819756985 CET44349768172.67.74.152192.168.2.4
                                                                                                                                                                                                                      Jan 14, 2025 12:47:04.302640915 CET44349768172.67.74.152192.168.2.4
                                                                                                                                                                                                                      Jan 14, 2025 12:47:04.303509951 CET49768443192.168.2.4172.67.74.152
                                                                                                                                                                                                                      Jan 14, 2025 12:47:04.303599119 CET44349768172.67.74.152192.168.2.4
                                                                                                                                                                                                                      Jan 14, 2025 12:47:04.304209948 CET49768443192.168.2.4172.67.74.152
                                                                                                                                                                                                                      Jan 14, 2025 12:47:04.304225922 CET44349768172.67.74.152192.168.2.4
                                                                                                                                                                                                                      Jan 14, 2025 12:47:04.452805042 CET44349768172.67.74.152192.168.2.4
                                                                                                                                                                                                                      Jan 14, 2025 12:47:04.452876091 CET44349768172.67.74.152192.168.2.4
                                                                                                                                                                                                                      Jan 14, 2025 12:47:04.453177929 CET49768443192.168.2.4172.67.74.152
                                                                                                                                                                                                                      Jan 14, 2025 12:47:04.453480005 CET49768443192.168.2.4172.67.74.152
                                                                                                                                                                                                                      Jan 14, 2025 12:47:04.453526020 CET44349768172.67.74.152192.168.2.4
                                                                                                                                                                                                                      Jan 14, 2025 12:47:04.454999924 CET49774443192.168.2.4172.67.74.152
                                                                                                                                                                                                                      Jan 14, 2025 12:47:04.455101967 CET44349774172.67.74.152192.168.2.4
                                                                                                                                                                                                                      Jan 14, 2025 12:47:04.455200911 CET49774443192.168.2.4172.67.74.152
                                                                                                                                                                                                                      Jan 14, 2025 12:47:04.455724001 CET49774443192.168.2.4172.67.74.152
                                                                                                                                                                                                                      Jan 14, 2025 12:47:04.455760956 CET44349774172.67.74.152192.168.2.4
                                                                                                                                                                                                                      Jan 14, 2025 12:47:04.913368940 CET44349774172.67.74.152192.168.2.4
                                                                                                                                                                                                                      Jan 14, 2025 12:47:04.913945913 CET49774443192.168.2.4172.67.74.152
                                                                                                                                                                                                                      Jan 14, 2025 12:47:04.913965940 CET44349774172.67.74.152192.168.2.4
                                                                                                                                                                                                                      Jan 14, 2025 12:47:04.914825916 CET49774443192.168.2.4172.67.74.152
                                                                                                                                                                                                                      Jan 14, 2025 12:47:04.914834976 CET44349774172.67.74.152192.168.2.4
                                                                                                                                                                                                                      Jan 14, 2025 12:47:05.065375090 CET44349774172.67.74.152192.168.2.4
                                                                                                                                                                                                                      Jan 14, 2025 12:47:05.065452099 CET44349774172.67.74.152192.168.2.4
                                                                                                                                                                                                                      Jan 14, 2025 12:47:05.065720081 CET49774443192.168.2.4172.67.74.152
                                                                                                                                                                                                                      Jan 14, 2025 12:47:05.066052914 CET49774443192.168.2.4172.67.74.152
                                                                                                                                                                                                                      Jan 14, 2025 12:47:05.066082954 CET44349774172.67.74.152192.168.2.4
                                                                                                                                                                                                                      Jan 14, 2025 12:47:05.066277027 CET4976280192.168.2.4208.95.112.1
                                                                                                                                                                                                                      Jan 14, 2025 12:47:05.072254896 CET8049762208.95.112.1192.168.2.4
                                                                                                                                                                                                                      Jan 14, 2025 12:47:05.171382904 CET8049762208.95.112.1192.168.2.4
                                                                                                                                                                                                                      Jan 14, 2025 12:47:05.226217031 CET4976280192.168.2.4208.95.112.1
                                                                                                                                                                                                                      Jan 14, 2025 12:47:05.278467894 CET4976280192.168.2.4208.95.112.1

                                                                                                                                                                                                                      UDP Packets

                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                      Jan 14, 2025 12:47:01.968369961 CET5858153192.168.2.41.1.1.1
                                                                                                                                                                                                                      Jan 14, 2025 12:47:01.975434065 CET53585811.1.1.1192.168.2.4
                                                                                                                                                                                                                      Jan 14, 2025 12:47:03.264333010 CET5414653192.168.2.41.1.1.1
                                                                                                                                                                                                                      Jan 14, 2025 12:47:03.271425962 CET53541461.1.1.1192.168.2.4

                                                                                                                                                                                                                      DNS Queries

                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                      Jan 14, 2025 12:47:01.968369961 CET192.168.2.41.1.1.10xbd39Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Jan 14, 2025 12:47:03.264333010 CET192.168.2.41.1.1.10x371dStandard query (0)ip-api.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                      DNS Answers

                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                      Jan 14, 2025 12:47:01.975434065 CET1.1.1.1192.168.2.40xbd39No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Jan 14, 2025 12:47:01.975434065 CET1.1.1.1192.168.2.40xbd39No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Jan 14, 2025 12:47:01.975434065 CET1.1.1.1192.168.2.40xbd39No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Jan 14, 2025 12:47:03.271425962 CET1.1.1.1192.168.2.40x371dNo error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false

                                                                                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                                                                                      • api.ipify.org
                                                                                                                                                                                                                      • ip-api.com

                                                                                                                                                                                                                      HTTP Packets

                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      0192.168.2.449762208.95.112.1807608C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Jan 14, 2025 12:47:03.277457952 CET53OUTGET /json/8.46.123.189 HTTP/1.1
                                                                                                                                                                                                                      Host: ip-api.com
                                                                                                                                                                                                                      Jan 14, 2025 12:47:03.763715982 CET483INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 14 Jan 2025 11:47:02 GMT
                                                                                                                                                                                                                      Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                      Content-Length: 306
                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                      X-Ttl: 60
                                                                                                                                                                                                                      X-Rl: 44
                                                                                                                                                                                                                      Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 4e 59 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 7a 69 70 22 3a 22 31 30 31 32 33 22 2c 22 6c 61 74 22 3a 34 30 2e 37 31 32 38 2c 22 6c 6f 6e 22 3a 2d 37 34 2e 30 30 36 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 69 73 70 22 3a 22 4c 65 76 65 6c 20 33 22 2c 22 6f 72 67 22 3a 22 43 65 6e 74 75 72 79 4c 69 6e 6b 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 2c 20 4c 4c 43 22 2c 22 61 73 22 3a 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 22 71 75 65 72 79 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d
                                                                                                                                                                                                                      Data Ascii: {"status":"success","country":"United States","countryCode":"US","region":"NY","regionName":"New York","city":"New York","zip":"10123","lat":40.7128,"lon":-74.006,"timezone":"America/New_York","isp":"Level 3","org":"CenturyLink Communications, LLC","as":"AS3356 Level 3 Parent, LLC","query":"8.46.123.189"}
                                                                                                                                                                                                                      Jan 14, 2025 12:47:05.066277027 CET53OUTGET /json/8.46.123.189 HTTP/1.1
                                                                                                                                                                                                                      Host: ip-api.com
                                                                                                                                                                                                                      Jan 14, 2025 12:47:05.171382904 CET483INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 14 Jan 2025 11:47:04 GMT
                                                                                                                                                                                                                      Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                      Content-Length: 306
                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                      X-Ttl: 58
                                                                                                                                                                                                                      X-Rl: 43
                                                                                                                                                                                                                      Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 4e 59 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 7a 69 70 22 3a 22 31 30 31 32 33 22 2c 22 6c 61 74 22 3a 34 30 2e 37 31 32 38 2c 22 6c 6f 6e 22 3a 2d 37 34 2e 30 30 36 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 69 73 70 22 3a 22 4c 65 76 65 6c 20 33 22 2c 22 6f 72 67 22 3a 22 43 65 6e 74 75 72 79 4c 69 6e 6b 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 2c 20 4c 4c 43 22 2c 22 61 73 22 3a 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 22 71 75 65 72 79 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d
                                                                                                                                                                                                                      Data Ascii: {"status":"success","country":"United States","countryCode":"US","region":"NY","regionName":"New York","city":"New York","zip":"10123","lat":40.7128,"lon":-74.006,"timezone":"America/New_York","isp":"Level 3","org":"CenturyLink Communications, LLC","as":"AS3356 Level 3 Parent, LLC","query":"8.46.123.189"}


                                                                                                                                                                                                                      HTTPS Proxied Packets

                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      0192.168.2.449754172.67.74.1524437608C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      2025-01-14 11:47:02 UTC39OUTGET / HTTP/1.1
                                                                                                                                                                                                                      Host: api.ipify.org
                                                                                                                                                                                                                      2025-01-14 11:47:02 UTC424INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 14 Jan 2025 11:47:02 GMT
                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                      Content-Length: 12
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Vary: Origin
                                                                                                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                      CF-RAY: 901d63952d380f60-EWR
                                                                                                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1581&min_rtt=1578&rtt_var=599&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2819&recv_bytes=677&delivery_rate=1817050&cwnd=211&unsent_bytes=0&cid=1284a5ac5b65814d&ts=159&x=0"
                                                                                                                                                                                                                      2025-01-14 11:47:02 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                                                                                                                                                                      Data Ascii: 8.46.123.189


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      1192.168.2.449760172.67.74.1524437608C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      2025-01-14 11:47:03 UTC39OUTGET / HTTP/1.1
                                                                                                                                                                                                                      Host: api.ipify.org
                                                                                                                                                                                                                      2025-01-14 11:47:03 UTC424INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 14 Jan 2025 11:47:03 GMT
                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                      Content-Length: 12
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Vary: Origin
                                                                                                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                      CF-RAY: 901d6398fa640c84-EWR
                                                                                                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1604&min_rtt=1596&rtt_var=615&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2818&recv_bytes=677&delivery_rate=1756919&cwnd=150&unsent_bytes=0&cid=a19ec3ffb70750e2&ts=147&x=0"
                                                                                                                                                                                                                      2025-01-14 11:47:03 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                                                                                                                                                                      Data Ascii: 8.46.123.189


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      2192.168.2.449768172.67.74.1524437608C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      2025-01-14 11:47:04 UTC39OUTGET / HTTP/1.1
                                                                                                                                                                                                                      Host: api.ipify.org
                                                                                                                                                                                                                      2025-01-14 11:47:04 UTC424INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 14 Jan 2025 11:47:04 GMT
                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                      Content-Length: 12
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Vary: Origin
                                                                                                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                      CF-RAY: 901d63a07b690f5b-EWR
                                                                                                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1636&min_rtt=1629&rtt_var=626&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2818&recv_bytes=677&delivery_rate=1726788&cwnd=221&unsent_bytes=0&cid=b7fe31ca1d6bda48&ts=160&x=0"
                                                                                                                                                                                                                      2025-01-14 11:47:04 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                                                                                                                                                                      Data Ascii: 8.46.123.189


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      3192.168.2.449774172.67.74.1524437608C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      2025-01-14 11:47:04 UTC39OUTGET / HTTP/1.1
                                                                                                                                                                                                                      Host: api.ipify.org
                                                                                                                                                                                                                      2025-01-14 11:47:05 UTC424INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 14 Jan 2025 11:47:05 GMT
                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                      Content-Length: 12
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Vary: Origin
                                                                                                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                      CF-RAY: 901d63a4491e43d0-EWR
                                                                                                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1659&min_rtt=1656&rtt_var=628&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2819&recv_bytes=677&delivery_rate=1731909&cwnd=181&unsent_bytes=0&cid=049f39f842836143&ts=157&x=0"
                                                                                                                                                                                                                      2025-01-14 11:47:05 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                                                                                                                                                                      Data Ascii: 8.46.123.189


                                                                                                                                                                                                                      Statistics

                                                                                                                                                                                                                      CPU Usage

                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                      Memory Usage

                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                                      Behavior

                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                      System Behavior

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                                      Start time:06:46:06
                                                                                                                                                                                                                      Start date:14/01/2025
                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\6kK89mR2aq.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\6kK89mR2aq.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff7725c0000
                                                                                                                                                                                                                      File size:40'355'192 bytes
                                                                                                                                                                                                                      MD5 hash:E84B8E2E0D95EFE78553161D97A7EF11
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:1
                                                                                                                                                                                                                      Start time:06:46:14
                                                                                                                                                                                                                      Start date:14/01/2025
                                                                                                                                                                                                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9577 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000
                                                                                                                                                                                                                      Imagebase:0x7ff76e190000
                                                                                                                                                                                                                      File size:3'242'272 bytes
                                                                                                                                                                                                                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:3
                                                                                                                                                                                                                      Start time:06:46:14
                                                                                                                                                                                                                      Start date:14/01/2025
                                                                                                                                                                                                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1532 --field-trial-handle=1480,i,10141797464930735019,2123259764486349599,262144 --disable-features=PaintHolding /prefetch:8
                                                                                                                                                                                                                      Imagebase:0x7ff76e190000
                                                                                                                                                                                                                      File size:3'242'272 bytes
                                                                                                                                                                                                                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:7
                                                                                                                                                                                                                      Start time:06:46:37
                                                                                                                                                                                                                      Start date:14/01/2025
                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9414 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --headless --disable-dev-shm-usage --no-sandbox --window-position=-3000,-3000
                                                                                                                                                                                                                      Imagebase:0x7ff67dcd0000
                                                                                                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                                                                                                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:8
                                                                                                                                                                                                                      Start time:06:46:38
                                                                                                                                                                                                                      Start date:14/01/2025
                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1508 --field-trial-handle=1460,i,2016451024205536265,1915293068079400894,262144 --disable-features=PaintHolding /prefetch:3
                                                                                                                                                                                                                      Imagebase:0x7ff67dcd0000
                                                                                                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                                                                                                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      Disassembly

                                                                                                                                                                                                                      No disassembly